CSO: What should security executives be doing for hurricane season? James Lee Witt: The first thing is to make sure that you have the insurance coverage you need, whether it's for wind or whether it's flood insurance if your business is in a 100-year flood plain. Second, I would make sure that every employee understood that if we had to evacuate, where we would go, where we would reconvene our business so that we could continue to operate. Then, I'd make sure that I [could] send out alerts to all my employees\u2014particularly if it was during a weekend or if employees were traveling\u2014about what was going on and what they needed to do. So many times we forget that every dollar we invest in prevention or preparedness could potentially save us $3 to $5 in future losses, and with the business interruption side of it, it could be even higher. I would also make sure that all my customers and suppliers understood my plan\u2014what I would need to do, how I would do it\u2014and then I'd ask them to do likewise to make sure that the supply chain wasn't broken. Why do you think that some businesses don't prepare? The biggest problem I have seen is getting the buy-in and support from upper management. When I was director of FEMA, we did a survey of small businesses after disasters and found that 20 percent to 25 percent of those businesses affected by a catastrophic event never reopened. During Hurricane Fran in North Carolina, GE had a plant there. They had retrofitted their plant for hurricane resistance, and after the hurricane was over, their plant was still OK, but there were no employees to come back to work for the next two days because they were taking care of their families and their homes. Anheuser-Busch in Pasadena, Calif., before the Northridge earthquake, spent $25 million to retrofit their plant for an earthquake, and they were open and operating two days after the earthquake, making canned water for victims in the community. They said that $25 million probably saved them $150 million. Every business should help their employees develop a plan for their families, so everybody has a contact place to call to [let family] know that they're OK. If you have a catastrophic event and you need to go back in to check your business, you need to work with your local government's fire, emergency management, police, and you need to meet with the fire chief and police chief and say, "OK, here's our plan. Can we get credentials to allow us back in to check on our business?" Who has developed a great disaster recovery plan? I think Chicago probably has developed the best public-private partner concept, particularly ChicagoFirst working with the city and private sector. They have brought the private sector to the table, sat them down and just really developed a very good concept of how they both could help each other. What are you going to do if you need ice? What are you going to do if you need water? What are you going to do if you need a generator? Just all the kinds of things that might help you get through the first five days. That's all part of that planning process. What would you recommend businesses think about? I would look at what resources and capabilities I have within the company, and then I would look at what resources I would need [from] outside of the company. Then, if I needed to, I would look at having pre-event contracts set up to provide those resources and capabilities. Then I would work with the state or local government and say, "Here's my plan, here are the resources that we have that we would have available to help if we survive an event, but here's the type of resources that we may need."