It might sound silly to ask, but could an immensely popular video game be the most significant emerging risk against retail, hospitals, restaurants and anywhere with a door that lets the public in?

Unless you’ve been living under a rock you’ll know Pokémon Go’s[1] popularity is growing at a phenomenal rate, but as often happens, there could well be a dark side.

The near-mass hysteria in the video below, stories of Pokémon related muggings[2], and a large crowd’s questionable actions made me think about the potential to harm businesses. Competitors, activists or simply people with some form of grudge to set up attacks against you could be a risk you’re not thinking about.

As you’ll see from the video, the rarer the Pokémon character (a super-rare Vaporeon[3]in this case) the more people are likely to show up.

Getting a mad rush of people requires some specific things to happen:

  • Pokéstop is created by the game maker and is usually near a major landmark or other prominent place but not always.
  • In each of these Pokéstops game players can create lures. Lures attract other game players and Pokémon characters that can be captured.

Imagine someone buys and sets up a so-called lure near one of your locations and a super rare Pokémon character appears near it. As the video above notes, it’s within the realm of possibility. What if the shortest way from a subway to a lure is through the inside of one of your locations? Real people chase Pokémon on their mobile devices and while texting is distracting this is even worse.

Customers could be denied entrance and sales would be lost, the supply chain could be interrupted and your staff may be blocked from entering your place of business. Chaos ensues as does a loss of a lot of time and money.

Now think about the liability of somebody falling and being hurt. Think about this happening in every location you have. The threat is real, the event could be real, and this needs a risk assessment plan.

Prepare responses to senior management, the board and possibly regulators, as there are bound to be questions fired at you.

Be prepared to answer questions like these:

  • Does your Business Interruption insurance[4] cover this? Is it enough to cover the losses at one location, many locations, all locations? What could be some of the long term effects such as customers never coming back?
  • Is a Business Continuity Plan[5] (BCP) prepared for this issue? Check your BIAs sooner than later: many will have been focused on loss of systems and sometimes loss of production capabilities. Especially as an event like this has never happened before. For example, if this happens to a chain of restaurants, what is the plan to dispose with far more wasted product than usual?
  • What countermeasures can you employ? Do you simply sit it out, or is there something you can do to minimize the effect? A plan that’s well beyond the traditional BCP and more rapid counter measure. Using near-instant channels like social media and so on. Plan this now or it will be too late to be effective.
  • Think through the security perspective: Who might the culprit be? Is this one person with a grudge, 10,000 people having fun or a deliberate malicious act? Much like an internet Denial of Service[6] (DoS) attack on your organization.
  • Have you talked with your insurers about this new exposure?
  • What statement has been prepared for the investors?

Like any successful risk management plan, the key is developing actions we hope we’ll never have to take. Learn more about Examining the Role of Strategic Risk Management form a Supply Chain Risk Perspective in our white paper.


References

[1] https://en.wikipedia.org/wiki/Pok%C3%A9mon_Go and
http://www.telegraph.co.uk/gaming/what-to-play/pokemon-go-uk-release-date-how-to-get-it-early-tips-and-everythi/[2] http://sfist.com/2016/07/13/pokemon_go_claims_first_san_francis.php[3] http://www.pokemon.com/us/pokedex/vaporeon[4] https://en.wikipedia.org/wiki/Business_interruption_insurance[5] https://en.wikipedia.org/wiki/Business_continuity_planning[6] https://en.wikipedia.org/wiki/Denial-of-service_attack