Thinking the Unthinkable
Nobody likes to think about worst-case scenarios. But for Ian Mitroff, a professor at the Marshall School of Business at the University of Southern California, in Los Angeles, it's more than just a preoccupationit's his job.
Mitroff is an expert in crisis management, and given the sheer volume of full-blown crises the U.S. has endured in just the past five yearsfrom Sept. 11, to war, to corporate scandalsthe time to start planning for the next crisis is upon us. And the benefits of anticipating the next disaster go far beyond being prepared when panic sets in; the process can also help to identify inherent weaknesses in any organization. CIO Insight Editor Edward Baker and Executive Editor Dan Briody discussed the importance of crisis management with Mitroff.
CIO Insight: Why is crisis management so much more important now?
Mitroff: Because the systems are more complex and the media is more 24/7. In 1984, Charles Perrow wrote a very important book called Normal Accidents, which included things like chemical spills, nuclear meltdowns and airline disasters. The reason they are "normal" is that major accidents are almost guaranteed to happen, because the technology being used is so complex, but the management systems are not up to the same level of complexity.
And now you have things like Sept. 11, which is abnormal, an intentional crisis. So now you've got both: normal accidents due to complexity, and abnormal accidents due to human intention.
Can you do risk analysis to avoid crises?
Exxon Valdez, Chernobyl, Sept. 11every one of these things wouldn't have happened if six improbable things hadn't coincided. Well, somehow they did. That's why risk analysis doesn't work. Risk analysis is faulty. You're not going to get a Sept. 11 scenario through risk analysis. It's too high consequence, low probability.
So crisis management is picking at least one low-probability, high-consequence scenario. It's thinking about the unthinkable. And it doesn't matter what you imagine, because everything gets unique. You just want to be prepared to adapt.
Do you see the emergence of a Chief Crisis Officer?
I'm really ambivalent, because I don't want it to be just another person that you add to the bureaucracy. But you do need somebody, or something, that looks at this full time. It doesn't cost that much to do this well. It isn't perfect, and you're not going to avoid all crises. On the other hand, you need somebody who understands crisis management. You don't leave marketing to chance. You don't leave finance to chance. You don't leave IT to chance.
What is an internal assassin?
That's just one of the ways to start thinking about this: controlled paranoia. It's like hiring a hacker to probe your security weaknesses. Only this is much broader because you're not just hacking the data source, you're hacking the organizational structure, learning your vulnerabilities. It's a valuable exercise.
At a Glance:
Background: Ian Mitroff is author of Why Some Companies Emerge Stronger and Better from a Crisis (Amacom, 2005).
The Role of Standards in Cloud Security
Security is often cited as a primary cause for concern...Watch Now
Ensuring Resources for Mission Critical Workloads
Application workloads can thrive in cloud environments,...Watch Now
Improving Security in the Public Cloud
One of the main concerns about moving data to a public...Watch Now