Skip to content

Incident Management Intelligence Brief
January 2019 edition

  • THREAT ENVIRONMENT
  • RECENT EVENTS
  • CASE STUDY
  • CIMT FOCUS AREA

World Economic Forum Global Risks Report 2019

Global risks report – top 5 risks

The Global Risks Report for 2019 has recently been released by The World Economic Forum (ref. 1). The report presents commentary around the current global risks and outlines the top risks in terms of likelihood of occurring. The risk order is determined by a survey of 1,000 members of the WEC’s multi-stakeholder community who are asked to rate individual risks on a 1 to 5 scale; 1 being a risk that is very unlikely to occur and 5 being a risk that is very likely to occur.

The top 5 risks for 2019 remain the same as 2018, but there has been a reshuffling of the order, as shown in the following figure:

Global risksFigure adapted from WEF Global Risks Report 2019

Key takeaways

  • The Global Risks Report for 2019 demonstrates that environmental risks are at the forefront of survey participants’ minds. Of particular note, the risks associated with failure of climate change mitigation and adaptation has risen to 2nd after previously falling lower in the rankings following the signing of the Paris agreement in 2017. This reflects concerns about inaction and the failure of environmental policies.
  • Two technology risks remain in the top 5 with participants’ main concern centered around data fraud or theft and cyber–attacks. This is unsurprising following the significant number of major data breaches and the identification of hardware breaches occurring in 2018 including those affecting critical infrastructure. For example, the Marriott Data Breach which impacted 500 million customers; Quora Hack which saw 100 million user accounts hacked; and the personal information of Victoria Emergency Services employees being posted online.
  • Finally, the report also mentioned that almost two-thirds of participants were concerned about other technology vulnerabilities emerging, with many expecting risks associated with fake news and identity theft to increase in 2019.

How Does this Report Impact BDA?

  • The issue of the WEF Global Risks Report is a timely reminder of the most-likely risks faced by organisations in 2019. For BDA, the risks associated with extreme weather events and technological risks are most relevant.
  • Faced with several severe weather events towards the end of 2018 including the early start to the bushfire season in NSW and Sydney’s November ‘once-in-a-lifetime’ storm, 2019 is likely to be no different. Extreme weather events can impact the safety of staff travelling to or from work, or those working outdoors, and can directly impact outdoor events. Monitoring warnings or alerts issued by the Bureau of Meteorology can ensure that controls are put in place to respond proactively before events hit. Additionally, risk assessments performed ahead of outdoor events should consider the impact of strong changes, heavy winds and major storms and identify appropriate contingencies.
  • Although data breach fatigue is becoming a concern (as detailed in the previous edition of this Intelligence Brief) it is important to make sure that staff are aware of technological risks faced, in particular, data breaches and cyber-attacks. For example, all staff should be taught how to protect themselves online including how to detect phishing emails and the correct procedure to escalate suspicious emails with occasional internal phishing tests carried out to ensure understanding and awareness across the organisation.
  • Regular training and exercises are a critical part of being prepared to respond to an incident. Using the top 5 risks as scenarios can make sure that teams are focusing on the likely risks they may face and provides the opportunity to consider how BDA would respond in a controlled environment before a real crisis management situation arises.

Click here for the full WEF The Global Risks Report 2019.

Written by: Mary Hampton (Resilience Specialist)

For more information:

  1. World Economic Forum – The Global Risks Report 2019
  2. ‘Marriott Hit by Starwood Hack That Ranks Among the Biggest Ever’ (Bloomberg, 30 Nov 2018)
  3. ‘Quora hacked, about 100 million user accounts leaked’ (IT News, 04 Dec 2018)
  4. ‘’Appalling’ emergency services data breach to be investigated’ (Sydney Morning Herald, 24 Nov 2018)

Extreme Heat Conditions – January 2019

Heatwaves Across Australia – January 2019

  • An unusual extended period of heatwaves was experienced across Australia throughout January 2019.
  • Five consecutive days between 12 – 16 January had nationally averaged mean maxima temperatures above 40oC with 15 Jan being recorded as the second-warmest day on record for any month.
  • Temperatures rose to 47.3oC in Penrith NSW on 6 Jan 19 with 43.4oC recorded at Observatory Hill marking Sydney’s hottest day in 5 years.
  • Adelaide broke its all-time weather record with temperatures reaching 46.6oC on 24 Jan 19.
  • Health warnings and total fire bans were seen across multiple states with high temperatures combining with strong winds to create potentially dangerous conditions.
  • Severe and catastrophic fire conditions 50 fires to burn in Tasmania towards the end of January.

2018 – Third Hottest Year on Record

January’s unprecedented high temperatures follows a report issued by the Bureau of Meteorology (BoM) that declared that 2018 was Australia’s third hottest year for maximum temperatures on record. 2018 was also reported to be drier than average with much of eastern Australia being affected by drought, with mean temperatures ranked in the top 5 on record.

The BoM has confirmed that eight of Australia’s ten warmest years occurred between 2005 – 2017 which supports the failure of climate change mitigation being identified as a top 5 risk in the World Economic Forum’s Global Risks Report for 2019 (see previous article).

Source: BoM – Maximum Temperature Deciles (2018)

Impacts to Critical Services

Although the primary concern in high heat conditions must always be safety and wellbeing, the impact of extreme heat conditions to infrastructure, transport networks and critical services can also cause significant consequences.

For example, more than 200,000 customers in Victoria lost power on Friday 25 January as electricity suppliers, who were struggling to meet demand as temperatures rose above 42oC, started load shedding. Power supply was switched off for up to 2 hours in some locations causing blackouts to hit homes, traffic lights and local businesses. While some business anticipated the outage, others were caught by surprise with some closing for the rest of the day e.g. cafes.

Your Business Continuity Planning should include preparations for potential power outages to mitigate the impacts of a blackout to an organisation. For example, a code yellow was enacted by many of the major hospitals in Melbourne following advice from the Australian Energy Market Operator (AEMO) ahead of high temperatures on Friday 25 January. This prompted hospitals to switch off non-essential lights and equipment to conserve energy. The Health Department also told hospitals to prepare their emergency response plans and businesses were advised to make sure their business continuity plans were able to be activated in case of power outages.

Preparing for Extreme Heat Conditions

As the number of days with temperatures over 40 degrees is projected to double by 2050, it’s crucial that organisations have processes in place to mitigate the impacts of extreme heat events. This can include:

  • Mechanisms for identifying and responding to heat warnings and guidance (i.e. from Bureau of Meteorology, Dept. of Health, AEMO, etc.).
  • Guidance for staff, contractors and visitors on how to stay safe in high temperatures (for example, see advice below from NSW Health).
  • An extreme heat policy to identify heat stress and steps for rescheduling work or reducing outdoor work.
  • A survey of electrical systems and equipment to identify non-essential items which could be switched off to reduce power usage during high temperature periods, or when there is the threat of power loss.
  • Consideration of expected/forecast temperatures during outdoor events to ensure that sufficient controls are put in place including provision of shade, drinking water, etc.
  • An emergency response procedure for extreme heat and power outages.
  • A business continuity plan with procedures for responding to the loss of critical services, loss of staff and loss of communication systems.

Guidance from NSW Health: Keeping healthy in heatwaves

Written by: Joanne Hill (Manager, Resilience Services)

More information:

  1. NSW Health: Beat the Heat
  2. Bureau of Meteorology (BoM) – Tracking Australia’s Climate through 2018 (Dec 18)
  3. Bureau of Meteorology (BoM) – Special Climate Statement 68 (24 Jan 19)
  4. ‘Hot start to 2019 after Australia ends its third-0warmest year’ (Sydney Morning Herald, 31 Dec 18)
  5. ‘Not a record, but mighty hot: Sydney weather reaches 47 degrees’ (Sydney Morning Herald, 07 Jan 19)
  6. ‘Melbourne hospitals on Code Yellow as heat poses power risk’ (The Age, 19 Jan 19)
  7. ‘Adelaide records hottest day on record, as 25,000 houses lose power’ (The Advertiser, 24 Jan 19)
  8. What caused the blackouts in Melbourne, and do Victorians need to get used to power cuts?’ (ABC News, 28 Jan 19)

Coordinating a holistic Incident Response

Central Station Evacuation (2015)

On September 2015 at 5.56pm, a kitchen fire which started at a Hungry Jack’s restaurant sent Central Station, Sydney’s main railway station, into chaos. The fire and subsequent smoke plume caused fifteen platforms to be closed, forced the emergency evacuation of hundreds of people and required 19 fire trucks to stabilise the fire.

The initial response by Central Station’s management included:

  • Central Station’s duty manager phoned Sydney Trains’ rail management centre, located on the third floor directly above the fast-food restaurant, urging an emergency evacuation of the station.
  • The rail management centre manager, who held the critical role in controlling trains across Sydney’s network, initially decided against an evacuation as he intended to assess the situation.
  • Shortly afterwards however the rail management centre manager began advising others to evacuate the station.
  • With the alarms sounding, passengers raced to the nearest exits to evacuate the station.
  • Emergency notification lights in the rail management centre worked only intermittently, which led to confusion amongst staff.

Source: SMH, fire engines attended the blaze at Central Station

Post-Incident Review Findings

The report from the internal incident investigation carried out by Sydney Trains following the event was summarised in an article in the Sydney Morning Herald which outlined some of the main findings including a series of missteps and breakdowns in communication and emergency processes during the fire. The report identified 30 factors, and detailed 16 recommendations, which included a ‘comprehensive training needs analysis and training program, clearer roles and responsibilities’.

Communications during the 2015 fire at Sydney Central Train Station

Key Learnings

Overall implications of an uncoordinated incident response can include:

  • The inability to undertake an effective and efficient response, which can cause safety, operational and reputational issues during the incident and after.
  • Mis-communication, delay in communication or inadequate dissemination of information to key stakeholders.
  • Any delays in responding to an incident can affect the ability to identify issues and effectively undertake response and recovery (e.g. with regards to business continuity) in a timely manner.
  • An excessive workload for key staff which impacts on their ability to effectively manage an incident and can lead to burn out.

Ways in which BDA can prepare for, and ensure, a holistic incident response include:

Ensuring a holistic Incident Response
Overall Communications
  • Assigning clear communication responsibilities and key contacts within the team. For example, clear liaison points between the Emergency Control Organisation (ECO) and the Critical Incident Management Team (CIMT).
  • Ensure there is a robust Crisis Communication Plan that is pre-populated with relevant assessment tools, stakeholder and channel lists, team structures, reporting lines and phone numbers, as well as approved key messages.
  • Building a communications strategy to keep internal and external stakeholders up to date as the incident unfolds.
Procedures
  • Ensuring documentation is accurate and kept up to date with version control, for example contact details of the ECO and the CIMT.
  • Completing a comprehensive training needs analysis for all those involved in emergency or incident response and tailoring a program accordingly.
  • Carrying out regular exercising and testing to ensure processes and procedures are effective and efficient. This includes exercising initial notification process, call trees, actioning incident escalation flow charts and liaising with external stakeholders such as emergency services.

Written by: Florence Chan (Resilience Specialist)

More information:

  1. ‘’Overwhelmed’: shambolic response to Central Station fire revealed’ (Sydney Morning Herald, 23 Oct 2018)
  2. ‘Central Station fire: Commuters evacuated as flames and smoke spread from Hungry Jack’s kitchen’ (News.com.au, 27 Sept 2015)

Crisis Communications

Communicating in a Critical Incident

Communicating with stakeholders is a vital aspect of responding to any critical incident.

Effective communication with all stakeholders, both internal and external, must be integrated into the overall response to a critical incident and should be structured around an agreed strategy.

Crisis Communication Plans

In the event of a crisis or critical incident, the workload, pressure and expectation on the communication team grows exponentially. Having a comprehensive, robust plan in place ensures the majority of the heavy lifting is done prior to a crisis, rather than scrambling to catch up when an incident unfolds. It enables an effective, proactive response and avoids being caught on the back foot.

The plan should include:

  • Structure and responsibilities of the Crisis Communication Team
  • Tools to determine the communication strategy & objectives
  • Comprehensive stakeholder and channel checklist to ensure no stone is left unturned to reach all relevant stakeholders
  • Details of approved spokespeople
  • Pre-approved key messages based on the most likely or damaging scenarios.
  • All relevant contact details, access authorities and copies of databases, in a form that can be accessed and used offline or remotely.
  • Relevant logs and logistical checklists

Building a Communications Strategy

To ensure communication with stakeholders is adequately managed and carried out during an incident, a communications strategy should be developed by the Communications Coordinator as part of their initial response actions.

Given the significant time constraints that come with a crisis, the strategy should be concise. It should outline the communication objectives, how it will be achieved and define the key messages.

This figure outlines the key steps for developing a Communications Strategy:

Crisis Communications Strategy Flow Figure adapted from BS 11200:2014 ‘Crisis Management – Guidance and Good Practice’

Critical Success Factors

A successful communication strategy delivers consistent and informative messaging to all stakeholders and positions the organisation as the trusted source of information while demonstrating control of the situation. It involves a strong and engaging spokesperson who addresses ‘what does it mean for me’ for every stakeholder group. It neutralises potential detractors and consolidates champions.

Critically, it includes effective feedback loops, to ensure the organisation is not only talking, but also listening, adapting and responding. It is swift and comprehensive, and is rolled out by a team of communicators who know their job, remain calm and are well supported by the organisation.

Written by: Joanne Hill (Manager, Resilience Services) & Tim Archer (Head of Communications)

Categorized: intelligence-brief