“Oh my God! The office is on fire!” David exclaimed to his wife as he hung up the phone and drug himself out of bed.

This was the moment he had dreaded for years. So many irreplaceable documents stored there. So much data to be lost.

The fire department had called and alerted him in the middle of the night and he was busy throwing on his clothes and rushing to the car to drive downtown. As he arrived, he saw several emergency vehicles and curls of smoke still rising from what was left of the south end of the building. That was where the documents storage room was and his heart sank. In the end, most of what the fire did not destroy was soaked from the attempts to quell the fire.

The organization lost many key documents and records in the fire. The possibility of a fire had been discussed in a few meetings over the years and some precautions had been taken, but in retrospect, they were woefully inadequate. David realized that there should have been a comprehensive fire prevention plan that included a response team and procedure in the event of a fire or disaster like this.

Over the next few months, all the office talk was of the fire and the amount of damage it caused. The local news had run a story and it was the talk of the little town. The organization’s reputation had taken a serious hit. A special internal committee had been formed to discuss the fire, its effects and impact, and prevention of future incidents. So much attention was given to the event that David was certain real steps would be taken to prevent a repeat.

After a couple months the committee members got busy with their day to day jobs and the “adrenaline” that permeated everything right after the fire started to die down. Slowly, everything returned to “Business as Usual” and David noticed that none of the remediation and planning discussed in the committee meetings right after the fire had been implemented. He started to ask around the office about progress on the controls to prevent future events. He was met with indifference and phrases like “Lightning never strikes twice in the same place!”.

In the end, not much had changed and people rarely discussed the fire or the massive financial and reputational damage it had done to the organization. David often thought how outrageous it was that no real change had been triggered by the event. He thought about how vulnerable the organization was to a repeat.

Ridiculous right?

I have watched the “FIRE” of a data breach ravage many organizations and yet this is typical of their reaction and lack of real response.
Don’t let your organization burn twice.

– y3t1