Milan, February 16, 2026

Milan-Cortina: resilience as an invisible infrastructure

Watching Milan and Cortina host the Winter Games is a source of personal and professional pride. From the extraordinary opening ceremony at the San Siro, it is evident the level of organization, coordination and preparation that supports an event of this magnitude.

Behind the beauty of the images and the energy of the competitions exists a less visible but decisive infrastructure: that of resilience. A system made up of meticulous planning, risk analysis, drills, clear roles and integrated response capabilities.

In the past, I had the opportunity to contribute to risk and crisis management activities at the Athens Olympics and the Turin Winter Olympics. There I worked with an IOC team that had gained significant organizational experience at the Games in Lillehammer, Norway. From them I learned how the management of major events requires attention not only to the most obvious scenarios, but especially to those that elude “everyday” resilience:

  • Sudden blockage of a chairlift carrying athletes to the start
  • Failure of the refrigeration system at the bobsled track.
  • Electrical outage at a crucial moment in the opening ceremony
  • Error in transport flows or accreditation steps.

And, of course, also the more serious scenarios that we can all imagine but no one would ever want to see, including those related to terrorist threats or complex security events.

The difference between an incident and a crisis, in these contexts, is almost always in the preparation. In the number of times a scenario has been imagined, discussed, simulated. In the clarity of decision-making chains. In the organizational culture that enables response without improvisation.

It is with particular satisfaction that I see today in the teams engaged in crisis management in Milan-Cortina professionals who have seriously invested in their resilience training. Among them is Irene Proto, who recently completed a Business Continuity Management course with DRI, earning her CBCP certification, and who is now in charge of Issue and Crisis Communication Management.

To you, and to all those who are working to ensure that what is unseen continues to work, go my congratulations and best wishes.

Because in big events, as in organizations, resilience is not spectacular. It is quiet.
And because of that, it is critical.

Happy reading!

Conrad Zana

corrado.zana@continuitaly.it

Risk & Resilience Outlook

Allianz Risk Barometer 2026

The 2026 edition of theAllianz Risk Barometer

In each issue of our newsletter, we want to reserve space for a publication that we believe is particularly significant to the community of business continuity, risk management, and organizational resilience professionals. Reports and analyses that are not intended to make predictions, but to help read the context, understand the dynamics at work, and reflect on the practical implications for organizations.

In this issue we have chosen to focus on one of the global benchmark publications: theAllianz Risk Barometer 2026

The 2026 edition of theAllianz Risk Barometer 2026, released in January, represents one of the most established and operational analyses of the risk priorities perceived by businesses globally. The report is based on more than 3,000 experts including risk managers, brokers, insurers and corporate executives in nearly 100 countries, offering a snapshot that is not theoretical but rooted in the direct experience of those managing claims, operational disruptions and reputational crises.

For the fifth year in a row, cyber incidents remain at the top of the most feared risks globally. Ransomware, data breaches, digital supply chain attacks and system unavailability remain the main drivers of concern. However, the most interesting finding of the 2026 edition is the entry ofartificial intelligence among the emerging risks of greatest concern: not only for its use by malicious actors, but also for its implications related to governance, accountability, regulatory compliance and data quality. AI is perceived as an accelerator of opportunities, but also of vulnerabilities.

Business interruption continues to occupy the top positions steadily. The report highlights how business interruption is increasingly the indirect consequence of other events: cyber attacks, natural disasters, geopolitical tensions, regulatory instability or supply chain failures. In other words, economic damage results not so much from the initial event as from its systemic propagation.

Also relevant is the growing weight of geopolitical and regulatory risks, reflecting an international environment characterized by regulatory fragmentation, regional conflicts and volatile trade relations. Businesses perceive an environment that is less predictable and more exposed to sudden shocks, impacting supply, energy and financial markets.

The overall message of the report is clear: risks no longer occur in isolation. They are interconnected, multilevel, and characterized by cascading effects. For resilience practitioners, the challenge is not just to update the priority list, but to understand the interdependencies between technological, operational, environmental and geopolitical risks.

The real question is not whether these risks are known: it is whether they are actually integrated into the organization’s decision-making processes, continuity plans, and management culture.

At the top of the Resilience Manager’s list.

Risk communication

Training in risk communication: from technical competence to cultural leverage

If risk is, by nature, a repelling issue, risk communication is a strategic competency. Not an accessory to the risk management process, but a structural and enabling component of it.

International standards clearly state this. The ISO 31000 includes communication and consultation among the core elements of the risk management process: risk is not truly managed until it is understood by decision makers and relevant stakeholders. Similarly, the ISO 22322, dedicated to public warning systems, states that an effective message must be understandable, contextualized, coherent and action-oriented. Principles born for civil protection, but perfectly transferable to the business context: even a board needs clear, concise and actionable messages.

On the level of operational best practices, the Crisis and Emergency Risk Communication (CERC) model developed by the U.S. CDCs proposes a structured view of risk communication throughout the entire event cycle: pre-crisis preparedness, management during the emergency, and post-event consolidation. The central point is that communication cannot be improvised when the event happens: it must be designed, tested and integrated into routine processes.

The guidelines of the World Health Organization reinforce this approach, highlighting three key factors: transparency even in the presence of uncertainty, building and maintaining trust over time, and two-way stakeholder engagement. Communicating risk is not just about “conveying information,” but activating a dialogue to understand perceptions, resistance, and cognitive biases.

It is true that many of these references originate in health care settings, where the communication of critical-sometimes dramatic-news is an integral part of professional activity. However, precisely because of this, they are extremely well researched, validated and empirically tested models in contexts of high decision-making pressure. The principles that underpin them-clarity, contextualization, listening, trust-building-are also fully applicable in industrial settings, in natural hazard management, in process safety, in critical infrastructure protection. It changes the content of the risk; it does not change the human dynamic by which it is perceived, accepted or rejected.

Within this framework is the Safe Communication Competency Framework (SACCIA) model, which is particularly interesting because it translates communication into observable and coachable skills. SACCIA identifies five key dimensions:

  • Sufficiency: provide complete information, avoiding omissions that may generate biased interpretations;

  • Accuracy: ensuring technical accuracy and consistency of data;

  • Clarity: expressing complex concepts in an understandable way, reducing ambiguity and unnecessary jargon;

  • Contextualisation: placing risk in the decision-making and operational context of the listener;

  • Interpersonal Adaptation: tailoring the message to the specific audience, taking into account role, culture, expectations, and skill level.

It is a model that overcomes the purely technical view of communication and brings it back to a professional discipline: communicating risk becomes a skill that can be measured, evaluated, and improved.

The work of theOECD on trends in risk communication policies and practices confirms this approach. In its comparative reports on member country governments, OECD points out that the most mature systems are those that adopt a participatory approach, moving beyond top-down logic. Effective communication is not limited to disseminating institutional messages, but integrates tools for listening, feedback and continuous adaptation. Furthermore, it is pointed out that trust in the source of the message is a multiplier of effectiveness: without trust, even technically correct information loses impact.

The academic literature converges on one essential point: risk communication is not an adjunct to technical management, but the place where risk becomes shared awareness and, therefore, decision-making.

From this follows an operational conclusion: risk communication can-and must-be trained. Not as a bureaucratic fulfillment, but as an ongoing cultural exercise. Effective training is not limited to explaining rules or procedures; it develops the ability to make comprehensible what, by nature, is not. It involves all levels of the organization, but especially top management, where risk translates into strategic priorities, resource allocation and governance choices.

In a context marked by extreme natural events, fires, sudden disruptions and systemic vulnerabilities, it is not enough for risk to be properly analyzed. It must be understood, discussed and shared. And this requires method, expertise and intentionality.

Professional development

Upcoming Continuitaly courses – DRI Italy – DRI France – NFPA

Upcoming professional training courses we deliver in Italy in collaboration with DRI International and NFPA

Cyber Resilience – Certification Course – DRI Italy
March 3-4, 2026 – Online – Italian
Intensive course on cyber risk management.
Learn more

Business Continuity Management – Certification Course – DRI Italy
March 10-11-17-18, 2026 – Online – Italian
In-depth course on BCM principles and practices.
Learn more

Business Continuity Management – Certification Course – DRI France
April 14-15, 2026 – Online – French
Intensive course on BCM principles and practices.
Learn more

Business Continuity Management – Certification Course – DRI France
April 14-15-21-22, 2026 – Online – French
In-depth course on BCM principles and practices.
Learn more

NFPA 13 – Standards for Sprinkler Systems
May 11-12-13, 2026 – In-person – Milan
Official NFPA course dedicated to the design of sprinkler systems.
Learn more

NFPA 20 – Standards for Fire Supplies
May 14-15, 2026 – In Attendance – Milan
Official NFPA course dedicated to the design of fire supply systems.
Learn more

Complete and updated calendar

It really happened! Operational reflections from real cases

Extreme fires in Chile and Argentina: when natural risk becomes systemic

Mega-fires in Chile and Argentina

This column is devoted to the analysis of real events, with the aim of stimulating responsible and future-oriented thinking.

In the early months of 2026, vast areas of the Southern Hemisphere were hit by exceptionally large forest fires, with significant human, environmental, and infrastructure impacts. In Chile, a series of fires that broke out on January 16 in the Biobío and Ñuble regions burned thousands of hectares of forest and urban areas, causing at least 21 deaths, more than 50,000 evacuations, and the destruction of hundreds of homes and structures, leading the government to declare a state of disaster in the affected areas.

Simultaneously, in Argentina’s Patagonia region, fires fueled by extreme heat, high winds and prolonged drought have devastated portions of Los Alerces National Park-a UNESCO World Natural Heritage Site-with tens of thousands of hectares gone up in smoke and complex evacuation and containment operations underway.

Climate attribution studies published immediately after the events show that the conditions that fostered these fires-anomalous temperatures, prolonged droughts, and intense winds-were 2.5-3 times more likely than in a climate without human influence on global warming, underscoring how systemic drivers of natural hazards are now well intertwined with long-term global trends.

This type of event highlights some critical dynamics for those involved in risk management and resilience:

  • Interconnectedness of risks: the combination of various drivers (thermal anomaly, drought, winds) creates extreme risk conditions that cannot be treated separately-requires a systemic approach to assessment and mitigation.

  • Widespread socio-economic impact: effects transcend the loss of natural resources; involving massive evacuations, service disruptions, stress on emergency resources, and pressures on critical infrastructure.

  • Role of local governance and resources: responsiveness-including warning systems, evacuation planning, coordination between levels of government-proves to be a differentiating factor in the extent of damage.

  • Long-term trend: these fires are not an isolated anomaly but are framed within a season of extreme weather events marking the beginning of 2026 in the southern hemisphere, making a preventive and adaptive strategy imperative, not just reactive

These incidents are a very real reminder of the importance of first checking the simplest and often overlooked aspect: how much one’s production, logistics, or administrative site is potentially exposed to the risk of wildfire or forest fire.

But reflection cannot stop at the physical perimeter of the organization.

The impact of this type of risk, closely linked to climate change, extends far beyond the assets under direct control. It can affect the availability of critical infrastructure, the continuity of suppliers, the stability of transportation, the accessibility of industrial areas and, more generally, the sustainability of the business model adopted.

Regulatory news to monitor

Focus ACN & NIS2

ACN’s work in NIS2 continues.

New Operational Determinations for NIS2
In January 2026, ACN published two important Determinations (No. 379887 and No. 379907) for the implementation of the NIS2 Directive in Italy: these measures introduce operational updates on security measures and incident notification rules for subjects classified as “essential” and “important.” The determinations also define updates to the NIS Portal and how it interacts with ACN services.

Incident Management Guidelines
Also in January 2026, the “NIS Guidelines – Definition of the Information Security Incident Management Process” was published : a non-binding but operational reference document to link the incident response steps with the security measures expected from ACN determinations and facilitate the alignment of internal processes of organizations subject to the regulations.

Updated baseline specifications and operational implementation
By the end of 2025, ACN had already updated the baseline specifications for NIS2 implementation, transforming the regulations from a theoretical framework to verifiable operational criteria. This update is now guiding the implementation phase for obligated entities, with criteria proportionate to the risk and size of organizations.

Deadlines and First Operational Phase 2026
With the start of the year, significant incident reporting obligations by NIS2 entities are fully effective, with timelines and key roles (e.g., the Point of Contact and CSIRT Contact Person) integrated into organizations’ internal security processes.

In summary:

  • ACN is transforming the formal transposition of NIS2 into concrete implementation with operational rules and reference documents for Italian organizations.

  • Recently published determinations and guidelines focus on:

    • notification of incidents,

    • Integrated security event management,

    • Alignment of incident response processes with regulatory requirements.

  • The NIS Portal and digital information management flows are now the focus of daily compliance.

  • 2026 is the year when many of the key deadlines become operational obligations, no longer just formal fulfillments.

The technical corner

Combustible insulators in construction: a not insignificant detail

Combustible insulators: conscious management or risk elimination?

Dramatic episodes in the past have shown how devastating plastic materials-such as polyurethane foams-can be if involved in a fire. Although such materials are often used for thermal insulation, sandwich panels or lightweight construction applications, one underlying principle remains: any material of plastic origin introduces combustibles into the building.

In industry these insulators are widely used for:

  • Thermal insulation of roofs and walls,
  • lightweight prefabricated panels,
  • energy efficiency,
  • Lightening and rigidity of building systems.

They are performance materials and widespread. But they are, by nature, organic and combustible.

The consequence is simple: the use of plastic insulation is not only a technical choice, but also a choice of exposure to fire risk.

Certification ≠ non-combustible

Only some of these products receive certifications from international bodies. They are not certified “non-combustible”-because by definition they are not-but they can be declared acceptable under specific application conditions. Bodies such as:

  • FM Approvals
  • UL Solutions
  • International insurance groups,

evaluate certain systems through standardized, sometimes full-scale tests and attest to their suitability within precise parameters. In these cases, the combustible material is not “absolved,” but is considered usable under certain conditions of installation, compartmentalization and protection.

What to check concretely

When choosing a plastic insulator, it is good practice to check in the Declaration of Performance (DoP) and test reports:

  • The fire reaction class (EN 13501-1),
  • The index of smoke development,
  • Any limitations on use,
  • The installation conditions required by the certification,
  • the results of specific tests (e.g. FM 4880, FM 4881, etc.).

In other words, it is necessary to understand what the actual contribution to fire development is in case of direct involvement. If it is really necessary to introduce a combustible element into the construction or finish of the building, it is prudent to move toward solutions certified by internationally recognized bodies.

Choosing the path of simplicity

However, each certification comes with conditions and limitations. To avoid interpretative complexities, possible insurance restrictions and future discussions, the most straightforward solution remains the use of inherently noncombustible materials, such as:

  • rock wool
  • glass wool
  • cellular glass

Materials generally classified Euroclass A1, which do not contribute to the fire load.

In summary

Certification can make a combustible material acceptable. Noncombustibility eliminates the problem. It is not required of risk managers, CFOs or CROs to know in detail the chemical and performance characteristics of the dozens of materials on the market today. It is not their job to get into the composition of an insulator or laboratory test parameters. It is, however, critical to know what questions to ask:

  • Is this material combustible?
  • Is it certified by a recognized body?
  • Under what conditions is it considered acceptable?
  • What is its contribution to the development of a fire?
  • Is it consistent with our risk profile and the insurer’s expectations?

Asking the right questions of designers, architects and construction companies means preventing problems today that, tomorrow, could become operational, insurance or reputational.

Resilience comes not from specialized knowledge of every technical detail, but from the ability to direct choices consciously.

Insight & Inspirations

Suggestions of the month

Suggestions of the month

In this column, we continue to point out content that we find useful not so much for acquiring new knowledge but for refining the way we read risk, uncertainty, and strategic decisions in complex contexts.

Reading of the Month: The Unthinkable,Who Survives When Disaster Strikes – Amanda Ripley
A text that has now become a reference for those working in resilience and crisis management. Amanda Ripley analyzes, with journalistic rigor and scientific basis, how people react when the unexpected actually happens: natural disasters, attacks, sudden accidents. The book explores the gap between what we think we would do in an emergency and what actually happens, highlighting the importance of mental as well as technical preparedness.
It is available in English from Amazon, Apple Books and major international online bookstores.

Podcast of the Month: The Disaster Podcast
A podcast dedicated to the world of emergency and disaster management, featuring interviews with practitioners, analysis of real cases, and discussions of operational strategies. Episodes cover topics such as major events, natural disaster response, urban resilience, and inter-agency coordination.
It is available for free on major listening platforms (Apple Podcasts, Spotify and other streaming services).

Together, these two resources offer a complementary perspective: on the one hand the human and behavioral dimensions of crisis, and on the other the concrete experience of those working in the field. A good reminder that resilience is both culture, method and ongoing training.

Updates from National Fire Protection Association (NFPA)

News from the international Fire Safey community

Focus on NFPA 72 – evolution of alarm and communication systems

As a member of theAuthorized Education Network and an authorized NFPA training partner in Italy, we consider it part of our role to inform the professional community about the main news and developments coming from the NFPA world, with a focus on the technical, regulatory and operational impacts for companies and professionals.

The National Fire Protection Association (NFPA) is an international nonprofit organization and a global reference point for fire safety, life safety, and asset protection. Through the development of technical codes and standards, research, education and outreach activities, NFPA has been contributing to fire risk reduction and resilience in organizations worldwide for more than a century.

The most recent update of NFPA 72 confirms a now clear trend: fire detection and fire alarm systems are no longer isolated systems, but components of integrated digital ecosystems.

The standard strengthens requirements for network-based (IP) communication systems, transmission channel supervision, and communication redundancy. This means that firefighting system reliability also increasingly depends on the underlying digital infrastructure.

Particular attention is paid to:

  • Documentation and tracking of system configurations;

  • testing and maintenance requirements for smart devices and connected systems;

  • development of Emergency Communication Systems (ECS), which extend the function beyond fire reporting alone to include integrated communications for broader emergency scenarios.

For organizations, this involves a cultural evolution: the alert system is not just a regulatory requirement, but a critical resilience infrastructure.
Technical compliance is increasingly intertwined with cybersecurity, business continuity and risk governance.

Updates from Disaster Recovery Institute International (DRI)

News from the global community of certified professionals in resilience

Climate change as a business continuity risk: why act now

As the official Affiliate of DRI International for Italy and France, we consider it an integral part of our role to inform the professional community about the most relevant developments coming from the DRI world, with a focus on methodological trends and concrete implications for organizations, practitioners and decision makers.

DRI Internationalis the global reference organization for the development of Professional Practices for Business Continuity Management, as well as for the training and certification of resilience professionals. Through methodological standards, applied research activities and international events, DRI has been contributing to the evolution of the business continuity and crisis management discipline worldwide for more than 50 years.

In the blog https://drive.drii.org/ of DRI International was recently published the article “Climate change as a business continuity risk: why resilience professionals need to act now,” which directly addresses an issue now central to the profession: climate change as a structural risk to business continuity.

The message is clear: climate change is no longer a context variable or an ancillary ESG issue, but an operational driver affecting supply chains, critical infrastructure, energy availability, transportation, and human safety.

The fires that have struck Chile and Argentine Patagonia in recent weeks represent a concrete example of this dynamic. High temperatures, prolonged droughts, and extreme weather conditions have generated events that have not only destroyed territory but produced mass evacuations, disruptions of services, and widespread economic impacts. What is happening in the Southern Hemisphere today is a preview of what could occur in our latitudes as the summer season approaches.

DRI article calls resilience practitioners for a change of pace:

  • Integrating forward-looking climate scenarios into Business Impact Analysis;

  • overcome the exclusive use of historical data, which is no longer representative;

  • Assess indirect exposures along the entire supply chain;

  • Prepare for simultaneous and prolonged outages in multiple geographic areas.

Climate change is described as a “risk multiplier”: it not only creates new threats, but also amplifies existing vulnerabilities. For business continuity practitioners, the question is not whether climate risk exists, but whether it has already been incorporated into plans.

For institutional activities around the world, see www.drii.org

Instead, for our activities in Italy and France, www.dri-italy.it and www.drifrance.eu can be consulted.

PhoenITx Ltd.

Pietro Calvi Street, 2

20129 Milan, Italy

www.continuitaly.it

This post is also available in: Italian French