Andrew MacLeod, MBCI, investigates the origins of the term ‘resilience’ and demonstrates how its meaning, context and utility has evolved in the last 30 years. This is the second paper in a series where we are publishing the short listed entries in the Continuity Central Business Continuity Paper of the Year competition.
As Napolitano (2010), the US Secretary of Homeland Security observed,
“… we are a resilient nation. But … we can’t guarantee there won’t be another successful terrorist attack … if that attack comes, our enemies will still not have succeeded, because our nation is too strong, and too resilient, to ever cower before a small group of violent extremists.”
The burgeoning use of ‘resilience’ has created a “concept used liberally and enthusiastically by policy makers, practitioners and academics” (McAslan, 2010). A Google search returns over five million references for ‘resilience’, and even the laconic Geoffrey Boycott, now refers to England’s cricket team as lacking ‘resilience in the middle order’. There has been significant debate about the relationships between risk, business continuity, disaster recovery and crisis management. Resilience has the potential to be an umbrella term which encompasses these disciplines. Therefore, precise understanding of the contemporary meaning of resilience is fundamental, lest it become an inappropriately applied term such as ‘strategic’. This paper will investigate the origins of the term resilience and demonstrate how its meaning, context and utility has evolved in the last 30 years. Resilience and its utility will be examined in relation to a number of sectors; environmental, individual, community, organizational, and national security. It will be demonstrated that there are numerous definitions of resilience, which are contextually sensitive. Nevertheless, the term resilience underpins a mind-set, a common set of characteristics and an ability to recover no matter the context.
The Institute of Risk Management’s (IRM) Internal Model Industry Forum (IMIF) has launched a guidance booklet entitled ‘Operational risk modelling: common practices and future development’. The document was written by ORIC International and the IRM and is aimed at insurance companies.
Capital requirements in respect of operational risk could range from 5 percent to over 30 percent of the overall funds an insurer must hold, amounting to hundreds of millions of pounds for major insurers. Unsurprisingly, a more sophisticated measurement of operational risk within risk based capital models is moving up the agenda. Yet defining a robust and value-adding process to arrive at a credible capital requirement for operational risk is no easy task.
While most of the technical aspects of capital models for insurers are now relatively well developed, industry players, regulators and boards recognise that areas of vulnerability remain, including the modelling of operational risks. Until now, the industry’s lack of consistency and definition in this area ran the risk of delivering inaccurate capital requirements.
This guidance aims to change that. It approaches operational risk in the context of insurers’ internal risk models. It examines how to validate and communicate the assumptions and techniques involved to produce a result that is understood and trusted by organisations and regulators alike.
Michael Sicsic, chairman of ORIC International, commented:
“Operational risk management is still a relatively new discipline – and quantification appears to be the cornerstone of raising the bar for both operational risk practitioners, and more importantly for senior management in their decision-making processes. Indeed, the quantification of operational risk is a critical milestone in the journey of achieving the same maturity level in managing operational risk as is regarded to be the case in the other more established areas of enterprise risk management, such as credit, market and insurance risk.”
Read the document (PDF)
One of the bugbears of IT network security is the denial of service (DOS) attack. Instead of (or as well as) trying to sneak past a firewall with a few innocent-looking data packets, the DOS attack tries to cripple a network or a system by swamping it out. In the case of network firewalls, the attacker will try to generate as much network traffic as possible to overload the firewall’s processing power. Attackers often multiply the sources of the network traffic for that reason, leading to distributed denial of service (DDOS) attacks. Firewalls that are submerged by traffic may become unmanageable, unless the vendor has taken suitable design precautions, which might also inspire good business continuity in general.
There are 50 stars on our U.S. flag representing the 50 states that make up the Union. But when it comes to emergency management there are 100 states, not 50.
No, I’m not using some form of new math. What I’m referring to is the juxtaposition of rural and urban areas that exists in each state. Every state has at least one urban area. Some, like Florida and California, have more than one. Other states have one large urban area that dominates the politics, infrastructure, resources and attention of business, industry and state-level politicians. New York has New York City and upstate. Illinois has Chicago and then the rest of the state. Even a state like Nebraska has Omaha versus the more rural areas.
Emergency management is not immune from these urban versus rural differences. Perhaps the biggest disparity is the number of resources, generally meaning money, but that translates quickly into funding for staffing and the number of program areas that can be supported. In many ways these 100 state emergency management “districts,” which I’ll call urban and rural, use different methods to achieve success.
A cyberattack targeting the U.S. power grid would have widespread economic implications, resulting in insurance claims of between $21.4 billion and $71.1 billion in a worst case scenario, according to a report by Lloyd’s.
Lloyd’s and the University of Cambridge’s Centre for Risk Studies recently released “Business Blackout,” which examines the insurance implications of a major cyberattack using the U.S. power grid as an example. In the scenario outlined, malware is used to infect control rooms for generating electricity in areas of the Northeastern U.S. The malware goes undetected and locates 50 generators that it can control, forcing them to overload and burn out. The scenario, described as “improbable but technologically possible,” leaves 15 states in darkness, meaning that 93 million people are without power.
Economic impacts include direct damage to assets and infrastructure, decline in sales revenue to electricity supply companies, loss of sales revenue for businesses and disruption to the supply chain. The total impact to the U.S. economy is estimated at $243 billion, rising to more than $1 trillion in the most extreme version of the scenario.
(TNS) -- University of Texas researchers have been awarded a $13.7 million federal grant to develop a software platform and other cybertools to help engineers construct buildings, levees, bridges, highways and other structures that are better able to withstand earthquakes and other natural hazards.
“There is tremendous potential to save lives and property through better engineering, design and planning,” said Ellen Rathje, a civil engineering professor and the project’s principal investigator.
The grant from the National Science Foundation, to be paid out over five years, will fund development of a Web platform, data repository and other tools that will allow engineers to simulate how various designs of structures, including residential housing, would hold up in an earthquake, hurricane, tornado or coastal storm surge, Rathje said.
No one thought about data standards when the Jack in the Box E. coli epidemic erupted in 1993. Instead, there was panic as the stomach-clenching illness engulfed more than 700 victims across California, Washington, Idaho and Nevada. The strain of bacteria, transmitted through undercooked beef patties, left more than 170 with permanent kidney and brain damage. Most of these were children, and tragically, four died as a result.
For Sarah Schacht, Socrata’s Public Health Data Advisor, the national epidemic resonates in a personal way.
“I’m a two-time E. coli survivor,” Schacht recalled. During the Jack in the Box outbreak, she contracted the disease at the age of 13 along with her 5-year-old brother. And in 2013, she was diagnosed yet again after dining at a Seattle restaurant.
Data protection and disaster recovery leader unveils Unitrends Free for Google Cloud Platform, developed in collaboration with Google
BURLINGTON, Mass. – Unitrends today announced it has been named a Google Cloud Platform Premier Partner. Through this agreement, Unitrends closely collaborated with Google Cloud Platform to build, integrate and optimize its Unitrends Free™ virtual backup appliance to support Google Cloud Storage, including Google Cloud Storage Nearline. The resulting offering, Unitrends Free for Google Cloud Platform, enables customers to automatically copy local VMware vSphere and Microsoft Hyper-V backups to Google Cloud Storage, including Google Cloud Storage Nearline, for long-term retention and disaster recovery.
Announced in May 2015, Unitrends Free is the first solution designed specifically for IT professionals seeking cost-effective protection for small businesses, early-stage virtualization projects and home labs. The Unitrends Free for Google Cloud Platform data protection and business continuity software quickly deploys as a virtual appliance in local client VMware vSphere and Microsoft Hyper-V environments to provide free hypervisor-level protection, as well as low-cost, secure and highly durable redundant storage of backup copies in Google Cloud Storage, including Google Cloud Storage Nearline, for fast, offsite disaster recovery.
“Google Cloud Storage Nearline is disrupting the storage industry by providing customers with low-cost storage, as well as significantly faster recovery times than other cold storage systems on the market,” said Kevin Weiss, Unitrends’ president and chief executive officer. “Unitrends prides itself on offering its customers easy-to-use and affordable data protection, along with 100 percent recovery assurance and iron-clad business continuity, so our collaboration with Google is a natural fit.”
Additional features of Unitrends Free for Google Cloud Platform include:
- Free vSphere and Hyper-V Backup for Unlimited Virtual Machines (VMs) and Sockets – Customers can protect up to 1.5 terabytes (TB) of unique VM data, without limitations on retention, or the number of sockets and VMs protected.
- Instant VM Recovery – Users can quickly recover a VM directly from a local backup to reduce downtime. Instant VM Recovery also allows users to spin up local copies of their VMs for recovery verification, testing and development.
- Automated Daily Scheduling – “Set it and forget it” scheduling with daily recovery points keeps customers protected at all times – even when no one is around.
- Fast, Incremental Forever Backups – Changed-block tracking and incremental forever strategy ensure backups complete rapidly every day. Only changed data is processed after the first backup, enabling daily backups without consuming large volumes of storage.
- Unitrends Community Integration – Users benefit from limitless support provided by the Unitrends Community. Directly integrated into the Unitrends Free user interface, IT professionals can search the forum and collaborate to help one another, while also earning prizes and rewards.
For more information about Unitrends Free for Google Cloud Platform, please visit: www.unitrends.com/products/unitrends-free-backup-software/unitrends-free-for-google-cloud-platform.
Unitrends delivers award-winning business recovery solutions for any IT environment. The company’s portfolio of virtual, physical and cloud solutions provides adaptive protection for organizations globally. To address the complexities facing today’s modern data center, Unitrends delivers end-to-end protection and instant recovery of all virtual and physical assets as well as automated disaster recovery testing built for virtualization. With the industry’s lowest total cost of ownership, Unitrends’ offerings are backed by a customer support team that consistently achieves a 98 percent satisfaction rating. Unitrends’ solutions are also sold through a community of thousands of leading technology partners, service providers and resellers worldwide. Visit www.unitrends.com.
Despite organizations employing more IT security personnel than they ever have in the past, a new survey from Lieberman Software Corporation reveals that many companies do not feel this is making them more secure.
The survey, which was carried out at RSA Conference 2015, studied the attitudes of nearly 200 IT security professionals and it revealed that 67 percent of organizations are now employing more IT security staff than they ever have in the past. However, 76 percent of respondents still believe that cyber attacks are evolving at too fast a pace for their IT security personnel to keep up with.
“These survey results show that it doesn’t matter how many people you have guarding your network, persistent hackers will always find a way. Today companies need to stop thinking about whether they will be attacked and start thinking about what to do when they are attacked. An organization can significantly reduce the damage caused by a security breach by having a good response plan in place. The truth is, it doesn’t matter how many people you have defending your network, determined hackers will always find a way in,” said Philip Lieberman, CEO and president of Lieberman Software.
Other findings from the study reveal that 85 percent of organizations find it a struggle to find really good IT security personnel who are capable at combating today’s cyber attacks. This skills gap could be putting a number of organizations at risk as it could make it easier for cyber criminals to gain access to companies’ networks. Such organizations may not have a proper understanding of cyber security threats or have policies in place which prevent staff from carrying out tasks which put their company network at risk.
“The dramatic increase in data breaches over the last few years has led to a demand within organizations to employ skilled IT security staff. However many companies have struggled to find staff who are competent enough to defend against the type of sophisticated cyber attacks we are frequently seeing today,” continued Lieberman.
Catastrophe losses reach USD46 billion but represent a 58 percent drop in the half year average: Impact Forecasting report.
Impact Forecasting, Aon Benfield's catastrophe model development team, has published a new report, entitled ‘Global Catastrophe Recap: First Half of 2015’ report. This evaluates the impact of the natural disaster events that occurred worldwide in the first six months of the year.
Global natural disaster losses during the first half of 2015, from both an economic and insured loss perspective, were each below the 10-year (2005-2014) average. Preliminary data determined that economic losses were USD 46 billion, down 58 percent from the 10-year average of USD 107 billion, and insured losses were USD 15 billion, down 47 percent from the 10-year average of USD 28 billion.
The percentage of global economic losses that were covered by insurance (including both private insurers and government-sponsored programs) was 31 percent. This is slightly above the 10-year average of 27 percent because the majority of the losses occurred in regions with higher insurance penetration.
The severe thunderstorm peril was the costliest disaster type, comprising 33 percent of the economic loss and 49 percent of the insured loss. Most of the costs were attributed to strong convective thunderstorm events that prompted widespread hail, damaging straight-line winds, tornadoes, and major flash flooding in the United States during the months of April, May and June.
A clear majority (73 percent) of the insured losses were sustained in the United States due to an active winter season combined with numerous spring severe convective storm events. Asia Pacific was second with 14 percent and Europe, Middle East & Africa was third with 11 percent of the insured loss.
Steve Bowen, associate director and meteorologist with Aon Benfield's Impact Forecasting team, said: "The first half of 2015 was the quietest on an economic and insured loss basis since 2006. Despite having some well-documented disaster events in the United States, Asia Pacific and Europe, it was a largely manageable initial six months of the year for governments and the insurance industry. Looking ahead to the rest of 2015, the continued strengthening of what could be the strongest El Nino in nearly two-decades is poised to have far-reaching impacts around the globe. How that translates to disaster losses remains to be seen, but something to keep a close eye on in the coming months."
To view the Impact Forecasting report, click here.