Incident Response and Crisis Management

Incident Response and Crisis Management

Private businesses are increasingly exposed to new and more security threats. Both in Denmark and abroad, the threat picture is dynamic and complex, and further complicated by technological developments that have increased the vulnerability of companies.

These security threats are many-sided and include industrial espionage, financial and organised crime, bribery and corruption as well as terrorism and political extremism. Relatedly, criminal methods also vary, ranging from sabotage, kidnappings and other forms of physical attacks, to IT-crime and cyber-attacks.

This development has resulted in a growing focus on corporate risk management and duty of care in the security realm also bringing renewed attention to the security measures that businesses implement to eliminate or reduce security risks, and thereby protect their assets, activities, employees and reputation.

Nonetheless, no matter how many efforts are introduced and how much money is invested in security solutions, a private business will never be able to eliminate all security risks. There will always be residual risks, and all businesses are eventually affected by a security incident, which may cause significant losses and damages to the individual business.

It is however possible to limit potential financial losses and other recovery costs stemming from security incidents. These opportunities are highly correlated with the business being well-prepared and having a well-functioning crisis management system.

CERTA’s Services

For the last four years, CERTA has advised and supported both Danish and foreign private businesses in building and developing their emergency preparedness and crisis management systems related to security.

CERTA’s consultancy services are led by experienced analysts and advisors who have worked with emergency preparedness and crisis management in the Danish security and intelligence apparatus.

The purpose of assistance is to ensure that the business in question:

  • Has developed the necessary plans.
  • Possesses the necessary capacities and competencies.
  • Has established an appropriate crisis management system.

Moreover, CERTA will support each business in the planning and implementation stages of:

  • Security-related training for employees.
  • Crisis management exercises for senior management.

CERTA also offers advice and support for the business’ crisis management team in the event of an actual security incident.

Crisis Management Exercises

Having an effective and well-functioning crisis management plan depends on carrying out dilemma-based crisis management exercises at regular intervals.

The purpose of these exercises is to test the crisis management organisation of a business in order to ensure that:

  • The business’s contingency plans are up to date and coherent.
  • All elements of the crisis management system are familiar with their respective roles and responsibilities, with their interactions with other actors, as well as with the individual elements of the business’s plans.
  • Any deficiencies in the crisis management set-up are identified and corrected in a timely fashion – that is, before the business is affected by an actual security incident.

Because the business itself participates in the exercise, it typically requires external support to plan, carry out and evaluate the exercise in cooperation with the business. CERTA’s assistance is based on the following principles:

The exercise is tailored to each individual business and rooted in the threat and risk assessments for that business. It also takes into account any existing contingency plans.

The purpose of the exercise is to highlight how a series of actual dilemmas are handled by the crisis management system of the business. The exercise will train all participants in their own roles as well as test the implementation of existing plans. It will also allow for collection of feedback and experiences which can be directed towards optimising the existing crisis management set-up.

The exercise is led by an “exercise-leader” from CERTA, who is supported by a CERTA response-cell and takes direction from a predetermined playbook. The playbook includes a variety of relevant security incidents in parallel tracks that are to be handled. The playbook will be the product of dialogue and cooperation between CERTA and representatives of the business in question.

The following attributes will be trained and developed as part of a crisis management exercise:

  • Acknowledgement of an unfolding crisis and activation of the crisis management organisation (ability to adjust to the speed of events).
  • Application of existing plans and management systems.
  • Establishments in specific locations, use of equipment, facilities and logistics.
  • Handling of designated roles and responsibilities.
  • Handling of information and gaining an overview of the situation.
  • Potential cooperation with a Local Emergency Management Team.
  • Decision-making capacity.
  • Coordination of actions and resources.
  • Crisis communication with internal and external stakeholders. Potentially also with journalists and TV photographers taking part in the exercise.
  • Cooperation with relevant internal and external resources, potentially with an experienced hostage negotiator participating in the exercise.
  • Implementation of actions (interventions).

The exercise will be evaluated in order to identify and report on any shortcomings and lessons learned. The exercise will also result in a report to be written after the completion of the exercise, that summarises lessons learned as well as recommendations for optimisation of the crisis management organisation in the business. The report will be presented to and discussed with the senior management of the business approximately two weeks after the exercise so the business can make the necessary adjustments and thereby strengthen its crisis management capacity. CERTA can at this stage support the business in implementing the recommendations as far as desired.

The exercise itself will be carried out in the location designated by the business, and there will only be access to those resources that would be available in a true security incident. The exercise can be carried out in Danish or in English.