Cities Under Water

For a number of years I have been using changing weather patterns and the impact on global mega-cities as a central case study for our risk and crisis management training programmes. I have used examples from South East Asia (mainly Bangladesh) as an example of a country and society that sees catastrophic flooding as a natural part of its seasonal cycle, but have also used examples from the impact of severe weather on major cities such as New Orleans and Hurricane Katrina (2005), and the flooding in Paris (2016) and across central Europe involving the Elba and Danube drainage basins (2013).

With the backdrop of flooded cities on the screen behind me, I have said that, in my opinion the people in the training room were, within their working lives, likely to see a world under water for a significant part of the year. We have then gone on to discuss what significance that would have for city planners in general, and crisis managers in particular.

Given the news over the past few days, it seems that my time-line for the arrival of such a situation had been radically mistaken, and it may be that we are already entering a world where the distinction between ‘dry land’ and ‘flooded areas’ can no longer be maintained.

Hurricane Harvey in Texas brings back the indelible images we associate with Hurricane Katrina, and the current catastrophic flooding in Mumbai has affected not only a major Indian city, but also a major global financial center. However they are only the major stories that capture the headlines in international news channels. The situations, and the consequences they bring with them, in countries across the world, can no longer be seen as outlier anomalies, but must be recognised as indicating a new stage in the development of 21st century urban management.


As the map at the top of this blog shows, of the sixteen mega-cities listed (ie with more than ten million inhabitants), fifteen are based on the coast (the sole exception being Delhi in India). Of the predicted thirty global mega cities that will exist by 2030, almost all will be on the coast, and almost all will also be in the ‘developing global south’, which means that they will be largely unplanned and unmanaged, with little or none of the underlying urban infrastructure that we usually associate with major city development.

The nature of a major flood event means that the damage is often widespread, total, catastrophic, and has an extremely long recovery period – often counted in decades rather than months or years. It involves infrastructure degradation (roads and bridges washed away, railways incapacitated and power generation severely damaged), health issues (release of sewage into the flood waters, lack of water purification, spread of diseases), and a social dislocation that has often had the highest impact on exactly those areas of the community that are least able to manage it and, in risk management terms, have the least resilience to disruptive events.

I have been impressed by the efforts of the US local, state and regional emergency response agencies in dealing with the impacts and consequences of Hurricane Harvey as best they can, in the face of what was an unprecedented level of rain leading to an unprecedented level of disruption. However, if we are to avoid the catastrophic levels of personal and social impact that we have seen in recent flooding and other natural disaster incidents, then we need to accept the reality of the threats that we are facing, and to treat them as a part of the new reality of 21st century risk management rather than as one-off events that can be largely forgotten once the television crews have left and moved on to the next story. 


Deltar Certificated Training Programmes

You can see more information on the

Deltar 3-Day Level 5 Management Award in Corporate Risk and Crisis Management here

Deltar Level 6 12-Month Distance Learning Diploma in Strategic Risk and Crisis Management here

Both awards are fully certificated, and regulated by UK Ofqual (Office of Qualifications).

How Crisis Ready Are You? A Ten-Point Check-List

A coach of the German football was once asked what made the team so successful at winning competitions. He replied that to do well in the first half of the competition you needed energy and desire, but to do well in the second half you needed technique and discipline. It is similar in developing effective risk, resilience and crisis management capabilities. There certainly needs to be support and buy-in at every level of the organisation, from the car-park attendants and toilet cleaners through the general staff and the team leaders, all the way to the divisional directors and the chief executive officer, but there also needs to be the technical skills that will allow the organisation to understand its own capabilities, identify its weaknesses, and create an on-going culture of risk management that will allow it to become a truly resilient organisation.

The ten points on the checklist below can be used as a quick guide in assessing how mature the organisation’s risk management culture is, and how strong (if at all) the underlying risk management foundations are.

Point 1: Risk Sensitivity

The first point that needs to ask is how mature an organisation is in terms of recognising and acknowledging risk. Just as a teenager will do things that are clearly (at least to older, wiser eyes) foolish and potentially injurious, but they will nevertheless completely ignore anyone who tries to tell them that, so many organisations have an attitude towards risk that is clearly, at least to an outside observer, potentially harmful. If the overall approach to risk is one of wilful ignorance and an inability to discuss it in a meaningful way, then there is little else that can be done.

Point 2: Time Gap Management

There are two time gaps that are critical in assessing the ability to manage a crisis.

The first is the time that it takes from a potential or actual crisis to be triggered, and the organisation to recognise it as such and then start to do something about it. Most organisations will spend a significant amount of time and effort trying to pretend that there isn’t a crisis, during which time the crisis itself is developing, growing and becoming more destructive. The second time gap is the time it takes between the organisation acknowledging the crisis and then having the ability to respond in a way that will actually impact on the external event, as well as increasing the organisation’s chance to either manage it or, if it has got to that stage, survive it.

Point 3: Development of Crisis Management Team (CMT)

The ability to put together a crisis management team that can take control of the situation at the very start of the actual or potential crisis is a significant issue for any organisation. Crises are, by their very nature, rare events, and if the people involved in the CMT are not aware of their roles, have not practiced them or do not understand the specific challenges associated with crisis management, then it is almost certain that the crisis management process itself will fail, and that within a very short time it will be the management failure that becomes the focus of attention as well as the actual crisis itself.

Point 4: Information Overload – Creating a Common Operating Picture

The problems in crises is not that there is not enough information, but that there is an overload of information, much of which will be partial, muddled, contradictory and without any context that can give it an overall meaning, all of which needs to be assessed and judged as to its veracity, its relevance, and its place in the overall picture.

The single issue that emerges in all post-crisis reviews is that the information management system was overwhelmed within the first few minutes, and that that in itself became a critical issue in the development of an effective and meaningful response.

The presence of a team that can sort that information, and pass it on in a structured form to the decision-makers , creating a Common Operating Picture that can be shared by all stake-holders, will be a critical step in creating an effective crisis management response.

Point 5: Interoperability

Any crisis response is going to involve a multiple of response teams, both internal and external, formal and informal, and it is the ability to create immediate working relationships with all of those teams that will set the foundation for an effective multi-agency response.

All crisis response operations will be made up of a mixture of command and control, coordination, collaboration and cooperation, and it is the ability to understand the differences between these relationships, and to make them work in the pressures and challenges of an actual crisis response, that will allow the different teams to develop effective working practices.

Point 6: Distant Management

Although many organisation talk about ‘empowerment, and ‘decision-making autonomy’, once an actual major incident occurs, the natural reaction of most organisations is to try and control decision making. They do this by bringing decision-making authority back to the centre (the headquarters), and restricting it to a few chosen people, without whose authorisation nothing can be done. Although it is easy to understand why an organisation does this, that does not justify it. In fact, the desire to take decision-making authority away from the people who are actually involved in the management of the situation s one of the chief cause of response breakdown.

The basic rule is, that the further away the person making the decisions is from the scene of the event, the more time it will take for responses to be developed, the less effective they will be, and the greater the impact on the actual response operation.

Point 7: ‘Support and Adapt’, not ‘Command and Control’

The use of the phrase ‘Command and Control’ presupposes a traditional, military-style centralised, hierarchical command-based management system. Although this may be effective in the highly disciplined and well-trained environments within which a military operation will be operating, it does not reflect the reality of the more chaotic and less well-structured response frameworks that most emergency and crisis management operations are dealing with. The truth is that most response teams on the ground do not need a hierarchical command system to tell them what to do – it is clear to them from their own assessment as to what needs to be done. The role of the management system then is to understand what is needed, and to ensure that the necessary supplies, man-power and other resources are provided so as to enable the response teams to manage their own operations as effectively as possible.

Point 8: Creating an Information Exchange Network

All emergency response operations are complex, and involve high levels of interaction of multiple teams at different areas of the operation, all operating at extreme levels of stress on both an immediate and long-term basis. One of the critical responsibilities of the strategic management team is to ensure, a s much as possible, that there is a Common Operating Picture, that is, that as many people as possible involved in all aspects of the operation are sharing as much information as possible. This aspect of ‘information exchange’ and ‘information sharing’ means that all of the different teams and agencies are able to feel themselves as being part of a unified response operation that is working together to achieve a common goal, rather than each team working in isolation, with little if any understanding of what else is happening around them in the wider response context.

Point 9: Protecting Reputation: Managing the Message

In the modern world, there is no such thing as a ‘private incident’. Any incident that affects people or impacts on them in some way, can be considered as potentially global in the nature of the media coverage it can attract, both from traditional news sources – television and newspapers – and modern – social media in its various forms. The ability to manage that message, and to use it to protect an organisation’s reputation, is a critical part of any crisis response operation.

Recent examples that have hit the headlines, and from wildly different events, include the failure of the local council in north London to response effectively or appropriately to the Grenfell Tower fire disaster, the failure of British Airways to respond effectively when the failure of its ticket-booking system led to the disruption of hundreds of flights worldwide (and which they initially blamed on a minor power failure), and the catastrophic response of United Airlines when two security staff were filed dragging a passenger of one of its planes after they had over-booked the seats. The fact that the mobile-phone footage on the United Airlines incident went viral (together with the failure of the CEO to respond effectively), led to United losing $900 million in two days from their share price.

Social media is a powerful tool that can allow an organisation to be in the best position to manage and influence the response to any incident it is involved in, but just as with any aspect of emergency response and crisis management, that capability cannot be created in the middle of an actual crisis event. The ability to plan and for and prepare the organisation to make the maximum use of social media in order to protect its own reputation and brand value is one of the critical aspects of any modern crisis response framework.

Point 10: Effective CM Capabilities are Dependent on Sustained Support from the C-Suite

As important as the individual skills are, it is the corporate risk attitude and culture that will have the greatest impact on the ability of the organisation to identify potential crises at the earliest opportunity, to respond in a timely and appropriate manner, and to embody the concepts of organisational resilience that will allow the speediest recovery in the post-crisis period.

Real crisis management does not start when a crisis is discovered, but is an embodied value intrinsic to every aspect of an effective organisation’s operation.

We put this tenth point in as the last one, because we consider it to be the killer argument, the one that we want our audience to remember at the end of our presentation to the Executive Committee, that they will carry with them, and which – hopefully – they can then use to support the development of an on-going, organisational capability development programme.

Point 11

Point 12

Although it is nice to make lists, and it gives us a feeling that we can bring some sort of order and coherence to what is often a chaotic and incoherent reality, these ten points are only a guideline to what could more appropriately be considered as a corporate attitude or ethos.
As you may have noticed, we have left two points blank. That is because there are a whole load of possibilities that we could put in there, but it is up to each person and each organisation to decide for themselves what other points should be in there.

Some possibilities for Points 11 and 12….

  • Crisis management doesn’t start once a crisis event occurs – it is a reflection of our organisational DNA, who we are and everything that we do
  • We should be a learning organisation. Take advantage of near misses!
  • The role of the crisis management team to not simply to manage a crisis, but to ensure that every part of the organisation understands their role in contributing to and supporting an effective crisis management response.
  • Crisis management is important – take it seriously!

Deltar Training Solutions

Deltar Training Solutions runs a range of specialist risk and crisis management training programmes around the world, including three-day Level 4 Management Awards in Strategic Risk and Crisis Management, and a 12-month distance-learning Level 6 Diploma in Strategic Risk and Crisis Management. Both qualifications are accredited through Ofqual, the UK government’s registry of qualifications.

Dr David Rubens DSyRM, CSyP, FSyI FSyI is widely recognised as one of the leading authorities in strategic risk and crisis management, having worked at the highest level of academia, corporate and government risk and crisis management programmes. He currently runs the Deltar Training programmes around the world.

Deltar Training Solutions
Email :

British Airway’s IT Failure: A Lessons For All High Reliability Organisations

If any organisation should be able to claim that it is a High Reliability Organisation, it is British Airways. It fits all of the requirements in terms of both its organisation structure (complex, multi-stranded, high levels of mutual dependency between all of its myriad components) and its services (critical to all of its users, who are dependent on it to supply the services that it has promised).

And yet, the recent IT failure that affected its global operations but has subsequently been blamed on a single operator in a sub-contracted maintenance company, seems to break all of the rules of HRO management – with predictable results.

To recap the situation, in May this year, BA’s ticketing system suffered a total and catastrophic failure during the Spring bank holiday weekend, one of the busiest weekends of the year. That immediately affected the flights of over 75,000 passengers world-wide, but also created disruption across the BA system, as well as affecting other airlines which had passengers who were either transitioning to or arriving from BA flights.

Any international airline is dependent on a zero failure operating system, as even the smallest failure – booking systems not working, luggage handling failures, flight crews in the wrong place, refuelling not happening, food not being loaded in time – creates an instant chain of cascading consequences that have massive knock-on effects that quickly spread well beyond the original event.

They are dependent on systems that are, in a famous phrase associated with High Reliability Theory (HRT): ‘Systems that are not only foolproof, but damned foolproof’ (1). However, systems as complex and interdependent as an international airline, do not just happen. They are also not just an issue of correct design and professional management. They are in fact a reflection of the culture of the organisation.

Prior to the development of High Reliability Theory, the main academic school of thought concerning highly complex organisations was Normal Accident Theory, described by Perrow (2) in his study of the Three Mile Island nuclear disaster, and which he then developed as a general theory of systems that stated that the more complex an organisation was, the higher the likelihood of failure. When that complexity involved two or more systems that were themselves complex, interacting to create an even higher order of complexity, then the likelihood of failure was almost certain. In this sense, failure was not a non-normal state that should be considered as an unexpected event, but was in fact an inevitable consequence of the complexity of the systems themselves.

One of the founders of the study of High Reliability Theory, the creation of operation management programmes that are fail-safe, identified the foundation of high reliability as not being an issue of technical management, but of ‘mindfulness’ (3). This stated that it was a sensitivity to the possibility of failure, and an organisational commitment, at every level , to preventing even the possibility of failure, that was the underlying quality on which all high reliability organisations depended.

One of the fundamental beliefs of Weick’s model of high reliability was that there is no such thing as an insignificant problem. All problems are themselves indicative of an underlying fault or weakness, a significant failing that allowed that problem to develop. If that systemic fault or weakness had not been there, then the problem itself would have been identified and dealt with before it could become a problem.

Within a complex operation, the conclusion from the previous assumption is that the problem itself is not ‘an event’, but only the final visible part of a ‘long-chained causal process’, where multiple other failings had to take place to allow the conditions to rise that enabled that incident to occur.

The final part of this piece of HRT states that not only is each incident important in itself, but they should be treated as though they are indicators of a potential crisis. This means that they are in fact not only significant, but are warnings about underlying problems that could at any time escalate into an actual crisis situation.

To return to the BA incident, it is clear that the dependency on the IT system (and that could be anything to do with technological support, not just the ticketing system), should have been triple locked in terms of technical safety, but also triple-locked in terms of management attitudes and sensitivity to anything that could possibly have been seen as something that could lead to systems failure.

It is alarming therefore, to read in this morning’s newspaper that BA would not be publishing a review into its IT failure, and that Willie Walsh, chief executive officer of AIG the parent company that owned British Airways, stated that the IT failure was an ‘isolated incident’. This is despite the fact that BA had suffered at least four computer-related failures in the last year, and that BA chief executive officer Alex Cruz had gone on record last year when he told investors that the airlines IT systems were experiencing regular problems.

The ability to understand, and then correctly manage, complexity is an integral part of a management position. The higher the position, and the more complex the operation, the greater the responsibility. This incident happened to British Airways, but it is likely that every High Reliability Organisation is vulnerable to similar issues. For those interested in other examples of high reliability organisations losing the cultural commitment to excellence and zero-failure operating environments which then lead to catastrophic failures, case studies include the NASA Challenger and Colombia disasters, BP and the Deepwater Horizon failures, or the problems associated with multiple financial institution IT failures that we have seen over recent years.


  • Schulman, P. R. (2004). General attributes of safe organisations. Quality and Safety in Health Care, 13(suppl 2), ii39-ii44.
  • PERROW, Charles. (1984). Normal Accidents: Living with High Risk Technologies Princeton University Press,
  • Weick, K. E., Sutcliffe, K. M., & Obstfeld, D. (1999). Organizing for high reliability: Processes of collective mindfulness. Crisis management, 3, 81-123.

See also my article in Risk UK Magazine:

High Reliability Organisations: The New ‘Buzz Phrase’ For Business Management? Dec 2015, pp 50-51
High Reliability Organisations: A Model For Effective Risk Management Risk UK, January 2016, pp 49-50

Deltar Ofqual-Regulated Training Programmes

For information , please visit

3-day Ofqual-regulated Level 5 Management Award in Corporate Risk and Crisis Management
12-month distance-learning Ofqual-regulated Level 6 Diploma in Strategic Risk and Crisis Management

Advanced Risk and Crisis Management

Deltar L4 ‘Advanced Risk and Crisis Management’ Program in Chile

Deltar continues to make friends across Latin America, as it ran its third programme this year in the region, following previous programmes in Bogota, Colombia and Lima, Peru.

The course in Santiago, Chile was attended by sixteen people, representing financial institutions including the National Bank and private banking groups, global risk consultancies, emergency response consultants, IT infrastructure providers and scientific testing centres. As always, the three days were filled with lessons, discussions, exercises and non-stop learning.

Of the thirteen Feedback Forms completed, twelve gave 5/5 for ‘Course Contents’, ‘Presenter’s Knowledge’ and ‘Would you recommend this course to a colleague?’. The other one gave 4/5 to all three – a tough person to please!

Our next course is in Mexico City from 21st – 23rd June. As with all of our LatAm programmes, it is fully bilingual, with all course material, presentations and handbooks available in both Spanish and English, and with a professional interpreting service as part of the course.

For more details, please contact, or see the course information at the Deltar website in English or Spanish

Communication – Not Simply ‘A Transfer of Information’

The front page of a number of papers this morning carried the story that international pilots’ lack of English was causing potential disaster situations. Although English is supposed to be the international language of air traffic control systems around the world, and all pilots and air traffic controllers are supposed to have an internationally recognised qualification in English, the truth is that many of the people receiving the certification do not have the necessary level of skills. This are not just occasional one-off failures – the reports highlight the fact that’s some countries have institutionalised by-passing the necessary controls in order to give significant numbers of people the qualification, even when they are clearly not up to standard.

The Level 4 qualification that is the minimum level that all pilots are supposed to achieve certifies that they have a level of English that allows them to speak on aviation-related topics with accuracy and clarity, resolve misunderstandings and react to an unexpected turn of events. Give the pressure that any pilot or air traffic controller will be under as soon as a non-normal situation arises, the likelihood is that under such pressure, language skills will lessen even further, and the failure to create an effective communication channel between air traffic control and the pilot could mean that a situation that would otherwise have been handled as a relatively routine incident can almost immediately escalate into a major incident, and potentially a catastrophic disaster.
At the start of every course that I run, I ask the participants (all of whom are experienced risk, crisis and business continuity managers) ‘What is the number one cause of problems in security management programmes?’. The answer ‘Communication’ is usually either the first or the second option they offer me.

The truth is, that however well we might prepare our incident response programmes, once something goes wrong, we will need to put together a plan, distribute information, confirm positions, update the various teams, re-assess the situation, be aware of potential issues, and try to maintain a continually evolving four dimensional picture of all of the pieces that go together to make an effective response programme. It is hardly surprising that it is the management of the information exchange that is both the first thing to go wrong, and the failure that causes greatest problems.

Most people, if asked, will reply that ‘communication’ is something along the lines of ‘transfer of information’. And that is certainly not wrong. However, it fails to capture the full nature of crisis management communication.

The first thing we can add is rather than being the simple ‘transfer of information’, communication is ‘the transfer of complex information’. A crisis management message will often have a number of constituent parts, each of which are critical to the full understanding of both the current situation, but also to understand the requirements that are needed, whether it is to respond to that situation as it is, or to prevent it from escalating / deteriorating to a worse condition.

The second addition we can make to our original statement is that ‘Communication is the transfer of complex information under pressure’. There is always the background pressure of the general operating environment, but there may well be the specific pressures associated with a particular event which has just happened, or is just about to happen. The person transmitting the information may be aware of the catastrophic consequences of the failure of the person receiving the information both to understand its significance and then to take the appropriate avoiding actions. There may often not be enough time to go over and explain the message again, so there is the pressure to get it right, first time.

And the final thing we can add to the original definition is that ‘Communication is the transfer of complex information under pressure, to multiple stake-holders’. This means that any information that is needed to be transmitted / transferred, will need to go to multiple people who are either involved in the specific incident or who will be affected by the actions that those people who are involved in the situation will need to take to prevent or avoid that situation from happening or escalating.

As I often say in my lectures, within a crisis management scenario, the most significant role of the crisis management team is to not to make decisions or to give instructions, but to ensure that information flows smoothly and freely around the multi-agency frameworks, so that as much as possible all the players in the game have an on-going and updated ‘Common Operating Picture’ at all times.

Once we have the understanding that ‘communication’ is ‘the transfer of complex information under pressure to multiple stake-holders’, it puts into perspective the demands that effective communications puts on any operations manager, and highlights the reason why communications is likely to be the critical component that fails once a crisis is triggered.

David Rubens
3rd April, 2017
© 2017

Deltar Level 4 Course to be delivered in Moscow

Yuri Ganfeld, Deltar Training’s head of Russian and eastern Europe projects, announced the dates for the first Deltar programme to be held in Moscow.
Taking place from 28th-30th June, the course will be delivered in Russian, and on successful completion of the course, including the delivery of a portfolio of assignments, participants will receive an IQ certification for Level 4 Management Award in Advanced Corporate Risk and Crisis Management.

Successful Level 4 Advanced Risk

Successful Level 4 Advanced Risk and Crisis Management Programme in Lima, Peru

David Rubens delivered a Level 4 Advanced Risk and Crisis Management programme for nine senior risk and business continuity managers in Lima, Peru, from 22nd-24th March. Attendees included senior decision makers from major financial institutions, as well as the national financial regulatory body.

Dr David Rubens HEBCoN Presentation

Dr David Rubens HEBCoN Presentation available in Video and PDF.

Dr David Rubens gave the keynote speech at the 2017 Higher Education Business Continuity Network Annual Conference. In front of over seventy delegates, David gave an overview of the threat environment facing business continuity managers in 2017, and looked at some of the issues associated with creating high-reliability organisations able to deal with the high-impact, high-complexity threats facing all organisations. The video and supporting pdf are currently undergoing editing, and should be available before the end of April.

Manchester Metropolitan University to host Deltar

Manchester Metropolitan University to host Deltar Level 4 Advanced Risk and Crisis Management Programme (June 2017)

Manchester Metropolitan University (MMU) Head of Security and Business Continuity Alan Cain, announced that MMU will be hosting a Deltar Level 4 Management Award programme in Advanced Corporate Risk and Crisis Management from 6th-8th June, 2017.

New dates announced for Latin America Level 4

New dates announced for Latin America Level 4 Advanced Risk and Crisis Management programmes

Deltar’s partner in South America, Disaster Risk Journal en Espanol, has announced three new dates for Deltar’s Level 4 Management Award programme in Advanced Corporate Risk and Crisis Management.
Lima Peru, 22nd -24th March
Santiago, Chile 26th-28th April
Mexico City, Mexico, 21st-23rd June
These programmes carry on from successful programmes already delivered in Colombia and Peru, and it is intended to develop a regional network of Deltar alumni who can establish a network for exchange of information, identification of best practices and creating of a mutually beneficial support framework for strategic risk and crisis managers across the region.