Duane Lohn
Senior Managing Director

Business Continuity, Crisis Management, Cybersecurity, & Mobile Technology Expertise

Duane Lohn is a Senior Managing Director at Ankura with extensive experience in advising risk, compliance, legal, and audit committee members and board committees on operational risk and resilience, specializing in emergency and crisis planning, business and operational continuity, data security, and cybersecurity. He is based in Phoenix.

  • Experience

    Duane focuses on crisis management frameworks, disaster recovery, and emergency and crisis communication tools for a broad portfolio of private-, public-, and education-sector clients around their governance, risk, and compliance initiatives, and supporting their response to disruptions and crises. He understands the complex but practical relationships among cybersecurity, operational downtime, organizational resilience, and sustaining of long-term organizational reputation through confidence in leadership and oversight decision-making, governance, and management.

    He has led and participated in several large global rollouts of mobile app technology for cyber incident response plans, and business continuity, emergency, and crisis communication plans. This also includes escalation and notification capabilities.
    Before joining Ankura, Duane was a managing director at FTI Consulting, a managing member and co-founder of Risk Solutions International LLC, a senior vice president of Marsh Risk Consulting, a senior manager at KPMG, and a member of senior management at Campbell Sales Company.

    Duane’s professional experience includes:

    • Leading and participating in data warehouse projects and initiatives at major global clients. This includes a rapid assessment diagnostic for the data warehouse of an American multinational technology company that included a global road map on implementation and findings.
    • Leading risk management, information security, and data governance teams to assess gaps in the cybersecurity programs of Fortune 500 and mid-market insurance companies, pension plans and financial institutions in conjunction with the New York State Department of Financial Services’ new cybersecurity regulation, 23 NYCRR Part 500. This team conducts expert risk and gaps analyses, develops aggressive compliance strategies and road maps, and guides implementation of cybersecurity programs. They also identify high-functioning candidates for chief information security officer roles, as well as advise on program governance.
    • Leading teams that have performed Health Insurance Portability and Accountability Act security rule assessments and gap analyses, provided compliance road maps, and validated remediation efforts for leading clinical and teaching healthcare facilities, electronic patient record providers, and consulting and law firms. His teams have conducted readiness assessments for clients facing audits from banking and financial regulators. Duane has participated with teams that have conducted payment card industry security assessments and examined the security and fraud controls used by global retailers and ecommerce companies, comparing them with industry best practices.
    • Managing specialized teams who work with utilities and surface transportation authorities and airports on cybersecurity risk assessments of industrial control systems, business continuity programs and approaches to enterprise risk management.
    • Acted as principal administrator on two research teams engaged by the Airport Cooperative Research Program of the Transportation Research Board of The National Academy of Sciences, and by the Federal Emergency Management Agency. In these roles, Duane’s teams studied and reported on resilience issues in the US airport sector, and developed custom software products to help airports develop their business continuity and emergency management plans. For FEMA, Duane led multiple teams in the state of Nevada that developed continuity of operations planning curricula and facilitated business recovery workshops in FEMA Region IV, along with most agencies across the state of Nevada including cities, counties, towns, and tribes, as part of UASI and Homeland Security grant initiatives.
    • Coordinated teams that have been engaged by numerous universities, colleges, and large public school systems to review their safety, security, and emergency management programs, staffing and training, develop effective new crisis management plans, provide training and tabletop exercises, and to build continuity of operation plans. Duane has hosted several town halls for K-12 schools in the state of Nevada on school safety and crisis and emergency management planning.

  • News & events
    • Association of Financial Professionals Conference, 10/2016, Orlando, FL, with Denis McCarthy
    • American Association of Airport Risk Managers Conference, “Airport Business Continuity,” 6/2015, San Diego, CA
    • Crystal & Company, 10/2015, “Supply Chain Risk Panel,” Houston, TX
    • Brokerslink Conference, 3/2015, “Cybersecurity Risk in Latin American Enterprises,” Miami, FL
    • Phoenix RIMS Chapter Luncheon, 10/2015, “Cybersecurity Resilience,” Phoenix, AZ
  • Insights & innovation
    • “Cybersecurity: An Advisory Opportunity for the Legal Profession,” New York State Bar Association, 2015 and 2017
    • “The Cybersecurity Imperative for Higher Education,” University Risk Management and Insurance Association, 2015
    • “Damage from Data Breaches in the Retail Sector is Diminishing but Progress is a Mixed Bag,” FTI Consulting, Inc. 2015
    • “Why Underwriters Should Require Business Continuity Plans From Insureds,” Carrier Management Magazine.com, 11/2014
  • In the community

    • Junior Golf, Risk and Insurance Management Society (RIMS)