Leverage Everbridge solutions to operationalize your response to some of the points described in upcoming EU regulations including NIS2, DORA, and the Cyber Resilience Act. Enhance your compliance and strengthen your cyber defenses. 

In an increasingly interconnected world, the importance of robust cybersecurity measures cannot be overstated. The European Union (EU) has introduced several regulations aimed at enhancing cybersecurity across member states. These EU directives and regulations include the Directive on Measures for a High Common Level of Cybersecurity Across the Union (NIS2), the Digital Operational Resilience Act (DORA), and the Cyber Resilience Act (CRA). 

This blog will explore how Everbridge solutions can help cyber security, risk, and compliance teams navigate these regulations to enhance their organization’s cybersecurity posture from an operational perspective. 

Overview: NIS2, CRA and DORA 

NIS2

The NIS2 Directive (Directive (EU) 2022/2555) aims to achieve a high common level of cybersecurity across the EU. The regulation took effect on 16 January 2023, and Member States have until 17 October 2024 to codify its measures into national law. It requires Member States to adopt national cybersecurity strategies and designate competent authorities, cyber crisis management authorities, and computer security incident response teams. It also imposes stricter security requirements, including security incident reporting and cooperation between member states. Consequently, companies operating in these sectors will have to strengthen their data protection measures and their incident response capabilities, under penalty of severe financial sanction. 

DORA

The Digital Operational Resilience Act (Regulation (EU) 2022/2554) solves an important problem in the EU financial regulation. Before DORA, financial institutions managed the main categories of operational risk mainly with the allocation of capital, but they did not manage all components of operational resilience.  With DORA, financial organizations are now mandated to ensure the resilience, continuity, and availability of their information and communication technology (ICT) systems while upholding stringent data security standards. 

CRA 

The Cyber Resilience Act (CRA) aims to safeguard consumers and businesses buying or using products or software with a digital component. It introduces mandatory cybersecurity requirements for manufacturers and retailers of such products. This regulation covers products that include digital elements enabling the transmission of data to a device or network. It also aims to promote trust in digital technologies by ensuring that they meet rigorous security standards. Manufacturers will therefore have to ensure that connected objects placed in the market comply with strict obligations such as a 24-hour notification window for any detected vulnerabilities.  

Main challenges to concrete applications  

NIS 2, CRA, and DORA regulations require significant effort in mapping dependencies, documentation, and planning. However, they do not explicitly address how to operationalize their plans to be able to withstand, respond to, and recover from business-impacting events. This represents a real challenge to companies, given the enhanced complexity and interdependency that these regulations cover.  

Common organizational challenge in digital operations and cyber security

Many organizations have very siloed teams and tech stacks, which means collaboration during a business-impacting event can be very difficult; companies need tech that provides “information bridges” between the different business units. Without a technology solution that allows automated connection between monitoring, activation, collaboration, orchestration, and response, organizations will struggle.  

How Everbridge supports companies to operationalize their compliance: automate and digitize preparedness, communications & response, and reporting 

Everbridge provides a single hub for incident preparedness, risk monitoring, crisis management, and service reliability. In other words, through the Everbridge platform, companies will be able to adequately operationalize three key aspects: Preparedness, communication & response, and reporting. The Everbridge solutions are designed to proactively identify, assess, and monitor risk, respond instantly and accurately to every incident, safeguard digital and physical assets, and keep people safe and productive. 

CEM resilience in action for emergency response

Preparedness – The Everbridge platform allows for the integration of all applicable systems to enable clear visibility across software applications and physical locations, giving a clear outline of what is important and why, and enabling faster decision-making and automation. Crucially, this step helps to identify key stakeholders and assets, which is one of the most important elements in responding to an event. Having data sets readily available and usable can improve response time and trigger workflows automatically rather than through manual intervention.

AI-powered information management with xMatters 

Communications & response – Following the identification of the event and its impact, the Everbridge platform supports the orchestration of the response. This involves identifying any automation processes that can be initiated, aligning the response with the relevant Standard Operating Procedures (SOP) and ensuring tasks are assigned to the right people at the right time through “out of band” communications that are not dependent on infrastructure.  By automating this process, Everbridge can slash response time down to minutes or seconds. Additionally, the Everbridge platform can be used to communicate with regulators as necessary, keeping relevant stakeholders updated, and visualize the status while providing estimates based on previous experience, which is particularly critical if the issue affects email. 

Incident response – time to restore

Reporting – The Everbridge platform allows organizations to develop self-assessment and learning capabilities for future preparation and response. During the event, all communications are captured, including but not limited to who received a communication, who responded, what the response was, and time of response. Also captured is whether there was no response at all. The same is also applicable for task allocation and completion for real-time monitoring during the event. Full audit logs are also recorded and exported for review/inclusion post-event. Within the simulation, situation reports can be generated when required and “After Action Reports” can be made available for review. All information is captured within the system to be utilized as required in After Action Reviews. 

Dedicated solutions such as the Everbridge suite of products can play a critical role in helping organizations operationalize EU directives and regulations such as NIS2, DORA, and the CRA. By leveraging the Everbridge platform, cybersecurity and incident management teams enhance their cybersecurity posture and reinforce their compliance to these regulations through operational resilience. Everbridge enables teams to digitize response plans and connect them to monitoring and communications solutions. The platform enables automation, streamlines processes, enhances visibility, and empowers organizations to concretely demonstrate compliance by strengthening digital resilience. 

By Brian Toolan, Vice President, Public Safety, Everbridge

In times of crisis, effective communication is critical to ensuring the safety and well-being of all individuals in our communities. However, traditional communication methods may not adequately reach or cater to the needs of those with access and functional challenges. It’s imperative that emergency communication strategies are inclusive and considerate of the diverse needs of every member of society. In this blog, we’ll explore two concepts, the importance of tailored emergency communication for access and functional needs communities and the need to transform and visualize data into actionable insights.

Access and functional needs encompass a wide range of requirements that individuals may have during emergencies. This can include people with physical disabilities, sensory impairments, cognitive limitations, language barriers, or other conditions that affect their ability to receive and understand emergency information. It’s crucial to recognize that these individuals may require additional support and accommodations to effectively navigate emergency situations and make informed decisions.

Gathering this information presents one of the most significant hurdles that emergency officials face. A comprehensive emergency communications solution not only aids in community engagement but also equips emergency officials with the necessary resources to deliver effective communications to those who require assistance. The capacity to effectively utilize the gathered data can be a matter of life and death, ensuring comprehensive inclusivity and leaving no individual overlooked.

Fostering partnerships between public agencies, private organizations, and community stakeholders improves emergency communication for access and functional needs communities. Working together to develop and implement inclusive communication plans, share resources, and coordinate efforts ensures that everyone receives timely and relevant emergency information and assistance.

Challenges in emergency communication

Traditional methods of emergency communication, such as sirens, text alerts, or televised broadcasts, often don’t adequately meet the needs of access and functional communities. Individuals with disabilities or sensory impairments may face barriers in accessing information presented in audio or visual formats, while those with limited English proficiency may struggle to understand messages delivered in a language they do not speak fluently. Moreover, individuals with mobility challenges may encounter difficulties in accessing physical evacuation routes or emergency shelters.

Strategies for inclusive emergency communication

• Multi-Modal communication: Adopt a multi-modal approach to emergency communication that caters to diverse communication preferences and needs. This may include utilizing phone, email, and text-based alerts, visual graphics, video messages with sign language interpretation, and audio descriptions to ensure that information is accessible to individuals with different sensory abilities.
• Language accessibility: Provide emergency information in multiple languages to accommodate non-English speakers and individuals with limited English proficiency. Translate written materials, broadcast messages, and digital content into languages commonly spoken within the community to ensure that everyone can understand and respond to emergency alerts and instructions.
• Accessible communication channels: Ensure that emergency communication channels and platforms are accessible to individuals with disabilities. This may involve offering alternative formats for digital content, such as screen reader compatibility for websites and mobile apps or providing video messages with sign language interpretation or TTY/TDD services for individuals with hearing impairments.

Community empowerment: Foster meaningful engagement

To ensure inclusive emergency preparedness and planning, it’s vital to actively engage with access and functional needs communities. This involves consulting with disability advocacy groups, senior centers, and various community and social organizations to gain a deeper understanding of the specific needs and preferences of diverse populations. By involving these groups in the development of inclusive communication strategies, emergency managers can create more effective and responsive plans.

Furthermore, empowering the leaders of these community groups plays a crucial role in the enrollment of people with access and functional needs. By providing them with the tools, resources, and support they need, these leaders can effectively reach out to individuals within their communities, ensuring that no one is left behind in emergency preparedness efforts. This collaborative approach fosters trust, inclusivity, and resilience within the community, ultimately enhancing overall disaster response capabilities.

Transforming data into actionable insights:

After overcoming the challenge of enrollment and gathering access and functional needs data, emergency managers face the critical task of making this data actionable. But how can they accomplish this? The collection process often reveals vital information, including:

• Primary address of residence
• Preferred communication modalities
• Primary language spoken
• Name and contact information for a personal contact
• Willingness to evacuate when orders are issued

• Transportation requirements for evacuation
• Dependency on power
• Required medications during evacuation
• Presence of pets
• Possession of a service animal

However, simply collecting this data is not enough; it must be transformed into actionable insights to effectively support emergency response efforts.

Instantaneous visualization of community needs: A crucial capability for emergency managers

Emergency managers face the daunting task of rapidly assessing and responding to community needs before, during, and after disasters. In this endeavor, the ability to swiftly visualize the diverse needs of the community is paramount. However, this task is not without its challenges. Filtering through vast amounts of data is essential not only for visualizing community demographics but also for triggering timely alerts based on factors collected during enrollment. By leveraging advanced data visualization tools and filtering mechanisms, emergency managers can gain invaluable insights into the unique requirements of their communities. Here’s why this capability is indispensable:

• Real-time Decision Making: During crises, every second counts. Emergency managers need to make quick and well-informed decisions to effectively allocate resources and coordinate response efforts. Instantaneous visualization of community needs enables them to identify priority areas and deploy resources where they are most needed, ensuring a swift and targeted response.
• Tailored Communication and Alerts: By filtering through enrollment data and creating actionable rules, emergency managers can quickly identify vulnerable populations, such as individuals with disabilities, those who require power to keep medication from spoiling or require oxygen to breathe easier, seniors, or non-English speakers, and tailor communication and alerts to meet their specific needs. This ensures that critical information reaches everyone in a timely manner, enhancing overall community resilience.
• Resource Allocation: Understanding the demographics and needs of the community allows emergency managers to allocate resources more efficiently. Whether it’s setting up accessible shelters, providing medical assistance, or arranging transportation for evacuation, having a clear visualization of community needs enables strategic resource allocation to address diverse requirements.

• Post-Disaster Recovery: Visualizing community needs doesn’t end when the disaster subsides. Post-disaster recovery efforts also rely on accurate and up-to-date data to assess the extent of damage, prioritize recovery initiatives, and support affected communities. By continuously monitoring and visualizing post-disaster needs, emergency managers can facilitate a smoother recovery process and aid in rebuilding efforts.

To achieve this capability, emergency managers must invest in robust data management systems, analytics tools, and communication platforms. These technologies enable them to collect, analyze, and visualize data in real-time, empowering them to make informed decisions and take proactive measures to safeguard their communities. The ability to instantly visualize community needs and filter data effectively is indispensable for emergency managers. By leveraging advanced technologies and data-driven approaches, they can ensure a more targeted, efficient, and inclusive response to disasters, ultimately enhancing community resilience and well-being.

Conclusion

Inclusive emergency communication is a fundamental aspect of disaster preparedness and response, ensuring that all individuals, regardless of their abilities or limitations, have equal access to life-saving information and support services during emergencies. By recognizing the diverse needs of access and functional communities and implementing tailored communication strategies, we can bridge the gap and create more inclusive and resilient communities that are better equipped to respond to disasters. Providing emergency managers with the necessary tools to proactively utilize location intelligence, facilitates the rapid deployment of communication strategies to affected areas. This ensures that messages are comprehensible and actionable, thus enhancing overall response effectiveness.

From compliance to resilience: Navigating the new landscape of critical infrastructure protection with Everbridge

By Eric Boger, Everbridge Vice President Risk Intelligence

The recent National Security Memorandum (NSM) on Critical Infrastructure Security and Resilience issued by the White House on April 30, 2024, outlines a strategic approach to safeguarding critical infrastructure against emerging threats and enhancing resilience.  

This NSM updates an 11-year-old presidential policy that underscores the importance of collaboration between US government agencies and private sector partners. It emphasizes a shared responsibility in mitigating risks and ensuring uninterrupted delivery of essential services, renewing the focus on protecting infrastructure assets. 

With Everbridge, your organization can leverage an advanced risk management and communication platform to support the objectives outlined in the NSM.  Providing real-time monitoring, automated alerting, and robust incident response capabilities, our solutions enable you to effectively identify and address potential threats, coordinate response efforts, and communicate crucial information during emergencies.

According to the NSM, “Federal, State, local, Tribal, and territorial regulatory and oversight entities have a responsibility to prioritize establishing and implementing minimum requirements for risk management, including those requirements that address sector-specific and cross-sector risks.” Everbridge critical event management (CEM) solutions provide minimum requirements and beyond for your organization to be compliant with policies and enhance your security and resilience. 

Supporting critical infrastructure security and protection requirements 

Everbridge can help in proactively planning your organization’s or agency’s risk mitigation strategy by: 

Alignment with regulatory changes 

• The White House emphasis on establishing “minimum security and resilience requirements” within critical infrastructure sectors calls for a structured approach to compliance. Everbridge solutions are designed to adapt to regulatory changes, providing frameworks that help your organization meet new compliance demands efficiently. By leveraging Everbridge, your business, organization, or agency can ensure you are not only compliant with current regulations, but are also prepared for future amendments. 

Facilitating public-private collaboration 

• The updated national security memorandum encourages an increased collaboration between public and private sectors. The Everbridge platform facilitates this interaction by enabling the sharing of critical threat data and response strategies, aligning with the government’s directive to foster a robust information-sharing environment. 

Enhancing resilience through integration 

• In the wake of warnings about potential disruptions, resilience becomes a cornerstone of national security. Everbridge provides comprehensive and integrated risk management solutions, ensuring that your organization or agency can maintain operations even when critical events occur.  
• The integration of Everbridge with agencies and government partners also strengthens the collective defense posture against evolving cyber and physical threats. By facilitating seamless information sharing and collaboration, Everbridge enhances situational awareness and enables proactive risk mitigation across the critical infrastructure landscape. 

Everbridge provides a risk-based approach that enables you to anticipate, mitigate, respond to, and recover from critical events. Everbridge serves customers across public and private sectors, including transportation, energy, infrastructure, health care, government and federal agencies, among others. 

The Everbridge platform supports the implementation of the NSM’s critical infrastructure protection and security directives by providing innovative solutions that bolster the security, resilience, and continuity of critical infrastructure assets nationwide. 

Learn how Everbridge can support your organization or agency.

By Lorenzo Marchetti, Head of Global Public Affairs

In an interconnected world, digital resilience is crucial for navigating crises and safeguarding financial and security assets. The European Union (EU), comprising 27 countries and 450 million people, recognizes the significance of digital resilience and has introduced regulatory mandates to fortify and align the digital ecosystem. The latest addition to this landscape is the Digital Operational Resilience Act (DORA), alongside NIS2 and the Critical Entities Resilience Directive (CER), all effective since January 2023. This article explores the role of technology in responding to the DORA regulation and the opportunities it presents for organizations.

What is DORA?

The Digital Operational Resilience Act (Regulation (EU) 2022/2554) solves an important problem in the EU financial regulation. Before DORA, financial institutions managed the main categories of operational risk mainly with the allocation of capital, but they did not manage all components of operational resilience.  With DORA, there is a significant change for the financial sector because organizations are now mandated to ensure the resilience, continuity, and availability of their information and communication technology (ICT) systems while upholding stringent data security standards. Aligned with existing regulations like NIS2 in the EU and the Bank of England Operational Resilience Regulation in the United Kingdom, DORA offers organizations the chance to leverage existing capabilities to meet the new requirements effectively. This regulatory framework lays the foundation for an efficient and agile risk management framework, compelling organizations to enhance their ICT risk management policies and procedures.

Compliance with DORA requires increased documentation to demonstrate adherence. Organizations must document their ICT and information assets, develop comprehensive encryption and cryptographic control policies, and establish protocols for network security management and data transfer protection. The Regulatory Technical Standards (RTS) further clarify DORA requirements. Organizations must conduct gap analyses to identify documentation gaps and validate processes and controls. Establishing governance processes to support these policies and ensuring long-term maintenance are crucial steps in achieving compliance.

The different components to Operationalize DORA: the role of Everbridge critical event management (CEM)

Although DORA offers a simplified ICT risk management framework for some organizations, governance, risk mitigation, ICT business continuity management, and reporting remain essential even within this simplified model. Implementing and maintaining this framework presents challenges, particularly for organizations with less formalized processes. It is crucial for organizations to assess their business strategies and identify applicable requirements for compliance.

Technology plays a pivotal role in enabling organizations to respond effectively to DORA compliance. Advanced software solutions, such as those offered by Everbridge, provide comprehensive support in meeting physical security, ICT security, and change management demands. They enable automation, streamline processes, and enhance visibility, empowering organizations to demonstrate compliance and strengthen digital resilience.

Operationalize DORA: Physical security

Physical security is crucial for overall digital resilience. Organizations must safeguard physical assets such as secure premises, data centers, and hardware equipment. Technology solutions can strengthen physical security measures by providing robust access control systems, surveillance systems, and incident management capabilities. These solutions enable organizations to monitor and manage physical access, detect and respond to security breaches in real-time, and ensure compliance with physical security policies.

Everbridge Smart Security allows organizations to centralize their physical security through Physical Security Information Management (PSIM) technologies, avoiding the costs of replacing physical devices. It facilitates the automation of standard operating procedures and response plans, as well as communicating with key stakeholders.

Operationalize DORA: Respond to business and people impacting events

Furthermore, as hybrid working trends continue, ensuring consistent protection for employees working from various locations becomes critical. Everbridge CEM for Business Operations and People Resilience provide organizations with the data repository and risk intelligence needed to identify potential risks and to communicate before, during, and after a crisis. These solutions will automate communications to impacted individuals, responders, and stakeholders, integrating with operationalized response plans.

Operationalize DORA: Digitizing operational resilience

ICT operations security includes capacity and performance management, data and systems security, vulnerability and patch management, and encryption and cryptographic controls. Technology solutions, like Everbridge CEM for Digital, address ICT operations security challenges. These solutions integrate with security monitoring and management systems, enabling organizations to identify vulnerabilities, monitor performance, and implement robust security controls. Automation and real-time alerts allow proactive detection and response to security incidents.

ICT change management involves managing changes to ICT systems, including project management, system development, acquisition and maintenance, and ICT change management requirements. Organizations must establish robust change management processes to minimize risks and ensure seamless operations.

Everbridge CEM for Digital offers an integrated approach to ICT risk management, facilitating collaboration, communication, and coordination among different teams. This technology solution integrates risk assessment, auto-remediation, incident management, and reporting capabilities, streamlining risk management processes and reducing the impact of events on the organization.

Complying with DORA presents many challenges. Technology solutions, like Everbridge CEM for Digital, streamline processes, automate tasks, and optimize resource utilization, offering cost-effective options for managing ICT risk and compliance requirements.

The way forward

Fostering a culture of resilience and risk management across the organization can be challenging. Technology solutions play a vital role in fostering this culture by providing intuitive interfaces, user-friendly workflows, and collaborative features. These solutions facilitate employee adoption and engagement, as well as centralized risk management processes.

While compliance with DORA may pose challenges, organizations can leverage the regulatory requirements as opportunities to drive innovation and gain a competitive edge. Advanced analytics, artificial intelligence, and machine learning capabilities allow organizations to gain actionable insights, proactively mitigate risks, and demonstrate commitment to digital resilience.

Everbridge empowers organizations to simplify compliance efforts and build operational resilience. Organizations can respond to business and people impacting events with Everbridge software solutions and drive better outcomes. Everbridge CEM operationalizes preparedness, automated communications, and reporting. By leveraging technology, organizations can embrace EU mandates on digital resilience, strengthen their ability to prevent crises, and better navigate the complexities of regulations effectively.

To learn more, watch the insightful webinar hosted by Everbridge, as we delve into the challenges and strategies faced by financial institutions in implementing strategies and tactics to comply with the European Union (EU) Directive on Operational Resilience Act (DORA).  

Watch the on-demand webinar, Unlocking DORA, from Policy to Operationalization, or request a demo to understand how Everbridge can support organizations.

By Sean McDevitt, Director of CEM Product Marketing at Everbridge

As climate change continues to pose significant risks to organizations worldwide, it’s not only the physical threats of extreme weather events that companies must navigate but also an evolving landscape of regulatory requirements. The U.S. Securities and Exchange Commission (SEC) has introduced climate disclosure rules requiring publicly traded companies to provide detailed reporting on how climate change affects their business, both in terms of actual and potential impacts. This regulatory shift underscores the need for a robust, real-time response and risk management system like Everbridge Critical Event Management (CEM), designed to help organizations assess, act upon, and analyze climate-related risks efficiently and effectively. 

Understanding the risk and regulatory landscape 

The introduction of SEC climate disclosure rules marks a significant step towards transparency and accountability in how organizations address climate change. These rules compel organizations to evaluate not just the immediate physical risks posed by climate events but also the broader implications on their operations, financial performance, and strategic outlook. Everbridge CEM provides an essential toolset for navigating both these dimensions, offering advanced capabilities to assess climate risks and the means to report on these risks in compliance with regulatory requirements. 

Real-time assessment and compliance alerts 

Everbridge CEM’s real-time monitoring and alert system is pivotal for organizations striving to stay ahead of both climate events and regulatory changes. By offering tailored alerts on climate-related risks and regulatory updates, Everbridge ensures that organizations can respond promptly to physical threats while also keeping pace with compliance requirements, integrating this data with actionable insights for both immediate response and long-term strategy adjustments. 

Actionable insights for immediate response and reporting 

The coordination capabilities of Everbridge CEM extend beyond managing physical climate events to facilitating compliance with regulatory requirements. By enabling seamless communication and information sharing across departments, Everbridge helps ensure that all aspects of climate risk management, from initial risk assessment to final reporting, are conducted in a comprehensive and compliant manner. This holistic approach is vital for meeting SEC requirements and for fostering investor confidence. 

Analyzing and learning from events for regulatory reporting 

The analytics capabilities of Everbridge CEM offer a pathway for continuous improvement, not only in risk management practices but also in compliance and reporting. By utilizing data from past events, organizations can refine their strategies to meet both operational and regulatory needs more effectively. This ongoing cycle of analysis and adaptation is key to thriving in a regulatory environment focused on transparency and accountability in climate risk management. 

By Sean McDevitt, Director of CEM Product Marketing at Everbridge

Senate Bill 553, commonly known as SB 553, is a pivotal piece of legislation in California aimed at preventing workplace violence and ensuring the safety of employees. In this blog post, we’ll delve into: 

• What is Senate Bill 553 California? 
• What are the requirements of a workplace prevention plan in California? 
• Should you have a workplace prevention plan outside of California? 
• How can Everbridge support your organization in complying with SB 553? 

What is SB 553 California?

Senate Bill 553, signed into law in California, mandates that employers take proactive measures to prevent workplace violence. It outlines specific requirements for developing and implementing comprehensive workplace violence prevention plans to safeguard employees from potential threats. It also mandates that businesses must begin complying with the law on July 1, 2024. 

What are the requirements of a workplace violence prevention plan in California?

Under SB 553, California employers must conduct risk assessments to identify potential hazards and implement measures to mitigate them. These measures include establishing reporting procedures for incidents or threats of violence, providing employee training on recognizing and responding to workplace violence, and creating emergency response protocols. 

Should you have a workplace violence prevention plan outside of California?

While SB 553 applies specifically to California, workplace violence is a concern across the globe. Employers in other states and countries can benefit from adopting similar prevention plans to protect their employees and maintain a safe work environment. Discover actionable steps to prevent workplace violence here. 

How can Everbridge support your organization in complying with SB 553?

Everbridge provides a comprehensive suite of tools designed to enhance workplace violence prevention and response strategies. The Everbridge platform offers capabilities that align well with SB 553’s requirements for a workplace violence prevention plan. Here’s how Everbridge can specifically support your organization in complying with SB 553: 

• Incident reporting and communication: Everbridge can facilitate real-time reporting and communication of workplace violence incidents. Our mass notification system allows for quick dissemination of alerts to employees, security, and management, ensuring rapid response to potential or actual violent situations. This capability supports SB 553’s requirement for a system to report incidents efficiently. 
• Emergency response coordination: The platform can help coordinate emergency response efforts by centralizing communication and response tasks. In the event of a workplace violence incident, Everbridge can ensure that the right people are notified immediately and that coordinated actions are taken, in line with SB 553’s emphasis on preparedness and response to incidents. 
• Training and drills: The Everbridge platform can be used to schedule, conduct, and document training sessions and drills related to workplace violence prevention. This aligns with SB 553’s mandate for employee training on the workplace violence prevention plan. Everbridge can track participation and ensure that all employees receive the necessary training. 
• Documentation and record-keeping: For compliance purposes, maintaining accurate records of all training, incidents, and responses is critical. Everbridge can help organizations document these activities, making it easier to demonstrate compliance with SB 553’s record-keeping requirements. 
• Risk assessment and mitigation: Everbridge provides tools for assessing threats and vulnerabilities, which can be integral to developing and updating an effective workplace violence prevention plan. By identifying potential risks and implementing mitigation strategies, organizations can adhere to SB 553’s requirement for a proactive approach to workplace violence. 

• Employee involvement: Engaging employees in safety and prevention efforts is a key aspect of SB 553. The Everbridge platform allows for two-way communication, enabling employees to provide input, report concerns, and participate actively in maintaining a safe workplace environment. 
• Customization for specific needs: Given that each workplace is unique, Everbridge offers customizable features that allow organizations to tailor their violence prevention plans to their specific needs, risks, and environments, which is in line with the individualized approach required by SB 553. 

By leveraging the capabilities of Everbridge, organizations can not only comply with the legal requirements of California SB 553 but also foster a safer, more secure workplace environment. It’s advisable for organizations to consult with Everbridge specialists or similar service providers to understand the specific features and services that can best meet their compliance and safety goals. 

Request a demo with us today to learn more about how we can help your organization. 

By Eric Boger, VP Risk Intelligence

It has become increasingly evident that the complexities and challenges that defined the risk landscape of 2023 will almost certainly persist throughout 2024 and beyond. Enterprises will continue to grapple with a relentless and intricate risk landscape; rather than facing isolated threats, they are confronted with a complex web of interconnected challenges. Some herald artificial intelligence in risk management as a remarkably potent solution, capable of addressing our most pressing challenges head-on. At Everbridge we maintain a more cautious stance, while diligently assessing the use of AI in the overall risk management landscape.

We are in an age of both polycrisis and permacrisis. Severe weather events have escalated in frequency, intensity, and unpredictability. Civil unrest and protests have surged. Geopolitical instability looms large.

The rise of deepfake technology, ransomware-for-hire schemes, and new avenues for manipulation and deception adds to the complexity of the situation. With deepfake videos and images, one can replicate images and voices of trusted individuals to circulate false information or drive unwise decision-making. Similarly, the proliferation of misinformation and disinformation further complicates the challenges we face.

As we navigate these intertwined and persistent challenges, it’s evident that while technology, particularly artificial intelligence for risk management, has played a pivotal role in worsening the problem, it may also hold the key to mitigating these complexities.

Advantages of AI

To be clear, the modern enterprise of threat detection would be very difficult without the assistance of AI and algorithmic processing. We find at least four (4) areas where automation and algorithmic processing is superior to human judgment and effort:

1. Early indicator and weak signal detection
2. Initial analysis and triage of potential event signals (at scale).
3. Rapid geospatial orientation
4. Text generation/Summarization

Early indicator and weak signal detection

AI-driven systems can detect subtle signatures or indicators of potential threats and risks within large datasets, helping organizations identify emerging patterns or anomalies that may signify potential threats. By continuously analyzing data and detecting these signatures, AI can provide early warnings and enable proactive responses to mitigate risks effectively.

Initial analysis and triage of potential event signals (at scale)

AI-powered systems are extremely proficient in conducting rapid analysis of large volumes of potential event signals. These systems leverage advanced algorithms to automatically triage incoming data, swiftly identifying and prioritizing potential threats or incidents based on predefined criteria. In addition to streamlining the initial analysis process, systems can offer threat categories and severity levels.

Rapid geospatial orientation

AI utilizes gazetteers and GIS systems to swiftly approximate and suggest the geographic location of potential risk events. This capability enables organizations to quickly orient themselves to the spatial context of emerging threats or incidents.

Text generation and summarization

AI systems can analyze the content and metadata of social media posts and news articles related to security events. The goal is to identify and extract information relevant to the nature of the threat. From here the better systems can analyze and synthesize the raw data into concise summaries.

However, the systems struggle with second-order thinking and the additional effort it takes to ensure intelligence of high accuracy, especially when tasked with precisely categorizing threats into different levels of urgency. Relying exclusively on AI reveals shortcomings, when it is charged with placing threats on the map with a strong degree of fidelity, or interpreting nuanced signals that might be easily misunderstood. AI systems, although advanced, are far from ideal – yielding intelligence of low to moderate confidence, ultimately leading to errors when high stakes decisions are made based on this quality of data alone.

Limitations of AI

We find at least four (4) areas where human judgment and effort outperforms automation and algorithmic processing (for now) in the realm of risk intelligence:

1. Geospatial accuracy & precision
2. Event classification & severity determination
3. Temporal accuracy
4. Source quality

Geospatial accuracy & precision

With structured metadata, AI systems can place events on a map well. However, most signals are nuanced and complex; in these cases, AI systems often defer to the geographic center of the nearest administrative boundary – city center or province center. Frequently, this is the best the system can produce. Human analysts leverage a variety of OSINT and GEO-orientation tools that require nuanced inputs. Human effort consequently allows for the placing of the event with precision.

Event classification & severity determination

Algorithms are good at “sensing” but often not “sense-making.” Making sense of a situation to determine the appropriate severity levels and characterization of the threat requires context. The intelligence professional will factor in the baseline narratives (current and historical) at the location and will evaluate proximate geographic features for exacerbating or alleviating factors.

This nuanced interpretation goes beyond the capabilities of AI, which typically scores and ranks threats based solely on programmed algorithms and lacks the human capacity to factor in the subtleties that can alter the gravity of a situation.

Temporal accuracy

Automated systems still get tripped up by current signals referring to prior events – sometimes years old. For current intelligence and security response, it is imperative to know if the event is cresting now or happened days ago.

Source quality

Geopolitical actors, adversaries, criminal groups, and even bored teenagers have an interest in pushing conflict and creating divisions. Misinformation and disinformation campaigns corrode the public discourse and deepen political or cultural rifts.

While some Al systems do a respectable job of identifying patterns that fit the signature of major disinformation campaigns, in more nuanced situations AI systems frequently get stumped by these efforts, and they don’t flag or suppress false information. Trained analysts fare better than machines at evaluating the reliability of a source and the credibility of the information delivered.

Challenges of AI in risk management

While AI systems have made significant advancements in categorizing risk events, they still face several challenges and shortcomings. One major limitation is the difficulty in accurately interpreting nuanced signals or contextual cues that may be crucial for understanding the severity or nature of a threat. AI systems may also struggle with detecting and mitigating emerging or previously unseen risks, as they rely on historical data for training and may not recognize novel patterns or trends. Plus, the inherent biases present in training data can result in biased or inaccurate risk assessments.

Additionally, data privacy may pose a significant concern in AI-driven risk management. As AI systems rely heavily on large amounts of data for training and decision-making, ensuring the privacy and security of this information becomes critical. Issues such as unauthorized access, data breaches, and misuse of personal information can undermine the integrity and reliability of AI-driven risk assessments. Integrating robust privacy measures into AI systems is essential to mitigate potential risks associated with data handling.

The Centaur Model for Risk Intelligence

The Centaur Model is a collaborative approach to intelligence analysis that combines the strengths of human analysts with the capabilities of AI algorithms. In Greek mythology, a centaur is a creature with the upper body of a human and the lower body of a horse, symbolizing the fusion of human intelligence and machine processing power.

In the Centaur Model, human analysts provide critical thinking, intuition, and contextual understanding, while AI algorithms excel at processing large volumes of data quickly and efficiently. Together, they form a symbiotic relationship where each complements the other’s strengths and mitigates weaknesses.

Everbridge’s Risk Intelligence Monitoring Center (RIMC) fully embraces the Centaur model.

In today’s intelligence landscape, there’s a dual pressure emerging from consumers: 1) fear of missing information and 2) concerns over the quality of data being compromised by poor processing or deliberate injections of mis- or dis- information.

Balancing these pressures is essential for accurate and actionable intelligence. AI alone can bring lots of data to the user, but these systems frequently pass quite a bit of noise with the signal.  Human oversight is crucial to ensure accuracy, contextual understanding, and ethical considerations that will drive decisions of high quality and confidence.

Signal fatigue is a significant challenge in risk intelligence, where the influx of irrelevant or un-actionable signals can overwhelm teams. The Centaur Model addresses this by leveraging human judgment to filter and prioritize signals, reducing the risk of missing critical information.

As AI continues to improve, the Centaur Model remains balanced. It advocates for a collaborative approach, where humans guide AI algorithms, providing expert judgment and intuition. This ensures that risk intelligence efforts are comprehensive, accurate, and actionable, even in the face of evolving threats.

As we navigate the poly- and perma-crisis era, the Centaur Model stands as a beacon of innovation in risk intelligence. By seamlessly integrating AI algorithms with human expertise, it offers a transformative approach to risk assessment, reshaping the future of risk management for the better.

Request a Risk Intel demo to see our Situational Analysis program in action.

Everbridge is recognized as a leader

We’re proud to announce that Everbridge has been recognized as a leader in The Forrester Wave™: Critical Event Management Platforms, Q4 2023 report. Everbridge received the highest possible score in what we consider to be an impressive fifteen criteria including: vision, innovation, partner ecosystem, as well as criteria within the current offering category, including employee mass communication, physical threat intelligence, travel risk management, orchestration and automation, and reporting and analytics, among others.

Everbridge provides a competitive advantage to organizations with the only end-to-end resilience platform solution that enables organizations to anticipate, mitigate, respond to, and ultimately emerge stronger from critical events. The Everbridge organizational resilience platform delivers better reliability, security, and compliance on a broader scale than any competitor, keeping people safe and organizations running while creating a measurable business advantage for our customers. 

In this blog post, we’ll dive into the significance of the Forrester Wave™: Critical Event Management Platforms, Q4 2023 and why it matters. How can leaders use it to ease their purchasing journeys? Finally, how can it help decision-makers select solutions that strengthen organizational resilience? 

What is the Forrester Wave™?   

According to Forrester, “A Forrester Wave™ is a guide for buyers considering their purchasing options in a technology marketplace.” It is a powerful tool for technology leaders in search of new solutions.   

Each Forrester Wave evaluates and compares vendors in a specific market segment—those with a viable and growing market size and based on customer interest—providing a comprehensive view of their capabilities. Forrester takes a unique perspective in evaluating how technology relates to business challenges by evaluating participants on categories such as Completeness of Vision and Ability to Execute. The Forrester Wave™: Critical Event Management (CEM) Platforms, Q4 2023, evaluated Everbridge along with nine other vendors and named Everbridge as a leader.  

Why does the Forrester Wave™ matter to leaders?  

For C-suite executives, operations leaders, and other organizational stakeholders the Forrester Wave™ provides invaluable, third-party analyses of comparable vendors and solutions. The ability to rely on unbiased, analyst opinions during research and deliberation can be pivotal in finding the right solution that builds organizational resilience and drives success. The Forrester Wave™: Critical Event Management Platforms, Q4 2023 states that “Everbridge is ideally suited for any national or global enterprise that needs to satisfy a broad array of CEM use cases,” making it, in our opinion, the preferred solutions for leaders across the globe. The importance of building organizational resilience has never been more vital.   

As stated in the report, “Everbridge’s crisp and clean vision drives its ambition to be synonymous with organizational resilience. In addition to over 400 different technology partners, Everbridge maintains global industry, government, and academia relationships including services and data providers to strengthen its broad portfolio. Everbridge provides tailored customer journey roadmaps to drive customer success and enable the right adoption over time. Everbridge has a strong reputation and foothold in the industry with more than twice the revenue of the next highest competitor.”  

Leaders today must contend with more intense and more frequent critical events than ever before. From inclement weather to active shooter situations, critical event management technology can help organizations proactively prepare for risk and protect their people and assets from harm. The Forrester Wave™: Critical Event Management (CEM) Platforms, Q4 2023, provides leaders an unbiased, comprehensive analysis of the top CEM vendors in the marketplace. If you are ready to dive right into the report, you can access a complimentary copy below.   

Learn about the Forrester Wave™: Critical Event Management Platforms, Q4 2023 from an expert

If you’d like to learn from the Forrester Principal Analyst directly, watch our on-demand webinar, “Prepare for emerging threats: Strategies for enabling business continuity,” where guest speaker Brian Wrozek discusses the Forrester Wave™ in more detail.

By Brian Toolan, Everbridge VP Global Public Safety 

Despite technological advances, proactive steps remain to strengthen resilience and keep people safe

Advances in inclement weather and communications technology are everywhere. Real-time information flows, mobile devices are ubiquitous, and forecasting methods have reached unprecedented accuracy. 

Yet, the impact of inclement weather on communities across the United States seems to be escalating. Events such as the devastating incident in Maui serve as grim reminders of the ongoing challenges that persist in disaster preparedness and response.  

Increasingly, this issue appears to be unique to the United States. While strides are being made across the globe in terms of early warning system awareness and adoption, the U.S. seems to be falling behind. Despite our collective innovation, why do we struggle to keep our communities prepared, informed, and safe when disaster strikes? What solutions can public officials deploy to combat the dangers of severe weather and better protect our people from harm? 

Watch an insightful webinar that brings together experts from private and public sector organizations. They engage in a comprehensive discussion on the collective efforts needed to build resilience in the face of such challenges. 

Challenges in emergency preparedness and response 

It’s fair to say that emergency management and response in the U.S. is not a straightforward, nor politically neutral, discipline.  

That said, two things are for certain: The fundamental roles of public safety officials and citizens are clear and uniform. Emergency management and public safety professionals are responsible for coordinating resources, response, and recovery during emergencies and severe weather events. While residents are responsible for taking necessary precautions and actions to keep themselves, and their loved ones safe. Assuming, of course, that emergency management has met its obligation to inform. 

After these foundational obligations, things become murkier. Communities, residents, and public safety officials alike grapple with a complex web of challenges. 

One fundamental issue lies in the lack of strategic emergency management planning at the national, state, and local levels. This often leads to fragmented efforts that hamper effective response.  

Additionally, despite advances in technology, there continues to be a struggle with issuing timely, clear, decisive warnings to the public. This leaves communities with limited time to react.  

The lack of consistent coordination between residents and public agencies likely contributes to and exacerbates the problem. Socioeconomic, cultural, and psychological issues hinder effective awareness of the role of emergency management and notification efforts. This also contributes to the highly passive (versus proactive) approach displayed in many recent wildfire disasters. For example, in Maui and the devastating Camp Fire in Paradise, California alerts were delayed, use of sirens withheld, and evacuation procedures rendered ineffective.  

Despite these challenges, there are ways to ensure more uniformity and reliability around disaster response. By adopting technology into common practices, we can vastly improve our response to all kinds of inclement weather and disasters such as winter storms, hurricanes, and earthquakes. 

Existing technologies for improved disaster notification 

The paradox around the highly publicized failures is that emergency alerting and response technology has never been better. 

Advanced inclement weather forecasting and modeling techniques enable us to predict severe weather events with unprecedented accuracy. Emergency alert systems, including Wireless Emergency Alerts and NOAA Weather Radio, serve as direct lifelines to the public. Smartphone apps and social media platforms can provide real-time updates that can potentially save lives. 

Moreover, real-time risk intelligence feeds can provide pinpoint accuracy that can even enable emergency managers to send location-specific messages to individuals in an immediate or anticipated path of a storm or fire in real-time.  

The power of the possible in emergency alerting and disaster management is awe-inspiring. Our standard response practices need to begin capitalizing on this technology for improvement.  

How to bridge the gap between technology and action 

Here are some proactive steps we can take to better equip communities to handle disasters effectively and decisively: 

Break the language barrier 

With the prevalence of non-English speakers across the U.S., public safety officials at all levels must account for distributing alerts in multiple languages. At the federal level, this means improving WEA to languages beyond English and Spanish, but at the local level, public officials need to work hard to distribute messages and advisories in multiple languages. 

On a similar note, the accessibility gap remains prominent, particularly for vulnerable populations such as those with mental health conditions or disabilities. Assessing this population, and recognizing different communication preferences and needs, are essential amid an emergency. 

Invest in disaster response localization 

Internationally, we should find inspiration in countries that have managed to successfully bolster their inclement weather and disaster preparedness and response through effective technology utilization and comprehensive processes. Japan’s earthquake and tsunami early warning system stands as a testament to how rapid alerts can save lives. The Netherlands, a country prone to flooding, has invested heavily in flood management infrastructure and collaborative efforts. This showcases how proactive measures can mitigate the impact of disasters. 

Many of these countries have adopted Location-Based Technologies (LBAS) to deliver targeted emergency alerts to individuals. LBAS pinpoints an individual’s immediate location, with information relative to their threat level, and in their native language. 

It’s time for the U.S. to adopt LBAS and resist the privacy complaints that typically arise. We should be confident in asserting that no compromising data will be transmitted. Public safety should outweigh minor privacy constraints. 

Nationalize disaster response  

In a similar vein, more coordination around disaster preparedness and response should be unified across state, local, regional, and federal governments. Beyond the obvious risk intelligence and information sharing, the federal government should assert and socialize best practices around a variety of disasters, down to the cadence and expectations around emergency alerts. 

Likewise, it’s time to break out of the “no one disaster is the same” way of thinking that has plagued parts of the country where planning and coordination around inclement weather events are not as extensive and tested. We should make a strategic shift toward a comprehensive national “all hazards” planning, preparation, and coordination culture in the U.S. This can help us establish national standards that ensure uniformity in disaster response across states.  

Simultaneously, improving awareness and education among residents and travelers about available tools can empower individuals to take timely action. Implementing fundamental messaging and coordination best practices is key to enhancing the efficacy of our response efforts. Plus, better coordination between the public and private sectors can be expected with a more concerted effort to promote disaster awareness, standards, and more.  

Next steps towards improving inclement weather preparedness and notification 

We must address the existing gaps in our inclement weather and disaster preparedness strategy, processes, and culture. Collaboration between public and private agencies, emergency services, local governments, hospitals, universities, and businesses needs to be strengthened to ensure a unified response. Developing inclusive communication strategies that cater to all segments of the population, including those often marginalized, is paramount. 

As we stand at the crossroads of technological advances and ongoing disaster challenges, it is our responsibility to bridge the gap between what is possible and what is actionable. By embracing a comprehensive approach that prioritizes nationwide collaboration, education and best practices, and location-based innovation, we can build a safer, more resilient future for our communities. The time for change is now before the next severe weather event reminds us once again of the importance of preparedness and effective response. 

Everbridge is ready with the technology emergency managers need to strengthen public safety during inclement weather and other natural disaster events.  

Learn more from an insightful, on-demand webinar. Our guest speakers, including expert security leaders from Amazon and Whole Foods, shed light on the challenges posed by climate variability, and provide insights into strategies for resilience and adaptation.  

Discover the full business value of critical event management

Although the benefits of deploying Critical Event Management (CEM) are becoming widely accepted, organizations can often struggle to demonstrate the tangible ROI to their key stakeholders, and can face an uphill battle when it comes to securing budget.  

So, is it possible to put a value on Critical Event Management? To answer this question, Everbridge commissioned global market research firm, Forrester Consulting, to conduct an updated Total Economic Impact™ (TEI) Study, and examine the return on investment enterprises realized by deploying Everbridge’s CEM platform.

To understand the benefits, costs, and risks associated with this investment, Forrester interviewed six representatives from four organizations with experience using CEM. For the purposes of the study, Forrester aggregated the interviewees’ experiences and combined the results into a single composite organization that is a global manufacturing firm with $16 billion in revenue and 30,000 employees. The purpose of the study is to provide organizations with a framework to evaluate the potential financial impact of CEM.

For more information, access the study and other resources such as an ROI calculator that can generate a fully customized report revealing the business value CEM can bring to your organization.