Threat Retrospectives

Threat retrospectives are conducted after a threat materializes (or after a threat is retired because it did not materialize). The retrospective answers four questions: Did we detect this threat early enough? Were our probability and impact scores calibrated correctly? Did our early warning indicators fire in the right order and at the right time? Was our response effective? Each answer produces specific improvements to the threat detection system.

1. Detection Assessment How much lead time did we have between first detection and threat materialization? Was the lead time sufficient for our response plan? If not, which indicators could have given us earlier warning? The detection assessment directly improves indicator design for future threats in the same category.
2. Calibration Assessment Was the final probability score accurate at the time of materialization? Was the impact score accurate once the threat was real? Calibration data from each retrospective improves scoring accuracy over time. Most organizations are systematically overconfident (probability too high) or systematically underestimate impact (impact too low). The retrospective reveals which bias applies.
3. Response Assessment Did the contingency playbook execute as designed? Where did it break down? Were the 48-hour actions effective? Did the 90-day plan produce the desired outcome? Response assessments improve future playbooks and identify organizational capability gaps that need investment.