Guest blog by Simon Levy, CEO, Risk Management Institute of Australasia (RMIA)
Following the recent Senate Inquiry into the nationwide outage experienced by Optus in November 2023, critical risk-based insights emerged. These bear practical significance for organisations across a diverse range of industries.
These insights underscore the importance of cultivating robust systems, refining communication strategies and embracing concrete safeguards to pre-empt and mitigate the impact of similar incidents in the future.
Key insight one: Vulnerabilities and Inadequate Testing
From the vulnerability of systems to unexpected disruptions, the Inquiry should prompt a practical look at testing and validation procedures.
Organisations are urged to proactively identify and address potential vulnerabilities, ensuring that changes or upgrades are implemented with a practical focus on maintaining stability and operations.
Key insight two: Ineffective Communication and Customer Service
In moments of crisis, the practical importance of clear, timely, and transparent communication takes centre stage.
Organisations are advised to prioritise the development of effective communication strategies, recognising the tangible role it plays in keeping stakeholders well-informed, maintaining trust, and tangibly mitigating the overall impact of disruptions.
Key insight three: Inadequate Redundancy and Backup Plans
There should be practical encouragement for organisations to roll out a thorough evaluation of current redundancy strategies, urging a hands-on investment in building resilience.
Robust redundancy measures and effective backup plans are tangible instruments that can substantially reduce the duration and severity of disruptions, providing an opportunity to minimise downtime and enhance operational continuity tangibly.
Key insight four: Cybersecurity Threats and Vulnerabilities
The Inquiry's revelation of the substantial threat posed by cybersecurity risks serves as a practical reminder.
Organisations should look to adopt a proactive approach, continuously assessing and addressing cybersecurity vulnerabilities, thereby tangibly safeguarding infrastructure, data, and customers from potential malicious actors.
Key insight five: Oversight and Regulatory Framework
Operating within a clear and well-defined regulatory framework was emphasised.
Organisations should ensure adherence to regulations outlining their responsibilities during disruptions.
Simultaneously, regulatory bodies are invited to play a vital, practical role in guaranteeing the tangible implementation of necessary safeguards and prioritising customer interests.
Learnings and reflections: surprising themes emerge
Reflecting on the recent Optus outage offers a down-to-earth perspective, revealing critical lessons for organisations. This reflection underscores the practical importance of continuous learning, effective communication, and a down-to-earth approach to risk management.
1. Organisational Learning
Despite the ongoing emphasis on organisational learning, the Optus outage suggests a need for a more applied approach. Organisations are encouraged to revisit lessons from previous disruptions, incorporating practical insights into their practices, including communication strategies and redundancy measures.
2. Public Sentiment
The unexpected speed at which public sentiment turned against Optus's CEO is presented as an opportunity for reflection. In today's dynamic social media landscape, organisations are urged to practically navigate the challenges of negative perceptions, recognising the tangible impact on public trust. The CEO's experience with public criticism and calls for resignation offers a practical reminder of the importance of transparent leadership in times of crisis.
3. Scenario Testing and War Gaming
While acknowledging Optus's efforts in conducting these exercises, there is recognition that an opportunity presented it to delve deeper into the possibility of an outage of this magnitude. The emphasis is encouraging organisations to approach scenario testing with a hands-on mindset, ensuring preparedness to manage crises effectively.
4. Addressing Absolute Worst-Case Scenarios
A practical call to address absolute worst-case scenarios is needed. Organisations are encouraged to practically consider the full range of potential disruptions, regardless of perceived likelihood. This approach is presented as a way for organisations to develop more robust contingency plans, fostering a better-equipped stance to handle unforeseen events with practicality.
Top three questions for organisations to consider
Ask your internal teams:
1. How can we practically learn and adapt from past incidents?
2. In what tangible ways can our communication strategies evolve to navigate crises more effectively?
3. Are we implementing concrete measures to foster a culture of readiness and adaptability to address worst-case scenarios?
Final thoughts
The Optus outage practically prompts organisations of all sizes to contemplate the tangible balance of continuous learning, practical communication, and pragmatic risk management. This reflective journey invites organisations to consider these insights practically, fostering an environment of resilience and adaptability in the face of unforeseen challenges.
The Risk Management Institute of Australasia (RMIA) is the leading professional institution and industry association for risk managers in the Asia Pacific region. Simon Levy is the CEO at Risk Management Institute of Australasia (RMIA). This article reflects the views and opinions held by Simon Levy as CEO of RMIA.