Is Your Organisation Prepared in the Event of a Crisis?
- A question worth considering in connection with the Preparedness Week (Beredskapsveckan).
The Preparedness Week is an initiative from the Swedish Civil Contingencies Agency (MSB) that takes place week 39 each year. Earlier this year, MSB announced the theme of the year, “Get Started.” This is a message to all of us to strengthen our own preparedness for a crisis or for the consequences of a potential war. This applies to both individuals, organisations, municipalities, and government authorities.
Preparedness must be built under normal circumstances; otherwise, it may be too late. Many organisations have long been working on preparedness issues, but over time, the deteriorating global situation has become increasingly apparent, making the issue of preparedness more pressing than ever. The Swedish government is making “historically large investments” in the country’s civil defence in this autumn’s budget proposal.
Many organisations have realised that they are indeed subject to security protection legislation, and in addition, there is also a growing awareness that staff may need to be designated for wartime service, and that coordination in different sectors is necessary. Furthermore, there is an increasing awareness of the importance of robust recruitment processes that include thorough background checks, ensuring that individuals with inappropriate backgrounds are not involved in activities that may be related to national security.
In connection with various types of disruptions and incidents, the organisation needs to have a thorough and well-tested crisis and contingency plan. Depending on the magnitude of the disruption or incident, different plans are activated to ensure the delivery of the most critical processes for the organisation. One notable finding has been the need for coordination, as larger disruptions often affect more than one organisation within a sector. It has also proven challenging to rely on subcontractors for critical services, particularly concerning maintained continuity and preparedness. This has been clearly illustrated by incidents involving cyber attacks that have impacted IT providers, resulting in significant consequences for many organisations in the public sector. These incidents highlight how interconnected – and thus vulnerable – our systems are.
New regulations are continually being introduced to address risks arising in various industries with critical societal functions. One example is the Digital Operational Resilience Act (DORA), which applies to organisations within the financial sector. Further examples include the CER and NIS 2 directives, which apply to organisations providing critical infrastructure.
Advisense assists organisations in interpreting and understanding these regulations and can help identify gaps in relation to new requirements, design frameworks, and implement them in the organisation. We also have extensive experience in auditing preparedness for various kinds of peacetime crises, hightened state of alert and warfare, as well as contingency management and IT security, across various types of organisations.
This week, the Institute of Internal Auditors (the IIA) published its annual report, Risk in Focus. This report is based on surveys and interviews with numerous heads of internal audit and board members from around the world. Once again, it highlights significant ongoing risks in cybersecurity, geopolitical and macroeconomic uncertainty, new regulations, and emerging technologies. All these risks are to a great extent connected with the changing global environment, and it is therefore vital that organisations invest substantial time to manage these risks effectively.
We hope the Preparedness week will remind us of what is required of us all—both individuals and organisations – it is time to get started.
If you have any questions or concerns regarding various types of preparedness issues, you are welcome to contact our specialists in the field:
Dora, CER, NIS 2 – Fredrik Ohlsson
Crisis and Contingency Planning – Daniel Lindberg Nironen
Cybersecurity – Markus Persson
Internal Audit: Daniel Lindberg Nirornen, Magnus Thyllman, Sofie Cederquist