Across the city, thousands of cell phones were pinging their owners, warning that an earthquake was imminent. In seconds, it came, rocking Mexico City at a 7.1 on the Richter scale. More than 40 buildings collapsed, killing more than 350 people in central Mexico, and injuring 6,000 more.
As Mexican authorities mobilized the country’s emergency responders, large, multinational companies scrambled to answer a number of time-sensitive questions of their own: Which buildings had collapsed? Where were the company’s employees and executives? How would they communicate with them, organize them and get them to safety?
At the coworking company WeWork, the organization’s global security team put its emergency plan in action. The earthquake struck shortly after lunch on a Tuesday, and the company’s employees and executives were scattered throughout the city. At WeWork offices, hundreds of members were safely escorted out and accounted for.
“[Our executives] had to come together eventually, but in that immediate aftermath, they were dealing with multitudes of different issues: Health and safety of the employees and of the membership, and the health and safety of their families and their homes,” said WeWork Director of Emergency Management and Planning Michael Gladstone. “They were dealing with, ‘How do we physically get from one location to another?’ And because we had prepared for a mobilized approach, utilizing technology to help us get better at risk management, we were able to start linking people together through technology to address the issues.”
Gladstone talked about his company’s approach to risk management at a Dataminr webinar Rethinking Your Approach to Enterprise Risk Management in late 2019, before the start of the COVID-19 pandemic. For years, WeWork has used Dataminr’s platform to receive real-time alerts on unexpected events, and make decisions to keep the company’s employees, customers and assets safe.
Here are three major takeaways from that discussion:
#1: There’s no single department in charge of risk management
Like a lot of large companies, risk management sits in many different departments at WeWork.
The company’s communications teams watch social media and the news for stories that might affect the brand and require a crisis communications plan. Its emergency management team looks for emerging risks to the company’s offices, employees and customers. Its IT department monitors the company’s technology infrastructure, looking for security breaches and cybercrime.
Rather than working in silos, WeWork approaches corporate risk holistically.
“We have a lot of different departments, but the key is that we all work together, and we all talk with one another when a crisis or risk appears,” Gladstone said.
#2: Stress-test your risk management plans
Large companies put together risk management plans that describe specific types of events, and how they’ll respond to keep people safe, their assets secure and their brand reputation intact.
When making those plans, it’s important to test them under less-than-ideal situations. What if the call comes in in the middle of the night, over a long holiday weekend, and the company needs to quickly mobilize a cross-departmental response?
“Is it that we have redundant sites? Cold sites? Warm sites?” Gladstone said. “Is it that we have evaluated relocation plans and tested those plans, and when I say tested, I mean physically gone out, tried to do what you said you would do, and not on an off-hour, because emergencies happen in the middle of the day. So have you driven that relocation or evacuation route?”
#3: It can be difficult to quantify the value of risk management products
Risk management software helps companies respond more quickly to a crisis, potentially limiting the damage from that crisis. In some cases, risk management software can help executives make business decisions with a more complete set of facts.
As such, it can be difficult to quantify a company’s financial return on its investment in a risk management product, Gladstone says.
He described a recent emergency in Amsterdam, where a pilot accidentally set off a hijacking alarm on their airplane, briefly plunging the airport into a security lockdown. Using Dataminr, WeWork was notified of the event 15 minutes before the first major news reports, giving the company’s risk management team enough time to verify that none of its employees were at the airport.
“But in those 15 minutes, we had already done all the proactive work that we needed to do to understand the potential risk to WeWork employees and to our business line, and notified all of the other risk teams to say, ‘…Here’s what we know right now,’” Gladstone said.
What is the value of time to a global risk management team?
“It’s not quantitative, it’s more intangible,” Gladstone said.