Estimated Reading Time: 4 minutes
By Melanie Lockwood Herman
This week I’ve been engrossed in The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats, by Richard A. Clarke and Robert K. Knake. The book is one of several I’ve been reading this Summer to inspire my team’s obsessive focus on resilience and business continuity planning. Clark and Knake describe ‘resilience’ in a way that fits perfectly with our aspirations for effective risk management: “. . . resilience is about the ability to rapidly respond, return to a good state, manage bad outcomes, and learn from the incident so that future incidents are less likely.”
Much of the book is music to a risk professional’s ears, including: “Above all, our guiding principle is to avoid solutions that would cause more disruption than the problems they are meant to solve.” In the NRMC team’s view, all new risk policies and practices should be evaluated in terms of their potential to cause ‘organizational drag.’ In a prior RISK eNews titled “Risk Management’s Unintended Consequences,” we discuss how “sometimes risk management can hamper decision-making and cause an organization to be less nimble in responding to risk events or in leveraging opportunities.” Sound familiar?
The authors’ optimism about our potential to manage cyber threats rings loud and clear: “We think it is possible to reduce the risks posed by offensive cyber technologies and actors, and to increase peacetime stability for corporations and crisis stability for nations.” They also affirm the belief that “the specter of cyber warfare does not overshadow all the good things that are made possible by the internet,” and “… for most purposes, the security bang for the buck you get by moving to the cloud is well worth accepting the residual risk.”
Much of the book is devoted to a wakeup call about the potential—and the reality—of the harm and chaos that organizations and nation-states face today. Although I customarily write in the margins of the books I’m reading, I found myself using ‘ah-ha’ to mark some of the most thought-provoking passages. My ah-ha moments from The Fifth Domain included:
This week the NRMC team is proud to publish The Business Continuity Planning Issue of our magazine, Risk Management Essentials. The issue features two articles exploring BCP basics and options, and one piece on cloud computing’s BCP benefits. You can read or download the entire issue here or view the individual articles at the following links:
We hope that your team has been inspired by your own resilience in the face of COVID-19 to dust off and reimagine your business continuity plan. And we hope that the new issue of RME offers food for thought and practical ideas as you work to shape your plans and planning processes to ensure readiness for ‘what’s next.’
Melanie Lockwood Herman is Executive Director of the Nonprofit Risk Management Center. She welcomes your questions about cyber threats and risk management at 703.777.3504 or melanie@nonprofitrisk.org.
“First let me congratulate you on a conference well done. I had a great time at the Nonprofit Employee Benefits Conference and walked away with some valuable tools and questions that we’ll need to be addressing in both the short and long term. Thanks to you and your staff for all you do to provide us with quality resources in support of our missions.”
“BBYO’s engagement of the Center to conduct a risk assessment was one of the most valuable processes undertaken over the past five years. Numerous programmatic and procedural changes were recommended and have since been implemented. Additionally, dozens (literally) of insurance coverage gaps were identified that would never have been without the work of the Center. This assessment led to a broker bidding process that resulted in BBYO’s selection of a new broker that we have been extremely satisfied with. I unconditionally recommend the Center for their consultative services.
“Melanie Herman has provided expert, insightful, timely and well resourced information to our Executive Team and Board of Directors. Our corporation recently experienced massive growth through merger and the Board has been working to better integrate their expanded set of roles and responsibilities. Melanie presented at our Annual Board of Director’s Retreat and captured the interest of our Board members. As a result of her excellent presentation the Board has engaged in focused review which is having immediate effects on governance.”
“The Nonprofit Risk Management Center has been an outstanding partner for us. They are attentive to our needs, and work hard to successfully meet our requests for information. Being an Affiliate member gave us access to so many time- and money-saving resources that it easily paid for itself! Nonprofit Risk Management Center is truly a valued partner of The Community Foundation of Elkhart County and we are continuously able to optimize staff time with the support given by their team.”
“The board and staff of the Prince George’s Child Resource Center are extremely pleased with the results of the risk assessment conducted by the Nonprofit Risk Management Center. A thorough scan revealed that while we are a well run organization, we had risks that we never imagined. We are grateful to know that we have now minimized our organizational risks and we recommend the Center to other nonprofits.”
Great American Insurance Group’s Specialty Human Services is committed to protecting those who improve your communities. The Center team has committed to delivering dynamic risk management solutions tailored to nonprofit organizations. These organizations have many and varied risk issues, hence the need for specialized coverage and expert knowledge for their protection. We’ve had Melanie speak on several occasions to employees and our agents. She is always on point and delivers such great value. Thank you for the terrific partnership and allowing our nonprofits to focus on their mission!