Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Security Enterprise ServicesSecurity Leadership and ManagementSecurity & Business ResiliencePhysical Security

Emergency preparedness and natural disaster planning

Ensure your organization is prepared for the next disaster, not the same disaster, with these six tips.

By Maggie Shein
SEC0121-Cover-Feat-slide1_900px
SEC0121-Cover-slide2_900px
SEC0121-Cover-slide3_900px
SEC0121-Cover-Feat-slide1_900px
SEC0121-Cover-slide2_900px
SEC0121-Cover-slide3_900px
January 4, 2021

Though the 2020 storm season has ended, next year’s storm season will soon be upon us and, with COVID-19 still in the air, the collision between the current pandemic or a future pandemic and the ensuing storm season is inevitable.

One of the things we learned from the pandemic and last year’s storm and natural disaster season is that many of the tried-and-true protocols don’t work or can’t be enforced during a global health crisis such as COVID-19. Take, for example, evacuation measures during a hurricane, which put those affected in densely populated evacuation shelters, contrary to social distancing measures. In addition, with a global pandemic, workforce shortages, delays in supplies and materials, funding shortfalls or insufficient hospital capacity will also impact emergency response during a natural disaster.

In today’s world, enterprises must prepare and plan for an array of critical responses, including pandemics, workplace violence, and natural disasters such as wildfires, tornadoes, flooding, earthquakes, hurricanes and more. Making sure your organization’s disaster and critical response plans are continually updated and include lessons learned from COVID-19 and past incidents is imperative to preparing the enterprise for the next impactful event to minimize disruption to business operations and ensure business continuity.

Here are six tips from emergency response experts on how to revamp and evaluate your emergency and disaster preparedness plans at your organization.

 

Practical Advice for Evaluating Your Critical Response Plans

Organizations should be consistently evaluating their critical response plans, but for many organizations and the professionals in charge of such a task, where to start may be the most daunting part of the process.

To make it simple, says Brad Gair at Witt O’Brien’s, start with the thing you are most concerned about. “If you are most concerned about a hurricane, start with that,” he says. You can start by mirroring what’s called the “Five Day Cone” in a hurricane center. In other words, if the incident you are planning for can be detected or projected beforehand, begin a countdown for planning that starts with five days out. “If a hurricane is five days out, what should I do on day 5, then day 4, until day 1,” Gair says.

The approach is a methodical one. After focusing on the preparations, ask what you would do in the first week after a disaster hits, then the first month, etc. “Count down and then count up. It’s easier to build a plan that can be very functional without being overly complicated,” he adds.

In the case of an event such as an explosion or an earthquake where there might be no countdown time, the count up from after the disaster hits becomes very important and the planning will look different, says Bill Roche at Witt O’Brien’s. “Plan for the worst-case scenarios,” he says.

One of the important aspects of an incident response plan to evaluate is to ensure that the plans cover protection of people, property and the business. “If you organize your planning around various functions that you have to carry out [such as medical assistance, sheltering, search and rescue, provisions such as food and water], then you can build your plans around each component.” Roche says.

 

1. Plan for simultaneous events.

“The stacking concept is something the emergency management world doesn’t do particularly well in terms of planning,” says Brad Gair, Senior Managing Director at Witt O’Brien’s. “Most disaster planning is single focused.” Gair, who has more than 25 years of emergency management and homeland security experience, served as Deputy Commissioner of NYC Office of Emergency Management and then as founding Director of the Mayor’s Office of Housing Recovery Operations and NYC Recovery Managers, as well as NYU Langone Health’s first Vice President for Emergency Management and Enterprise Resilience.

He says that siloed plans don’t allow for mixing and matching of functions in an event such as a pandemic and a hurricane where you are dealing with quarantining and shelter plans at once. A plan that envisions multiple impacts or simultaneous events is a key lesson learned from the COVID-19 pandemic and the 2020 storm season.

“The planning field has been altered greatly,” says Bill Roche, Senior Program Manager at Witt O’Brien’s. Roche has deep-rooted experience in disaster planning, response and recovery operations, serving at Deputy Regional Administrator for the Department of Homeland Security and the Federal Emergency Management Agency (FEMA), Region IX as well as holding multiple positions while at both DHS and FEMA. Roche urges enterprises and security professionals to take a look at their “stovetop” plans that are singularly focused and revisit those plans by opening up the aperture to figure out what other situations may occur.

 

2. Determine responsibility.

Disaster planning is wrapped up in having the ability to know who is responsible for what actions, advises Roche. “You’ve got to have everyone singing off the same sheet of music,” he says. “It’s vital that everybody understands what their roles are.”

This takes communication and then further communication. From a planning perspective, one pitfall with any major disaster event, Roche says, is getting hung up on who is in charge of what. “You’ve got to give people a play in the play book to understand that,” he adds.

Gair says that another pitfall he sees with disaster planning is trying to restructure responsibilities during or directly after an event has occurred. “It may sound like obvious advice, but we advise that the way you operate your business everyday is the best structure to operate your business during a crisis,” he says. In fact, Gair adds, it’s a good idea for enterprises to mimic their normal operating structure as much as possible, but if people are suddenly in charge of different functions when the crisis response plan is needed, then they need to be aware and ready for that in advance. In those cases, planning for and having the ability to cross train employees and departments as needed to keep the business going is imperative.

 

Critical Response 101: What to Do When you Don’t Have a Plan

“If you don’t have a plan in place or what you have is insufficient, you fall back on incident-based planning,” says Brad Gair of Witt O’Brien’s. Here are three immediate steps:

1. Keep it simple. The first thing to do is identify the immediate areas that need attention. “List five priorities of what must take place in the immediate time period,” Gair suggests.

2. Identify what you need to accomplish those priorities. For example, if a facility is damaged and/or the workforce can’t come in to work, perhaps one of the highest priorities on your list is transitioning employees to working at home to ensure business continuity. “Then break it down into manageable bites to accomplish that task. Do you have the necessary work-from-home technology? Determine how many laptops or what equipment you need and focus on each,” Gair says.

3. Assign resources to each of those priorities. For example, if work-from-home technology is needed, assign IT to garner the appropriate technology or assign staff responsible for each task.

“[Not having a plan in place] is not ideal, especially when life safety is involved, but you can make up for bad planning by doing good incident planning with clear objectives, and you can probably limit some of the damage to your organization,” Gair says.

 

3. Get buy-in now.

“There is a natural tendency when something happens that you’ll get full attention of the C-suite, particularly if there’s been significant business loss,” Gair says. Indeed, with COVID-19 fresh in everyone’s minds, now is the time to take advantage of that focus and plan for the next crisis. To capitalize on the renewed focus on preparedness, Gair says, focus on regular drills and exercises with staff as well as community partners.

Tabletop drills and exercises not only keep plans fresh, they keep staff and organizations prepared and can help point out vulnerabilities and areas that need further assessments.

 

4. Focus on the next thing.

Perhaps just as imperative as communicating and training, is planning for the next event. “If you build your plans around a disaster that has already happened the only thing you are guaranteed is that you will never get the same disaster twice,” Gair says.

If your organization has been through a crisis or you’ve seen peers navigate a particular crisis, it can be helpful to use that as a backbone in planning to make sure you don’t have the same impact to your business, but planning needs to go a step further. “What tends to happen is we have seen time and again people dropping everything after an event such as 9/11 or Hurricane Katrina and planning for that again. You’ve got to focus on the next thing that will be different,” says Gair.

Take COVID-19, for example. While it’s a unique incident, it’s certainly not the only pandemic we’ve seen. There was West Nile Virus, SARS, H1N1 and Zika. Though none of these had the same global impact, the point is, you’ve got to plan for catastrophic events that may never happen in order to be prepared. Gair recommends every enterprise obtain their local county and states’ emergency plans to see what they are planning for. “They’ve already done risk analysis and planning, so you can at least see what they consider as risks and you plan from there,” he says.

 

5. Don’t expect outside help.

Federal help in terms of action plans or physical assistance with recovery is not a guarantee when an unexpected event hits. Both Gair and Roche advise that enterprises plan for crises without too much expectation from the federal government. Government agencies or essential non-profit organizations may qualify for federal assistance to get back on their feet after a disaster, but private organizations or non-essential non-profits probably won’t get much except perhaps low-interest loans from the Small Business Administration, Gair says. “We have found that to be a big surprise for private enterprises.”

There is the story of NYU Langone Medical Center in Manhattan, Gair says. When Hurricane Sandy came through, the organization assumed the City would tell them what to do. “When water started coming in their facilities, they called for evacuation assistance. They got one truck. They were expecting an Army,” he says.

Gair tells another story of the City of San Jose in California being affected by flooding from a local dam. Companies located in Silicon Valley were waiting for information to make business decisions about their employees or property, but they didn’t get the kind of actionable data they were looking for and needed to make those decisions internally to protect their assets. “Governments are often better at putting out situational awareness info, whereas the private sector wants actionable information on what should we do,” he says. For that, organizations need to plan on their own and develop their own communications plans to make up the difference so they aren’t sitting and waiting.

 

Crisis Planning Tip: Use Social Media

“Take a hard look at your communication plan,” says Bill Roche of Witt O’Brien’s. “What has changed now is different social media platforms allow you to share information quickly.” For example, he says, if in the wake of a hurricane a business needs to know what gas stations are working, instead of calling the city or trying to find news, post a social media question or text someone in the next town that may know those things. “Simple things like that can get you a lot of information a lot faster,” he says.

 

6. Turn to your peers.

Proactively planning and assuming responsibility in an emergency are key factors to navigating a crisis with as little disruption to business operations as possible. Another key to reassessing or revamping your emergency preparedness plans is turning to your peers and community for help. “Organizations shouldn’t be afraid to ask for help and reach out to others that have been in the foxhole,” Roche says.

One thing that so many security professionals do so well is networking and talking to others in the industry. This can be vital to share information and bounce ideas off of one another to find out what has worked, what hasn’t, what they’ve planned for, and what they haven’t planned for.

And don’t be afraid to include the community, local police, fire departments and first responders in on the planning and exercises. In late September 2020, for example, The Cybersecurity and Infrastructure Security Agency (CISA) joined with public and private-sector partners to conduct an interagency Tabletop Exercise called “National Harbor 2020 – Recovery Phase Exercise,” which tested the processes and plans required by regional government and business partners following a catastrophic incident. The exercise scenario began 24 hours after a notional catastrophic incident and concluded three months after the incident, focusing on recovery processes and plans required to support the people and facilities of National Harbor in Prince Georges County, Md., surrounding communities and associated business operations.

The key takeaways for security professionals in charge of their organization’s critical response plans are to plan, reassess and prepare. Of course, it sounds simple on paper, but preparing for events that haven’t happened is no small feat, and requires looking ahead to the unknown.

“We have to learn from these things,” Roche says. “If you think it won’t happen again or you aren’t planning for the next [incident], that’s a fatal mistake.”

KEYWORDS: business continuity COVID-19 Emergency Preparedness remote workers risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Maggie shein

Maggie Shein was Editor in Chief at Security magazine. She has been writing, editing and creating content for the security industry since 2004. She has an experienced background in publishing, communications, content creation and management. Within her role at Security, Maggie handled the overall direction of the brand, organized and executed the annual conference, facilitated Solutions by Sector webinars, researched and wrote exclusive cover stories, managed social media, and authored the monthly Security Talk column. She has both an undergraduate degree and master's degree in journalism.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Person working on laptop

Governance in the Age of Citizen Developers and AI

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • SEC0521-Covid-ADM_Feat-slide1_900px

    ADM unlocks the power of existing data for COVID-19 response

    See More
  • boeing

    Boeing values information as the backbone to pandemic response

    See More
  • weather-freepik1170x658b5.jpg

    Public lacks emergency preparedness for natural disaster, severe weather events

    See More

Events

View AllSubmit An Event
  • August 27, 2025

    Risk Mitigation as a Competitive Edge

    In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing