Be resilient - Be a bacteria | Cyber Security | Deloitte Netherlands


Be resilient - Be a bacteria

Is your organization prepared for the next disruptive trend?

According to “The Guinness Book of World Records”, the Deinococcus radiodurans bacteria is one of the most resilient living things known to man. This creature is able to withstand extreme temperatures, vacuum, acid, and even radiation. It adapts to the ever changing environment, continues to thrive and is able to fight off upcoming threats. What can organizations learn from this bacteria?

Nabeel Siddiqie, Jurgen Schot & Joeri Tolboom - 2 mei 2017

In 2011 Nokia CEO Stephen Elop published a memo on Nokia’s internal blog. In this memo he highlighted several reasons why he thinks Nokia’s profits were falling and why they were not able to keep up with the competition. One of the reasons he gave was the following: “For example, there is intense heat coming from our competitors, more rapidly than we ever expected. Apple disrupted the market by redefining the smartphone […]” In other words, Nokia was unable to foresee and adapt to changes in the business environment. Two years later Nokia’s decline culminated in the sale of its smartphone business to Microsoft for $7.2 billion.

Why is resilience important?

There is a lesson to be learned from the example above. Organizations that operate in a rapidly changing environment need to be resilient – the ability to adapt to changes and swiftly return to business as usual – in order to ensure their survival. Very often, this is a strategic topic discussed at boardroom level only. However, resilience is also about day to day business operations. After all, the fact that packages cannot be delivered due to extreme weather conditions has consequences for an entire postal company. Resilience should thus be realized on all organizational levels.

What is meant by resilience?

Resilience is an enterprise’s integrated capability to anticipate, prepare (for), respond (to) and resolve potential value killers, enabling business agility in the light of any change or disruption. In essence, it is composed of three key values: anticipate, respond, and recover.

  • Anticipate: prepare and coordinate people, process and technology in order to be ready for (potential) disruptions. This includes awareness, exercises and simulations to train and test this capability;
  • Respond: organize and initiate effective real-time response in order to contain and eradicate (potential) disruptions. This includes timely communication and monitoring;
  • Recover: support the organization in resolving the disruption and adapting to the “new” business environment. This includes regulatory and compliance, disaster recovery and business continuity management efforts. It is this phase where things for Nokia went awry. They tried to recover from a disruptive event (the launch of the iPhone), but they did not realize that they had to recover to a ‘new normal’, a world where the phone had evolved into a true smartphone, changing consumers lives.

Achieving enterprise wide resilience thus results in an organization that can withstand the most extreme, rapid and disruptive changes and leverages them as opportunities. In sum, resilience does not only ensure survival; it also provides a sustainable competitive advantage.

Building resilience

To build resilience, organizations need to take the following three steps:

  1. Monitor the environment. To be able to adapt in time, it is crucial to know what is going on in your environment. The best event to be prepared for is the event that you can predict or foresee. Therefore, organizations should invest in monitoring. Early knowledge of a disruptive event can gain an advantage, albeit a threat or opportunity;
  2. Create an integrated resilience function. Many organizations view emergency response, crisis management, business continuity and disaster recovery as separate silos. However, these are interconnected disciplines with large dependencies, which especially become clear during an actual crisis. Organizations should implement a holistic governance organization, processes and procedures, and they should align and integrate these disciplines;
  3. Practice, practice & practice. Processes and procedures only provide a framework for improvisation once a disruptive event occurs. Knowing what to do, with whom and at what moment should be known in the hearts and minds of key personnel. Training and exercising is the only way to achieve this.

Implement these steps properly, and your organization increases its resiliency and its ability to adapt to a changing environment, just like the Deinococcus radiodurans bacteria. There is however one catch: whilst the Deinococcus radiodurans had millions of years to evolve, organizations do not. Our next article will therefore cover the challenges of processing critical information and decision making under extreme time pressure.

[1] The Guardian, ‘Nokia's chief executive to staff: 'we are standing on a burning platform’ (09-02-2011) (25-04-2017).


More information

For more information please contact Theodorus Niemeijer at +31 (0)88 288 19 78.

Vond u dit nuttig?