It's always hard telling people they shouldn't panic while also telling them they need to take their disaster preparedness more seriously. It's far too easy to come across as a waffler. Yet here I am, about to suggest something that might appear to contradict what I opined about last week -- see: Swine Flu: To Fear is to Fail.
At the time, people were in full-blown fright mode as swine flu dominated cable news, and I wanted to offer examples of how fear only made past crisis situations worse. [Related content: Swine Flu: What Exactly Does Phase 5 Mean?]
But the crisis atmosphere over a potential pandemic has all but evaporated since then, because most flu cases have been mild.
It's good that the panic-fueled reporting has eased. But now there's a danger that could haunt organizations later.
With the crisis atmosphere gone, companies that were focused on their pandemic contingency plans last week may likely be moving on to the usual day-to-day concerns, putting the pandemic plans back on the shelf. [See CSOonline's : Pandemic Preparedness Primer for practical planning advice.]
Since the weekend, I've seen many reports asking if the attention of the past week on swine flu was overblown. Some articles answered the question with a "yes." But history is full of examples of why it's never wise to write these things off entirely.
In the last century, pandemics often started with a wave of milder cases in the spring that dropped to almost nothing during the summer months, followed by a wave of more devastating disease. That's what happened during the last pandemic in 1968, and it's certainly what happened during the 1918-19 Spanish Flu, which ultimately killed 70 to 100 million people worldwide.
If there's even a remote chance that history repeats itself, companies and government agencies should be taking the summer to delve even deeper into pandemic planning and be ready in case there's a more virulent second wave later in the year.
Some might call that hyperbole in itself, a contradiction of the "don't panic" message. But that's not how I see it.
Everything in last week's column about keeping panic in check holds true now. People tend to make bad decisions when they act out of panic.
At the same time, as CSOonline has tried to demonstrate in much of its pandemic planning content [See our " Pandemic Articles" section], disaster preparedness planning is an essential part of any security program.
The disaster to overcome could be a pandemic, but it could also be a catastrophic weather event like Hurricane Katrina ( Understanding Risk, Post-Katrina) or last year's storms and floods in the Midwest ( Iowa's Floods: Tragic Lesson in Business Continuity). It could also be a terrorist attack on critical infrastructure ( RSA 2009: Why the Top U.S. Cyber Official is Losing Sleep).
As I said last week, to fear is to fail. But it's also true that if you fail to plan, you plan to fail.
So keep a cool head. But make sure your organization has thought through what it would do if the unexpected happened.
About FUD Watch: Senior Editor Bill Brenner scours the Internet in search of FUD - overhyped security threats that ultimately have little impact on a CSO's daily routine. The goal: help security decision makers separate the hot air from genuine action items. To point us toward the industry's most egregious FUD, send an e-mail to firstname.lastname@example.org.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.