Assessing Threats to Your Business
“What could possibly go wrong?”
When asked that question about their business . . .
Most people think first about natural disasters.
Here in California, everyone is concerned about earthquakes or (some years) El Niño. Along the coasts, popular threats are hurricanes and, occasionally, tsunamis. That leaves tornados and storms for the rest of the country.
Would you believe that initially, most people overlook the most common natural disaster?!
According to the experts, the most common natural disaster – accounting for about 30% of all disasters in the U.S. — is flood!
But let’s take a broader look at threats.
What about threats that are man-made?
This list will be a lot longer. Here are some more threats to business (or to any community), in no particular order:
- Unplanned IT and communications outages
- Cyber attack
- Data breach or loss (accidental or deliberate from disgruntled employee; loss of mobile device)
- Power outage
- Water main break
- Security breach (including theft)
- Health emergency (chemical leak or spill)
- Safety problem (accident, train wreck, explosion)
- Terrorist act
- Regulatory change
- Lawsuit: personal injury, employment practice
- Loss of key personnel
- Civil unrest (might depend on your neighbors and/or neighborhood)
- Supply chain interruption
- and the list goes on!
STEP ONE. What threats does YOUR business face?
One of the first steps in preparing for emergencies in your business or community is to take a look at the threats you are facing. The easiest way is to gather together key people and simply brainstorm, writing down everything you can think of.
For example, your list could start by looking like this:
STEP TWO. What’s the likelihood of the threat actually happening?
The next step in your analysis is to rate all the threats you’ve come up with as to their probability of taking place. An easy way to do that is simply give each threat a score from 1-5.
- = rare
- = unlikely
- = possible
- = probable
- = almost certain
Here’s our sample list with the threats rated.
STEP THREE. What would be the impact of the threat?
There’s a second side to every threat, too. That’s the impact that it would have on your business. For example, some common threats (for example, a break in a water line) might be serious but would probably not threaten the health of the whole organization.
Other threats, like a direct hit from a tornado, might completely destroy the business.
So your threat analysis needs to consider impact. Again, one way to help direct your preparedness efforts is to add a second score to your list of threats.
The impact score could also be 1 – 5, from lowest to highest impact. For example . . .
STEP FOUR. So which threats do we need to look at first?
By completing the list, you can get an idea of the priorities for your preparedness efforts. Here’s our sample, completed:
Create the total score by adding probability and impact.
The higher the total score, the more attention you probably want to place on preparing for that event.
Caution: Danger of Threat Analysis Paralysis
Analyzing your threats can become complicated. In fact, in the wrong hands it can get WAY too complicated!
You don’t have to do it the way this report suggests.
But it IS important to get past that first quick assumption about natural disasters, and take a look at the other threats facing your business. The risks associated with the threats might be reduced by better procedures, better insurance coverage, or simply more awareness.
Completing even a simplified risk analysis will give you a more realistic picture of what could happen and how to protect and prepare for it.
Joe and Virginia
Your Emergency Plan Guide Team
P.S. If you are serious about analyzing the risks to your business, consider purchasing this book. It has a significant security focus, but defines all types of threats and lays out a process to help you make decisions regarding mitigation. Threat Assessment and Risk Analysis: An Applied Approach. The book is available in hardcover or soft at Amazon, where we’re affiliates, as you know.