Understanding Your Organization’s Climate Risk Exposure
Most organizations understand climate risks. Few know how to measure them.
Jay Dunne has spent his career helping organizations understand and respond to complex risks across security operations, crisis response, and strategic intelligence. In this episode, Jay shares how intelligence, data, and collaboration can help organizations better understand their risk exposure to climate-driven disruptions.
Episode highlights:
- How the Climate Vulnerability Index can uncover hidden risk exposure
- Why climate vulnerability often falls short in traditional risk assessments
- The role of security and intelligence teams in climate resilience planning
- How stronger cross-functional collaboration improves preparedness
Transcript
(Automatically transcribed)Peter Steinfeld: Hello and welcome to The Employee Safety Podcast from AlertMedia, where you’ll hear advice from industry leaders on how to protect your people and business. I’m Peter Steinfeld.
Jay Dunne has spent more than 14 years helping organizations understand and respond to complex risks across GSOC operations, crisis response and strategic intelligence. Now he’s applying that same intelligence mindset to one of the most pressing challenges facing businesses today, climate vulnerability.
With extreme weather and natural disasters putting growing pressure on people, infrastructure and operations, Jay shares how leaders can use data to identify risk exposure across their footprint and build more resilient strategies before disruption hits. Here’s our conversation. Well, hello Jay, thanks for being here.
Jay Dunne: Hey Peter, great to be here. Just really appreciate the platform and this opportunity.
Peter Steinfeld: When you look at the risk environment today, what feels most urgent or underappreciated for organizations?
Jay Dunne: If I’m looking at enterprise risk registers, more often than not, there’s one risk that might be sitting on there that I think has lacked a lot of rigorous analysis behind it or coming up with a fully converged operational strategy for engagement. And I’m talking about climate change in this one.
So I think in many of the organizations that I have supported, it is fully acknowledged by the enterprise as the risk event of the century or the risk event of our lifetimes. And it is included in the risk register, but oftentimes as a lower tier risk or sort of an honorable mention.
Whereas I think the complexity and the urgency of this phenomenon demands much more attention, demands a lot more rigorous analysis and much more complex methodology for organizations to truly understand the impact to their operations, to the future of their operations, to their people, and to their customers and communities that they serve.
Peter Steinfeld: Why is that? What makes climate vulnerability just difficult for companies to understand and act on complexity?
Jay Dunne: There’s this tremendous TED talk that I go back to for like it was probably put out like 15 years ago, I joke now I’m like back when TED talks were cool and there was an ecologist, a complexity scientist, a data scientist speaking there, Dr. Eric Berlo, and he said, just because a problem is complex does not mean that the solution or the strategy to engage it is necessarily complicated. What we’re finding though, is that with an issue like climate change is one just the immensity of it.
I think too, it’s that when you look at enterprise risk, these risks are typically assessed by very rigid assessment frameworks. More often than not, it’s about how much money could this cost the company within this timeframe, which probably wouldn’t exceed three years.
And obviously we’re talking about much longer timeframes. When we talk about climate change, we’re talking about scientific data.
And it’s difficult then to translate this and put it in the language of the business decision maker because it is a different language. There’s a major data set from the national oceanic and Atmospheric Agency, noaa, that some people may be familiar with.
So this data set takes a look at natural disasters, extreme weather events occurring since 1980. We’re seeing $3 trillion in damage from these extreme weather events.
The truly eye opening part is that half of that one and a half trillion dollars of damage has occurred from events occurring just in the last five years.
Peter Steinfeld: Wow.
Jay Dunne: So we are looking at a profound acceleration in the frequency of these extreme weather events and it’s hard for people to swallow that. So when they see it, they are definitely like, yeah, this is serious, but what are we supposed to do about it?
When I’m looking at climate change, I’m thinking about what is available at my fingertips.
So when I’m sitting in a GSOC or I’m part of a risk intelligence team in global security, one of the things that I’ve come to realize over the years is that more often than not, we have the clearest picture of the organization’s physical footprint than any other function in the enterprise. So that’s talking about where our sites are, where they’re going to be, where our people are at any given time.
And then we also, for many of the teams and for a lot of the folks listening to this podcast are users of critical event management tools.
So that means that they’ve got a steady feed of risk intelligence, of alerts coming in that have to do with these different types of extreme weather events. So that already puts you way ahead of other functions that might have a stake in this risk event.
So when you start having a conversation with those different functions, they may have intel needs that you’re able to address. And so many times for gsocs or intel teams, we may not consider every single weather related alert as something actionable.
We have different thresholds that we set up and we have to be careful that we’re not getting inundated with all these different threat signals.
Peter Steinfeld: Well, let’s get into some examples. Extreme heat is a risk. Many teams watch very closely, especially during this time of year.
So what should leaders understand about heat beyond the forecast?
Jay Dunne: A lot of teams do pay attention to it. I know that there’s plenty of teams also that don’t.
Because if you’ve got heat advisory alerts turned on from Your CEM tool, your critical event management platform, you could be Getting alerts every 10 minutes from Municipal, city, county, state, regional levels, depending on how your alerts are orchestrated.
That being said, while you may not find those specific heat related alerts actionable by your team or by global security, there are other functions within the enterprise. This might be exactly what they need.
This could be a critical gap that they have in their operations that by setting up a simple automated workflow, you’re able to get that intelligence, that information over to another function that may be able to trigger an extending workflow.
Peter Steinfeld: So a great best practice to maximize the effectiveness of all this intel that the security team is getting is to go out into the field and talk to these different units heads and say, hey, when you think about your people’s safety or their ability to be productive, what are the kinds of alerts or information that would be beneficial to you? And if they can let you know, you can then tailor a direct feed to them and not bother the rest of the people in the organization that.
Jay Dunne: Perhaps don’t want that 100%. I mean, and this is something that I really try to preach is don’t stop there.
One of the first things I do whenever I get acquainted with a new organization is I look at that risk register and I get to know who those risk owners are and get to know them. You’ve got to get out and talk to these folks, develop the relationships, ask, hey, what’s keeping you up at night?
Are there any critical gaps that you’re facing? How can we help you? Here’s what we’ve got.
The types of information that we’re able to field and that we could set up and get over in your direction, or depending upon your resources, bespoke intelligence products that you might be able to develop to support these other functions. So within the context of climate change and extreme weather events, heat is one example.
And then, I mean, there’s many other threat categories that you could go across that might provide great value back to these other functions.
Peter Steinfeld: Speaking of those big events and incidents that happened, hurricanes, that’s a huge major summer concern for a lot of organizations. What do these types of events reveal about the difference between continuity and resilience?
Jay Dunne: Hurricane Sandy is probably one of the most instructive case studies when looking in the difference between business continuity and business resilience. There’s a great image looking at New York City after Sandy came through causing catastrophic damage.
And there’s a particular building in lower Manhattan with all of its lights on and just gleaming as the rest of Manhattan is sitting in darkness.
Peter Steinfeld: Yes, yes, I remember that.
Jay Dunne: It’s a glaring image and one that certainly when you look at it from just a pure business continuity, we’re keeping the lights running no matter what. We’ve got generators going, the servers are backed up. Our customers at large can still rely on us to keep running.
But there’s another way of looking at it as well, which is that all might be true, and that is definitely worth applauding and celebrating. But where’s your workforce? Your workforce is in the dark and underwater and their lives are severely disrupted.
This then begs the question about how are organizations anticipating these types of disruptions to their workforce and looking at the communities that they operate in?
Which communities are most resilient so that when something like Hurricane Sandy does come through, are they able to bounce back relatively quickly and using the normal resources at a person’s disposal? And then what are the more vulnerable communities that we’re present in? How are you as an organization thinking about that?
And how are you prepared to respond to those needs, anticipate those needs?
Peter Steinfeld: You know, organizations really are organisms made up of lots of different components, and if all the components aren’t functioning, the organism will die. And a lot of people, when they think about security, they think about, about protecting the organism as a whole or the organization as a whole.
And they don’t offer this kind of bespoke, tailored approach to each part of the organism or the organization. And that’s a great example that you shared.
It’s something that we have to think about and just getting as targeted as you can to understand if any part of this organization is unsafe or unproductive, how is that going to affect the bigger organization or organism itself?
Jay Dunne: Looking at the seriousness of this global phenomenon of climate change is that all of our business continuity plans are based on the assumption that the systems at our foundation, meaning like our civic organizations and governing institutions and bodies, are intact and are not being disrupted by the phenomenon. Our BCPs are entirely predicated upon that.
And so when we’re dealing with a phenomenon too, that over time, not by one particular incident, but over time, that those resources maybe are being degraded just because of the strain of these overlapping disasters.
And our BCPs might need to be readjusted for a reality in which those systems may not be able to support and respond and provide that critical support that’s needed.
Peter Steinfeld: So how can organizations begin identifying the least climate resilient areas in their own footprints?
Jay Dunne: So I set out just looking for other resources out there that might already have Put this data together and that’s the reality of it is the data sets are already there. And the one I really want to plug is something called the Climate Vulnerability Index.
This is an incredible tool that I feel that professionals in corporate security risk and resilience should really be more aware of.
So this tool, it utilizes about 200 different cross cutting data sets that go from dealing with climate risk data, so like your actual weather data and disaster data, but then also factoring in socioeconomic data, so looking at public health data sets, looking at income and poverty levels, looking at crime insecurity, all of the different factors that affect a community’s resilience when struck by one of these extreme weather events.
So the tool then provides, using a really excellent and complex methodology, provides an index score, an overarching index score for every county in the United States. It’s extremely valuable. It also breaks it down by US Census Bureau track for something like 70,000 tracks.
It really does get into pretty granular levels of analysis and really allows you to get in depth about understanding the vulnerabilities in your footprint.
Peter Steinfeld: So let’s say I take your advice, I go get that information, I look at it, I get the vulnerability picture. What can my leaders then do with it?
Jay Dunne: So you’re able to use this picture, overlay it with your where your fiscal sites are, where your largest employee communities are and where they’re distributed. And then you’re able to identify the primary drivers of the vulnerability in those different communities.
So from there you’re able to present this back to the different risk owners in your enterprise to design risk mitigation strategies. So this could be everything applicable back to corporate real estate and facility decisions.
Risk mitigation strategies for business continuity this could help guide HR decisions around climate change related benefits for your workforce or even just from the philanthropic arm of your organization. Should there be one about how to allocate funds to support recovery in communities that your organization operates in or supports.
Peter Steinfeld: For a security, safety or resilience leader who wants to start this work but does not know where to begin, what first step would you recommend?
Jay Dunne: Start talking to people in the organization. Identify other functional leads that may intersect and may have some express interest in this topic.
What you’ll find is that there are, particularly in large enterprises, there are people out there that are asking these types of questions but are just caught up in their own silos.
And so it’s the relationship building that makes the the ultimate difference that eventually will entail discussions about and ask this question of do we know what the current and potential future costs from climate change are to our organization. It requires, I think, an innovative interdisciplinary analysis and methodology to answer those questions.
And that only is going to happen by having those conversations with other folks in the enterprise.
Peter Steinfeld: Absolutely. Well beyond all that, how do you hope organizations will evolve their approach to climate resilience?
Jay Dunne: For me, this is where the conversation turns to building more innovative risk intelligence program architecture.
So I think that the typical model that we see is that we have threat signal intake from the GSOC or from a csoc, a cybersecurity operations center, then being passed on to the relevant stakeholders or leaders within those mutual departments and acted upon from there.
I believe that there is a space where an interdisciplinary unit of analysts capable of interacting with a wide range of risk domains for an enterprise, where they can get into the data that we’ve been talking about.
This data that may not be acted upon for tactical purposes or that might fall a bit outside of the day to day operations of corporate security teams, but that when delved into, when giving enough time and resources that we can really start to attack these complex questions or problems facing the enterprise, that that is an architecture worth pursuing and something that’s really going to help organizations get past the more limited, rigid risk assessment frameworks that they’re accustomed to.
Peter Steinfeld: No, it’s, it’s fantastic. And I just love the idea of taking the abstract, which is really what the complex is, and turning it into something much more tangible.
And that’s what these frameworks can bring.
Jay Dunne: Absolutely, yeah. I think the key here is embrace complexity.
Peter Steinfeld: Well, Jay, thank you so much for being on the show. A lot of great stuff. Really appreciate you being here.
Jay Dunne: Absolute pleasure. Thank you so much.
Peter Steinfeld: To learn more about Jay, click the links in the episode description. You can also watch the video Highlights on AlertMedia’s YouTube channel.
Don’t forget to subscribe, rate, and review the show wherever you get your podcasts. So stay safe out there.
Outro: Thank you for listening to The Employee Safety Podcast from AlertMedia, the world’s leading provider of risk intelligence and response solutions. To learn more about how to protect your people in business during critical incidents, visit alertmedia.com.
Climate Risk Expert

More Episodes You May Be Interested In
-
The Strategy Behind High-Performing Safety CulturesToo often, organizations measure safety by what went wrong instead of what must go right. Shawn Galloway, Best-Selling Author and CEO of ProAct Safety, explains how leaders can focus on the behaviors, decisions, and systems that create stronger safety performance. Shawn challenges leaders to look beyond injury rates and “let’s fail less” thinking to focus…
-
Mastercard’s Proactive Approach to Climate Risk and ResiliencyAs climate risks intensify globally, Mastercard is committed to ensuring the safety of its people, facilities, and communities, in part by mitigating risk from extreme weather. Montana Eck, Ph.D., Director of Physical Climate Risk and Resiliency at Mastercard, shares how his team assesses and prioritizes climate risks across the company’s global operations. With a background…
-
20 Years Since Hurricane Katrina: Lessons in Emergency ResponseThis month marks the 20th anniversary of Hurricane Katrina—one of the most devastating natural disasters in U.S. history. When the storm struck the Gulf Coast in August 2005, Bonnie Canal was among the many New Orleanians forced to make an impossible decision: stay or evacuate. In this deeply personal episode, Bonnie reflects on the chaos…




