In December 2024 a prominent CEO was shot and killed outside of a Manhattan hotel where they were attending an investor meeting. The incident has drawn significant public attention, with speculation surrounding both the suspect’s motives and the broader implications for corporate security, given ongoing controversies and protests against the company at the time of the attack.

The best way to protect your company and your executive assets from this risk is developing a comprehensive executive protection and secure journey management plan.An intelligence led approach can limit your risk exposure and enhance your executive protection in a variety of ways.

– Adam DeLuca, Everbridge Director of Risk Intelligence

Monitoring

Early detection of threat and risk is invaluable to executive protection. Monitoring collection platforms in real-time allows you to identify potential threats before they become major problems and enables executive protection teams to proactively manage risk to their clients in a timely manner.

Utilizing Different Types of intelligence  

OSINT gathers information from publicly available sources. Human intelligence collects information obtained through direct contact with individuals who may have relevant insights. Signal intelligence monitors electronic communications and data to identify potential threats. Protective intelligence focuses specifically on identifying and assessing threats to an individual. These types of intelligence analyze incredible amounts of data from various sources to provide a comprehensive picture of the threat landscape to help shape risk assessments. 

Trend Analysis / Threat Assessments

Looking at the threat landscape and doing comprehensive threat assessments allows security teams to anticipate potential risks and vulnerabilities, develop targeted mitigation strategies, and make informed decisions to safeguard the principal through detailed situational awareness, rather than simply reacting to incidents.

Situational awareness

By monitoring real-time information, intelligence provides a comprehensive understanding of the environment surrounding the executive, including potential dangers in specific locations or during travel.

As threats to critical infrastructure grow, resilience is more essential than ever. The European Union’s Critical Entities Resilience (CER) Directive aims to protect vital sectors like energy, transport, healthcare, and digital infrastructure from disruptions. By addressing vulnerabilities, the directive ensures essential services stay operational against physical and digital threats. This blog explores the importance of these regulations, their scope, and the measures safeguarding essential services across Europe.

What is the Critical Entities Resilience Directive?

The Critical Entities Resilience (CER) Directive is a comprehensive policy developed to address the growing complexity and interdependence of critical infrastructures across the EU. Enacted on January 16, 2023, the directive builds on a broader initiative introduced by the European Commission in 2020. Its primary aim is to strengthen resilience to threats—both physical and digital—by establishing clear compliance requirements for the Member States and organizations operating within these critical sectors.

This directive works in tandem with other key EU policies, such as the NIS 2 Directive, which focuses on cybersecurity for network and information systems. Together, the CER Directive and NIS 2 form a robust framework to better protect essential societal functions. Additionally, they are part of a larger EU policy landscape that includes initiatives like the Digital Operational Resilience Act (DORA) and the Cyber Resilience Act (CRA), all aimed at bolstering the EU’s collective defense against modern threats.

As Margaritis Schinas, former Vice-President for Promoting our European Way of Life, highlighted during the directive’s introduction: these new regulations establish “a strong framework to build up our collective protection against all threats.” The CER Directive is not just about responding to immediate risks; it also emphasizes long-term preparedness through the creation of durable and adaptable critical infrastructure systems.

The aim and scope of the CER Directive

The CER Directive aims to safeguard the continuous delivery of essential services that underpin societal well-being and economic stability. It focuses on a broad spectrum of sectors classified as “critical entities,” whose disruptions could have far-reaching impacts on public safety, economic performance, and the daily lives of EU citizens.

One of the directive’s key components is its emphasis on proactive measures. Organizations operating within critical sectors are required to conduct in-depth risk assessments to identify vulnerabilities and potential threats. Once risks are identified, these organizations must adopt robust resilience strategies tailored to their specific operational needs. This includes physical security measures, but also advanced digital protections to safeguard systems from cyberattacks. Additionally, entities under the directive must promptly report incidents to ensure that effective responses can be coordinated at the national and EU levels.

Ylva Johansson, EU Commissioner for Home Affairs, emphasized the need for collective action during the directive’s launch, stating: “We face increasing hybrid attacks and the growing impact of climate change. Building preparedness and resilience requires unified action.” Her remarks reflect the growing understanding that modern threats are multi-faceted, encompassing not only cyberattacks and terrorism, but also emerging challenges such as climate-related disruptions and supply chain vulnerabilities. The directive aims to create a culture of resilience, where preparedness becomes a shared responsibility across governments, organizations, and industries.

Key measures and implementation

The CER Directive establishes several concrete measures to strengthen critical infrastructure. These include mandatory risk assessments, comprehensive resilience testing, and the development of emergency response plans. Furthermore, the directive requires Member States to designate national authorities responsible for overseeing compliance and facilitating cross-border collaboration. This ensures that critical entities across Europe are not working in isolation, but part of a coordinated effort to enhance resilience.

In addition, the directive introduces stricter reporting requirements, ensuring that incidents are swiftly communicated to relevant authorities to enable a timely and effective response. This approach not only minimizes the impact of disruptions, but also provides valuable insights into the evolving threat landscape, helping refine and improve resilience strategies over time.

Why the CER Directive matters

By implementing the CER Directive, the European Union is taking significant steps to safeguard critical services and enhance its collective capacity to respond to evolving risks. The directive acknowledges the interconnected nature of modern infrastructure, where disruptions in one sector can have cascading effects on others. For example, a cyberattack on a power grid could simultaneously impact healthcare facilities, transportation networks, and banking systems. The CER Directive’s holistic approach ensures that these interdependencies are accounted for, reducing the likelihood of widespread disruptions.

In conclusion, the CER Directive represents a vital step forward in protecting Europe’s critical infrastructure from an increasingly complex threat environment. By fostering collaboration, promoting proactive risk management, and mandating resilience strategies, the directive ensures essential services remain operational in the face of adversity. As threats continue to evolve, the CER Directive serves as a cornerstone of the EU’s broader efforts to create a safer, more resilient future for all its citizens.

How Everbridge supports resilience in critical enterprises

Everbridge provides a comprehensive suite of critical event management solutions designed to strengthen operational resilience and overall resilience strategies in line with the CER Directive’s objectives.

Enhancing physical security and infrastructure protection

Everbridge smart security solutions offer a complete view of physical locations and assets, enabling organizations to respond swiftly to potential threats. By reducing training and security costs, these solutions ensure that critical entities can maintain service provision even during incidents.

Personnel security management and business continuity

Everbridge prioritizes the safety and well-being of individuals within an organization. With our Everbridge 360 solutions, we enable seamless communication and access to emergency services, ensuring workforce productivity stays uninterrupted even during disruptions.

In addition, Everbridge business continuity plans empower organizations to anticipate and mitigate the impact of disruptions. By activating automated incident response workflows, companies can seamlessly maintain operations.

Digital resilience and IT service management

Everbridge also supports digital resilience by minimizing IT service disruptions and reducing unplanned workloads. Our digital operations solutions monitor system performance and automate IT workflows, allowing teams to work efficiently and confidently.

Key takeaways from the CER Directive and the role Everbridge can play

The CER Directive represents a significant step forward in strengthening the resilience of critical entities across Europe. By mandating comprehensive risk assessments and resilience measures, it provides a solid framework for protecting essential services from both natural and man-made threats.

Everbridge plays a crucial role in this ecosystem by offering advanced solutions that enhance operational resilience. From physical security management to digital resilience, Everbridge empowers organizations to protect their people, assets, and operations.

For emergency managers, business continuity planners, and chief security officers, understanding the CER Directive and leveraging Everbridge solutions can significantly enhance their organization’s ability to withstand and recover from disruptions.

In a world where threats to critical infrastructure are becoming increasingly complex, the CER Directive and Everbridge solutions offer a path to enhanced resilience. By aligning with these frameworks, organizations can safeguard essential services and ensure their continued operation.

“Are you doing everything you should be doing to build organizational resilience?” Plans, projects, and technologies may occupy most of your time, but it’s worth taking a step back to reflect on how your resilience-focused activities may be aligned…or misaligned. Building organizational resilience requires having optimal plans, strategies, tools, and processes.

The newly released standard to help organizations build resilience–ISO 22336–is the first international standard that provides comprehensive guidelines for designing, implementing, and improving resilience policies and strategies within organizations. This standard offers a blueprint to enhance resilience, optimize risk management, and refine strategic planning. It also complements and works in tandem with other standards that focus on risk management, business continuity management, and crisis management, like ISO 31000, ISO 22301, and ISO 22361.

Most organizations are doing things to become more resilient, but programs and initiatives are often segmented. With ISO 22336, executives and managers now have clear guidance on how to drive their organization to become more resilient. Perhaps the most helpful thing about this standard is that it helps organizations identify what they aren’t doing, but should be.

What is ISO 22336:2024? 

ISO 22336 is specifically for organizations seeking to improve their resilience capabilities. It focuses on formulating policy, designing strategy, and determining priorities to implement an organization’s resilience strategy effectively. 

Key points include: 

• Designing and formulating a resilience policy. 
• Creating strategies to achieve resilience objectives. 
• Determining priorities for implementing resilience initiatives. 
• Establishing cooperative and coordinated capabilities to enhance resilience. 

This standard is applicable to any organization, regardless of industry or sector, and aims to enhance its resilience throughout its lifecycle.  

What are the benefits of implementing the new ISO? 

• Enhanced resilience: ISO 22336:2024 equips organizations with the framework and tools to build robust resilience processes. This ensures that businesses can withstand and recover from disruptions, maintaining operational continuity and safeguarding stakeholder interests. 
• Improved risk management: The standard emphasizes a proactive approach to risk management. By understanding and anticipating potential threats, organizations can implement measures to mitigate risks before they escalate into crises. 
• Strategic planning: ISO 22336:2024 encourages integrating resilience into strategic planning. This alignment ensures that resilience is not an afterthought but a core component of organizational strategy, enabling businesses to adapt to changing environments effectively. It enables improved oversight on establishing KPIs and objectives that can be evaluated to understand the benefit of resilience and the investment towards organizational resilience. It can also provide a comprehensive framework for resilience ensuring all avenues of resilience (e.g. risk, continuity, disaster recovery, third-party risk management) are all working collaboratively and are minimizing gaps. 

Real-world applications: bridging theory and practice 

For organizations that apply the ISO 22336:2024 standard, the benefits can lead to tangible improvements in resilience and organizational performance. Consider the following examples:  

Example 1: Integrated  

Sections 6.4.4 and 7.4 of the standard state that organizations should eliminate silos and be integrated, which includes integrating systems, teams, and budgets. One example is having a critical event management (CEM) platform that is used across several teams, and integrated with other systems and sources, like risk intelligence feeds, Human Resource Information Systems, badging systems, and travel management systems. These integrations allow organizations to detect risks to employees and operations, and quickly respond to critical events. 

Example 2: Prepared  

Section 7.6 of the standard states that organizations should demonstrate preparedness by investing in capabilities to anticipate and respond to changing circumstances, and demonstrate resourcefulness by anticipating future conditions, and mobilizing and coordinating wider human, financial, and physical resources. Organizations can bolster their critical event planning by using business continuity software such as the Everbridge Business Continuity in the Cloud (BCIC) platform. BCIC is used by several Fourtune 10 companies and helps organizations assess potential business impacts, identify interdependencies, and develop plans to prepare for all types of threats and hazards.   Organizations can also benefit from integrating business continuity software with a critical event management platform, such as Everbridge 360^TM. By using both organizations are able to plan, anticipate, mitigate, respond to, and recover from critical events. 

Example 3: Continual improvement and evaluation  

Section 8.6 of the standard states that organizations should evaluate performance against its purpose, plans and indicators, and expected behaviors. The BCIC platform facilitates this by enabling organizations to store, manage, and update plans, as well as identify progress and performance against the plans.

A strategic imperative for resilience 

Although complying with  ISO 22336:2024 isn’t a legal requirement, doing so can help organizations gain a competitive edge in today’s complex business landscape. By embedding resilience into every facet of their operations, organizations can transform challenges into opportunities, ensuring stability and continuity no matter what the future holds. As the landscape of risk evolves, so must our strategies—ISO 22336:2024 is the key to unlocking a resilient future. 

How resilient is your organization? Complete the Best in Resilience Maturity Self-Assessment to see how you measure up against over 800 global organizations.  

Our comprehensive risk management services are designed to enable businesses to operate safe in the knowledge that everything possible is being done to ensure their people and other assets are protected. We combine deep security expertise with innovative technology to help you deliver the policies, training, protection and responses needed – no matter what.

Today, many BCDR programs rely on response plans for a handful of most likely potential incidents. They are built and tested on the assumption that, if disruptions occur, they will happen one at a time.

While this may have been a best practice just a few years ago, it is no longer the case.

As we have written in the past, it is becoming increasingly likely that businesses will face simultaneous, compounding incidents, a phenomenon known as polycrisis. With this in mind, we advise our clients to build a flexible infrastructure that will allow them to respond to any event–or combination of events.

This is especially important during hurricane season when many organizations confront cyber-attacks–a challenging, and increasingly common, confluence of events. In fact, according to an article published by IEEE, the threat of cyber attacks increases exponentially during natural disasters.

There are many reasons for this. During disasters, distracted, weakened, and vulnerable businesses and individuals are easy targets for cyber criminals. Victims, volunteers, and donors are more likely to interact with unfamiliar people and organizations and threat actors exploit this chaos by launching phishing scams disguised as donation drives and community relief efforts–among other attacks.

At the same time, organizations in disaster zones may be forced to prioritize physical recovery over cybersecurity, leaving doors open for attackers to penetrate networks or systems.

Additionally, the vulnerability of critical infrastructure like power grids, communication networks, and transportation systems during times of crisis makes them prime targets for state-sponsored cyberattacks.

Those who forget history….

Today, the cyber-attack- severe weather disaster one-two punch is increasingly common, partly because climate change charged hurricanes and fires are occurring more frequently. But this phenomenon is not new. When Hurricane Katrina hit the Gulf Coast nearly 20 years ago, cybercriminals launched phishing attacks, fraudulent donation scams, and fake websites that baited people into donating money or providing personal information and threatened corporate networks.

In 2017, during Hurricane Harvey, which caused catastrophic flooding in Houston and surrounding areas, again, multiple cyberattacks emerged, including phishing campaigns, fraudulent donation websites, and fake charities. This activity was so widespread that the FBI issued warnings regarding these scams targeting individuals and businesses involved in the recovery efforts.

Recently, during the severe wildfires in California between 2018 and 2020, phishing attacks and scams pretending to be wildfire relief efforts were widespread. Cybercriminals impersonated federal and local government agencies and relief organizations. Hackers also attacked utilities already weakened by the disaster, creating more chaos in local communities dealing with fires.

The government response

Given these trends and the bleak outlook for both cybercrime and climate events, the Federal government has undertaken several initiatives in this area. In recent years, FEMA has awarded $165 million in grant funding to bolster state and local cyber preparedness and trained more than 87,000 federal, state, local, tribal, and territorial officials on cybersecurity. The Department of Energy also just announced $23 million to secure energy systems against climate, cyber, and physical threats.

But government action alone is not enough. Businesses must ensure that they have the infrastructure, plans, and operational capacity to manage polycrisis events. Although an extreme case, the 2011 Tohoku Earthquake and Tsunami in Japan should be a lesson to corporate risk and security leaders everywhere. While local leaders, residents, and businesses were dealing with the earthquake, tsunami, and Fukushima nuclear disaster, cyber criminals launched phishing campaigns and malware attacks designed to steal money and personal information and infect systems.

Preparing for the worst case scenario

Beyond the BIA, risk assessment, and response plan, there are several steps an organization can take to prepare itself for a simultaneous disaster and cyber attack.

Build awareness. Employees across the enterprise must continuously be reminded that cyber threats are everywhere and are most likely when other potential incidents occur. During the most challenging times, they must be the most vigilant of phishing, malware, and scams.

Think beyond single scenario planning. Too many organizations view business continuity planning as a compliance exercise: “If we have a cyber breach plan on the shelf, we’re covered.” This is hazardous thinking. BCDR programs must be flexible, organization wide, and designed to be useful and adaptable when an unexpected event or combination of events occur.

Communication and coordination are essential. Effective early warning systems, alerts, and ongoing incident management communications are indispensable in a polycrisis scenario. Thankfully, there are highly effective technologies and tools on the market for this.

Understand the link between cyber and physical security. The most resilient organizations view cyber and physical security as inextricably linked. Information technology and operational technology have converged and are deeply dependent upon each other to remain secure. Cyber attacks can threaten physical infrastructure and damage to an organization’s physical plant can impact its technology stack.

The Cybersecurity and Infrastructure Security Agency (whose name says it all) puts it this way: “As rapidly evolving technology increasingly links physical and cyber assets…the benefits of converged security functions outweigh the challenges of organizational change efforts and enable a flexible, sustainable strategy anchored by shared security practices and goals.”

It comes down to this: At any moment, risk and security professionals may need to defend their companies concurrently from climate risk events and cyber criminals. In this operating environment, organizations need to rethink resilience and prioritize agility, flexibility, communications, and coordination over rigid and static plans.