The fall of the large, historic Francis Scott Key Bridge in the Baltimore skyline left many in a state of shock. How could something like this happen? The loss of life is a sobering reminder of the human element of disaster preparedness and response and the importance of planning.

Business continuity leaders have a unique opportunity and responsibility to step back in the aftermath of this disaster and look to how future tragedies – and the corresponding disruption – can be prevented. Here are three lessons that can be learned.

1. Preparedness Lessens the Impact

As the threat of collision with the bridge became unavoidable, the crew of Dali made a mayday call which most certainly saved lives. The Maryland Transportation Authority Police received the alert in time to stop all traffic across the bridge. And the ship’s crew, dispatcher, and the police force all followed emergency-response procedures to reduce the human impact.

In contrast, the bridge itself had clear indications of a lack of preparedness and risk management. The bridge was a singular blocker to the Port of Baltimore. It had improper physical safeguards. And none of these risks and vulnerabilities were properly assessed or mitigated.

Business resilience professionals can look to these events as examples of why preparedness is so important from both the positives of practiced response to minimize impact and the negatives of failing to identify risk.

2. Don’t Overlook Delivery Channels

The Port of Baltimore is the eighteenth largest port in the United States and is a vital artery for transportation and logistics, not only for Baltimore but for the entire East Coast. The port’s closure costs a conservative $15 million per day in lost economic activity. The impact on businesses that use the port as a delivery channel (inbound or outbound) in their supply chain is just as significant.

Many of the businesses impacted by the Key Bridge collapse probably had no idea their suppliers even used the bridge or port to transport the goods their business relies on for continued operations.

This disconnection shines a light on why a deep understanding of third-party risk and the implications is so important for resilience. For years, it’s been increasingly risky to think of third-party risk by singularly evaluating your suppliers. Unfortunately, that’s what many organizations continue to do.

Consider expanding your assessment of third-party risk to include:

  • Who the supplier is
  • What is being supplied
  • The channel – digital or physical – through which the supplier delivers your goods or services

Understanding the “who” and “what” without the “how” leaves a significant blind spot in your preparedness. Digital delivery channels could be a specific software solution or service, while physical delivery might include ports, roads, bridges, and airports.

Assess your areas of vulnerability. Is there a single channel – like the Port of Baltimore – you or your suppliers are exclusively relying on? If so, establish alternates as a part of your business continuity planning.

3. Any Form of Disruption Is in Scope

Many business continuity programs focus on disruptions that are probable. If you’re a business based in Florida, for instance, you may be most concerned about hurricanes. While forecasting and predicting are essential – especially for disruptions that are highly frequent – not all forms of disruption can be easily predicted. Handling the unexpected takes a nimble and agile response process. The collapse of the Key Bridge was an unexpected event that many organizations were likely not preparing for or predicting because it seemed so unlikely.

While probability is a good lens for preparation, impact is also important. Consider the potential impact of a flood versus a temporary power outage versus an infrastructure failure like that of the Key Bridge. All can cause disruption, but the infrastructure failure will have a greater, cascading, and prolonged impact than a temporary power outage.

Ultimately, no disruptive event should be deemed out of scope for business continuity. Even so-called tail risks – risks with low probability and high impact – should be considered, evaluated, and exercised to ensure resilience.

What Happens Next

While the focus in Baltimore now is on site cleanup, investigation, and return to operations, the lessons for resilience and risk management will continue to unfold. There will likely be increased scrutiny around infrastructure safety and risk mitigation measures for incidents like this. Maritime insurance rates may increase, and business interruption coverage could extend to supply chain issues.

Learn from the mistakes that led to this tragedy and understand your vulnerabilities, whether those are hiding in your supply chain or as unlikely tail risks. Also learn from what went well – namely the quick action of the mayday call that saved lives. What could cause the most damage to your operations, and are you prepared with the plans, tools, and systems to survive?

For more on managing third-party risk in supply chains, download our research report, Special Report: Supply Chains, and check out Riskonnect’s Business Continuity & Resilience and Third-Party Risk Management software solutions.