When Hackers Hold Your Conference for Ransom with Stuart Ruff-Lyon

[00:00:00] Nobody walks into their own conference expecting a crisis. And that's exactly the problem. The most dangerous assumptions in this industry is that if the show goes well, the business grows. That the event is the plan. But the organizations that actually grow had someone asking a bigger question. What is this event building toward? Most event professionals spend their careers getting really good at not letting things go wrong. And that's a defensive career.

[00:00:28] And in this industry, we're full of them. Our guest this week stopped playing defense a long time ago. And it turns out the only thing riskier than a bad event is a good one with nobody accountable for what comes next. He doesn't just run the show. He underwrites the whole organization. It's Event About It with Stuart Ruff-Lyon.

[00:00:59] Hey, everybody. Welcome to Event About It. I'm your host, Megan Martin. Our guest this week has spent over 20 years turning risk management into a really good time. He's the chief commercial officer at RIMS, the Risk Management Society, where he oversees events, marketing and sales and leads Risk World, the world's largest annual gathering of global risk professionals. Welcome to the studio, Stuart. I'm so glad we're finally reconnecting to do this. Hi, Megan Martin.

[00:01:28] And yeah, I feel the same way. I'm glad to be here. It's good to see you. So before we jump into some fun games and get into conversation, there's a really fun fact about you. And I need to know how it came to be that you collect swatch watches. I can't even say it. It's hard to say. I do, actually. I have a lot of swatch watches. I have more than 200 now at this point. So it's quite the collection for sure.

[00:01:54] And what I love about the brand, actually, is they're always constantly reinventing themselves with new products by different artists. So it's like there's always something new to look at and buy with swatch. How did you get into them in the first place? Like, did someone gift you one and you were like, oh, these are so cool? Or did you love the brand? That's actually a funny story. It ties back to events, actually, a little bit. When I was younger, actually, I always wanted one, but I was not responsible enough to have a watch. So I was told. So I never really got one.

[00:02:22] And then one day I was coming back from the most stressful meeting that I ever had at the time, just in India. And Duty Free had the swatch, so the basic one that was black and white one. And back then it was only like 50 bucks. I was like, you know, I have to have this stressful. Maybe I'm going to buy this. And it kind of started an obsession after that, where I always sort of got known for wearing swatch watches and, you know, back wearing ties. I used to work on having the watch that matched the tie, that matched the socks. It was fun, too. Yeah. Do you have a favorite of all the 200 you have?

[00:02:51] Do you have a favorite one you like to wear? You know, I can't say that because every time I get a new one, it's my temporary favorite. But I have some that have a lot of sentimental value. Like, my husband gave me several over the years, obviously. On Valentine's Day, they gave me like 10 on one, I remember. So a lot of them have sentimental value for me. And, yeah, the current one that I'm wearing is always my favorite one. I love it. I could see you like on show site with like 10 watches, one to like every time zone and, you know, where everyone is in the world. Yeah, not quite that bad. I wouldn't wear 10 at once.

[00:03:21] Not 10 at once. Okay. Well, you've been at RIMS for about 13 years, just over. And that's a really long time to stay in one place in the industry. So what has kept you at RIMS all these years? Honestly, I've always been challenged with new things at RIMS. I've been allowed to explore different things. I've really grown my professionalism and my career has really grown there. And I think that, you know, it's been one thing that I've been promoted continuously throughout the years there into VP roles and overseeing different departments.

[00:03:49] And most recently, the chief commercial officer, which I've been in that role now for just about maybe a month or so. So, yeah, for me, it's always been very rewarding. They always support everything I want to do. And really, I think RIMS takes really great care of their employees. Oh, I absolutely love that. Okay. Well, let's get into a fun game. So you've sat in more post-event debrief meetings than most people have had a hot meal.

[00:04:12] And if there's one thing I know about debrief culture in this industry, it's that we are really good at reporting what happened and really bad at asking what it means. So we're going to play a game called the debrief. And here's how it works. I'm going to read you a real post-event debrief bullet point, the kind that shows up in every single post-show report pretty much across the industry. And your job is to give me the one question you would ask in the room that maybe no one else is asking.

[00:04:41] Not the obvious question, not the one on the report, but the one that really gets to the why. Okay. It sounds hard. Let's go. Okay. First scenario. Attendance was up 12% this year. We hit our registration goal three weeks ahead of schedule. I mean, there I would say the question has to change and it's something that really reviews how that happened, right? More with the marketing efforts. Like, what do we do differently this year that caused a 12% increase in attendance and to register that much earlier, right?

[00:05:09] So I think it's really looking more at the marketing strategies that were employed this year that could have been different from previous years and assessing those. Great. I love that. All right. Next one. Sponsor revenue was flat compared to last year. Top 10 sponsors all renewed, but we didn't add any new logos. So the question there to me revolves more around trying to understand what the overall value is of your sponsorship to your customer base, right? So are we asking the right questions of the sponsors to begin with?

[00:05:39] How are we marketing ourselves and why is it a good deal for them to participate with this, right? Is a good question to ask. And also that's a time to really look into the marketing strategies behind, you know, the sales acquisition strategy that we're trying to employ to attract new people to the show. And for your show, are sponsors exhibitors? Are exhibitors sponsors? Are they one in the same or two separate buckets? Well, for our show, you have to be an exhibitor in order to be a sponsor. Got it.

[00:06:06] So we have about 300 exhibitors and about 30 or so sponsors have we considered sponsors. Gotcha. Okay. Next scenario. Session evaluations came back strong. Attendees rated the content 4.2 out of 5. The question there to me should be more about what people really took away and how it changed maybe their behavior, either personally or professionally, after walking away from the show, right?

[00:06:32] And also that begs to the question too, like what are we doing with that content to keep it fresh and keep it alive for people post-show, right? So that's an interesting question I have. Obviously, there's a great show metrics, right? But still, it's like how did you get there and how we can keep the momentum going, right? Yeah, absolutely. Do you guys go into your show with a plan of what to do with all the content that's created? It's difficult for a show of our size just because we also, we have so much content.

[00:07:01] We do have more than 150 educational opportunities over basically a three-day period at RiskWorld, right? So we do repurpose the top sessions in a different kind of programs or webinars. We suggest them to the webinar team that these were the hot sessions. We also offer them up to other conference programming committees to say this is what really worked here and everything. And also sometimes there'll be some separate outreach later about you attended this, so maybe you'll enjoy this product or this event we're doing as well. So really looking at all that.

[00:07:30] Yeah, I love that. Okay, next scenario. We had our highest ever number of first-time attendees this year. That to me goes back to another marketing question too. Like what do we do differently from previous years? Like how are we attracting these people? And also going into the reasons, you know, why they're there. And also it becomes a question too about how do we retain them for future events, right? As well as how can we actually turn some of them into members? Because it could be a membership acquisition strategy as well. There were new attendees at the event.

[00:07:59] So that would be more how the lens I would take on it. Yeah, that's great. Next one. The event came in under budget. We saved $200,000 by cutting the closing night reception. This to me speaks to somebody potentially knowing the cost of everything and the value of nothing. Because what was the value you gave up by giving away that closing reception, right? It's a networking opportunity. We know networking is extremely important now from the data and the research and the industry out there.

[00:08:28] And to take away the opportunity and taking away the closure of the event, was that really worth the savings of $200,000? Or could you have cut somewhere else, right? So that's a big question to ask. Yeah, absolutely. Our post-event survey response rate was 8%. Of those who responded, 92% said they'd attend again. With the 8% response rate, the questions should be something around, why did we hear from the other 92%? Like, what do they think of the show, right?

[00:08:57] How can we reach that audience to get better feedback? And 8% is not a lot. And to the point of having 92% say they would repeat attendance at the show, why are the other 8% saying that, but they won't? Like, are we asking the right questions of them? Like, why are they not coming back when they're not attending, right? Trying to dig into those issues. How are we not going to be satisfying their needs as a conference? Yeah, I get into this with meeting planners a lot when they are making decisions solely on post-event survey feedback.

[00:09:24] And if only 8% of your attendee base is responding. And what if those are only, of those 8%, is it all sponsors and exhibitors? Is it actually attendees? Is it first-time attendees? So now you're making these, you know, broad changes to your show based on a very small segment of your audience that may or may not actually be relevant to the changes that you're making. That's very true.

[00:09:48] Understanding the audience demographics and the segmentation there, who's answering what question is definitely key and paramount that understanding how you can make improvements to the show going forward, how you can reach a larger audience for your survey base. And I'll say this, there's so much data out there about events. You know, obviously your event has different platforms, software, everything's coming in, all these data spreadsheets that give you so much intel. And, you know, thankfully, I am grateful for AI out there right now because it can't help make sense of that and help analyze some of these data points, right?

[00:10:14] So people who aren't looking into using AI for that really should be to help analyze survey results. Yeah, agreed. All right, last two. Sales followed up with every lead within 48 hours of the show closing. Well, you know, we said earlier that sales were a little flat on sponsorship, right? I don't know if it's the same event we're talking about, right? So assuming that it is, you know, I guess I would say, you know, were we asking the right questions?

[00:10:41] We understand the audience we're speaking to a lot more, right? And that's one thing, too, where I think that, you know, obviously LinkedIn search is out there or AI can help, too, understanding more of a company's needs. They're trying to understand before you have the conversation, like, what is it about this company that wants to spot? What can we offer them for the value, right? What is it? What can we offer them to make them want to be part of risk role or part of friends? So. Agreed. All right. Last one. This one's probably my biggest pet peeve on all post-event reports.

[00:11:12] We trended on social media for two days after the conference. Engagement was through the roof. Two days after the conference really isn't a lot to say, first of all, about promoting the engagement. I think it becomes more about, to your point about, you know, audio segmentation, who's posting this up to? Is it mostly exhibitors? Is it mostly sponsors? Or is it actually the attendees that are posting tidbits that go into my education? Whatever that may be. So the better question is how do we extend the engagement that we had throughout the year, perhaps, right?

[00:11:41] How can we keep people engaged with RIMS as a brand or risk role as a conference on a 12-month basis and not just before the event? Yeah. And also, like, what does engagement mean? Like, just because people are talking about you on social media, is that actually engagement? Like, what does that mean? That's true. A lot of people like to say, I just have selfies on social media. So is that really engagement? I don't know, right? So. Exactly. Well, what I love about every single one of those answers is that the question underneath is the question.

[00:12:10] It's pretty much always the same one. Why are we measuring? What are we measuring? And are we counting just to count things? And that is exactly the kind of thing that keeps me up at night is, yeah, we have all of this great data, but what are we doing with it? And what does it actually mean? And so that kind of gets me into one of my favorite parts of every episode, and that is the vent of the week. This is the time.

[00:12:39] It's collective therapy session because sometimes the only thing harder to manage than a citywide conference is the industry conversation happening around it. So, Stuart, no filter, no diplomacy, no board members are listening. What is something happening in events right now that just makes you want to flip the debrief report? You know, two thoughts of that, first of all. An internal debrief. If somebody ever mentioned something about food and beverage, I'll just tune out right away. I can't control that, right?

[00:13:08] But on a broader scale of the events industry, I actually struggle with the notion that keynote speakers are changing away from some business liberties into more content-focused speakers at some degree. Because my show bucks that trend. Like, we've tried this both ways. And we can have, you know, a celebrity speaker that will fill the house or whatever, right? We get them talking about business and risk, of course. But having, you know, the lower speakers are maybe just more 100% risk-focused. We don't fill the room, really, with that kind of stuff, right?

[00:13:37] So I kind of, there's so much data and research out there suggesting you change your keynote strategy. But I guess my show just doesn't, it kind of bucks that trend. And so every time I hear about it, I'm like, wow, is that really true? Because there are people filling their house and filling their rooms with that, you know, reducing the content away from a bigger name speaker? I don't know. We certainly don't. Well, I love, I love that you brought that up because one of your keynote speakers this year is a celebrity to me. You have Adam Grant as one of your keynotes.

[00:14:04] And I think he's one of the greatest thinkers of our time. I mean, I have all of his books and part of his book club. I'm like total fangirl over Adam Grant. But why choose someone like him? You've had Danica Kirkpatrick in the past. And how do you tie some of those celebrity speakers in so that it is a good decision for your show? Because a lot of times people just use it to like sell tickets.

[00:14:27] But then that speaker doesn't actually tie anything they're talking about to like the content or the theme of the show. Absolutely. Yeah, I'll say this. I've been surprised how many people don't know who Adam Grant is, honestly. But we've announced as a keynote of our own staff. And I'm like, what? You don't know who this is. But for that connection, these are all business professionals. Now, on a broad spectrum, like they want to improve their coaching and want to improve how they're relating to their employees, their bosses and everything.

[00:14:56] So Adam Grant really speaks, I think, workplace culture and emotional intelligence. But particularly, we're going to focus with him on the risk of making certain assumptions and what you're at the risk of making assumptions into business decisions and things like that. So that'll speak well to our risk manager who seeks data and clarity. And our backhand speaker this year is Michael Strahan, actually. But he's actually known to me before the research, you know, owns like many different brands, owns many different businesses, really big entrepreneur. And I have a lot to say, I think, about business risk.

[00:15:26] Okay, I like that. Yeah, I think Adam Grant's book, Think Again, specifically has a lot of themes that would resonate with your audience. So I think it was a good choice. And it's interesting to me that you guys kind of lean into that because you're right. The data and the story out there is most people are moving away from celebrity keynotes. So if it works for you guys, I love that you kind of double down on it. Exactly. Okay, so next up, let's event about it.

[00:15:53] The part of the show where you get to spill the tea on a memorable event moment, whether it was a huge success, a total disaster or just pure chaos. So let's get into it. Tell us a story because you've had some stories. So give us a good one. I have. It's hard to pick just one automatically over the years. But I guess the one I would share, because I think cybersecurity is such a big issue now amongst events and event professionals.

[00:16:20] You know, I share this story a lot, actually, the show we had a few years back that our database for our education products from Freeman was actually hacked and held for ransom. So like with the presentation management system, 150 education sessions were sitting in PowerPoints, all that. Suddenly we had no access to them on the first day of the show that morning and an education program opened that afternoon.

[00:16:44] So it was just sort of like really telling moments me like about the risk of cybersecurity with your events, of course, but also that anything can be held to ransom because it would be really inconvenient if you didn't have all that stuff. Oh, for sure. We could have gone old school, of course. We could have had thumb drives and running around like crazy trying to make it work. But that would have been sloppy and inconsistent, obviously.

[00:17:05] So luckily that morning, we have a really talented technical team, really talented chief information officer who was able to get our stuff back without us paying a ransom. And it happened in the nick of time before the education programs opened. So we were sweating a bit that morning, but it was interesting to me that we went through that. A lot of organizers wouldn't think that some of their stuff could be hacked like that. Right. And who would think that somebody out there would want your education sessions? Right.

[00:17:29] So it's just an interesting story that I always like to share with people, especially now that cybersecurity has been so forefront with our industry. So one, I want to know how much they were asking for ransom, just because I'm curious. And two, how did you guys figure out it had been hacked? Like, was there a message, a text message? Like, who figured out that it had been hacked and was being held for ransom? Yeah, that's an interesting question. One that I don't fully know because it happened to our IT team more.

[00:17:56] And I don't recall what the ransom ask was, but it was whatever it was, we weren't going to pay it. Of course. Whatever it was. And with the finding out that morning, I found out from our IT team that morning after it happened. So somehow they were notified, I guess, maybe by the email that came in for the ransom, maybe just realizing all this stuff was gone. I'm not sure. But again, it wasn't our system that got hacked. It was actually a third party system. And that's where a lot of professionals need to understand. Like, there's a lot of third party risk with cyber stuff.

[00:18:25] You start updating your RPs and your contracts around cybersecurity efforts. So yeah, that was an interesting session, an interesting lesson to learn and to go through. Yeah. So, and you did mention it was with one of the vendors that kind of runs your speaker ready system and speaker ready room. So I'm assuming IT had to work very closely with that company's IT team to be able to combat and get all of the information back from the hackers. Yeah, absolutely. It was a mutual effort.

[00:18:53] I want to say that that vendor as well, like they definitely don't have that kind of stuff. It was definitely a shock to us all if somebody would want that, right? So we didn't even know. But that vendor obviously has never let that repeat ever, ever, ever again. Of course. I've never had an issue with it. So again, I think it's one of those shocking things. It's like, who would want this and why? And like, you know, then you start to realize anything could be held for ransom, I guess, in terms of like your content or whatever.

[00:19:17] So yeah, it's interesting too, that they would hack the content system and not like registration or something. They may have tried for that. I'm not sure. The weakest link could have been the content system, right? I'm not sure what they tried for. We fight like hundreds and thousands of attempts on our hacking our systems like daily and weekly at RIM. So who knows if they tried? Who knows?

[00:19:41] Well, you clearly have some very tight cyber rules now around your shows, which, you know, sometimes we have to learn the hard way. But it's all learning opportunities, you know, for your team and your vendor as well. You know what we did with that actually? We now bring our chief information officer with us on site visits sometimes too. And he'll test the system. So stress test all the systems, it's Wi-Fi that's in place and really look for vulnerabilities to help protect our show more.

[00:20:07] And that's been a really good thing to add to our site visits and our planning of the event. Oh, I actually love that. I think that's a great idea. Everyone should do that. All right. Well, that's all the time we have for today. Stuart, thank you for joining us for an episode of Event About It. And tell us where can people find you and follow along on your journey at RIMS? I'm always on LinkedIn and Instagram. Two of my favorite things actually out there. So you can always find me on there for sure. And always reach me out to me at RIMS if they ever need anything.

[00:20:37] I have a deal about event risk management or anything else. I always love to be a resource to the community. That's amazing. And we're going to link, we're going to get into some of those resources in the after show and we'll link to them because you are, I think one of my favorite things about you is how transparent you are about some of the stuff that goes wrong and the learnings. And then you just put out all these amazing resources so that other people don't have to go through the things that you guys have experienced like cyber attacks on content management.

[00:21:05] So that's all the time for today's episode of Event About It, where we connect events and marketing and prove that live experiences aren't just logistics, they're a growth channel. If this episode made you think differently about how events drive pipeline, brand, or growth, make sure you're subscribed. That's how you'll catch what's coming next, including the event about it after show, where Stuart and I go deeper into what it actually took to rebrand a 60-year-old conference.

[00:21:32] What we both learned leading event organizations when the world shut down in 2020 and the crisis story we didn't get to today. And if you've got event or a story or a moment from the field that deserves to be unpacked, you can submit it at eventaboutitpodcast.com. Until next time, keep growing, keep laughing, and keep eventing about it.