Six practical steps to increase organizational resilience
Although crises have always been around, their origins and effects are changing drastically. Many organizations are well prepared for traditional crises such as fires, floods or single system failures. Transboundary crises however, don’t stop at geographical, political or functional borders, and are therefore not limited to a single dimension.
Claire Bakker, Ferry Noordzij & Jurgen Schot - 13 june 2016
There are two main reasons for the change in the origins and effects of crises1. The first is that there are alterations in the current threat landscape. New technologies cause new threats, and traditional threats are evolving and taking on new forms – for example, IT has taken regular combat into the cyber sphere, creating cyberwarfare. Infectious diseases such as Ebola can also easily spread, because technology makes it possible for such viruses to fly from one side of the world to the other in less than 24 hours.
Secondly, critical infrastructures are more and more intertwined and connected. This digitalization makes our world more efficient, but also prone to abuse. A glitch in one system can have tremendous cascading effects that are tangible throughout the whole spectrum. The recent cyber hack of the electric power grid in the Ukraine (2015)2 and the ransomware attack on Israel’s Electric Authority (2016)3, show how large power outages could have the ability to affect entire companies and citizens dependent on the grid.
How can organizations prepare for these new types of crises?
- Make sure effective monitoring is in place. Monitoring is necessary to pick up warning signs that signal a crises is on the horizon. In our transboundary world, it is not only necessary to monitor one’s own direct environment, but also the indirect environment of vital partners in the network. Effective monitoring of both the technical network and geopolitical events, can lower the probability and impact of a crisis in one system, leading to consequential damages in another. Besides timely identification of potential risks, adequate response capabilities need to be in place.
- Draw up an inventory of critical network partners and systems. Organizations usually operate within a networked model, where parts of critical business processes are managed by network partners (e.g. suppliers, government, private sector, security services). Having an overview of network partners and systems ready saves valuable time at the beginning of a crisis.
- Establish clear responsibilities within the network. Third parties often provide parts of an organization’s infrastructure. They should therefore be part of the organization’s threat landscape, response organization and crisis management approach. Roles and responsibilities need to be clearly defined in order to prevent confusion in times of crises. Furthermore, agreements with key partners in the network should be legally incorporated into contracts in order to avoid confusion or judicial problems.
- Communicate collectively and to all stakeholders. Multiple communication strategies from various parts of the organization’s network are not desirable in times of crises. This poses the risk of more damage, affecting both the immediate situation as well as the long term relationships and reputations of the organizations involved. Effective crisis communication disseminates accurate information to all stakeholders in a timely and understandable manner. The message should be coherent between all (network) organizations communicating about the situation.
- Formulate potential future crises scenarios as soon as possible. The origins, trajectories and impacts of transboundary crises have, as opposed to traditional crises, an even higher rate of uncertainty and unpredictability. This makes thinking in different scenarios a very important aspect of the crisis management strategy. In the preparation stage it is recommended that organizations make an overview of changing risks and corresponding crisis scenarios every quarter. Regarding the response, it is important to identify potential scenarios (worst case, best case, most likely) shortly after the initiation of the crisis. This is beneficial for the strategic decision making process and can help to get the organization ‘in front of the crisis’.
- Conduct exercises regularly, creating trusted partners within the network. Training and exercising is important, no matter what the crisis may be. Transboundary crises however, ask for tight collaborations with network partners not only during the crisis, but also in the preparation stage. It is therefore recommended that these entities exercise together to create trusted (public-private) partnerships, leaving no room for error or uncertainty when dealing with the real thing.
Transboundary crises are complex, because they are not bound to one dimension. In the current networked world, interconnected systems create lots of dependencies. Crises in this context are therefore much harder to effectively prevent and control. However, preparation is the key to success, and incorporating the six practical principles above in organizations and their network partners is key. This will provide a strong collective approach for managing transboundary crises and an increase in organizational resilience.
1Boin, A., Ekengren, M., and Rhinard, M. (2014). Transboundary crisis governance. In: Sperling, J. Handbook of Governance and Security. Edward Elgar Publishing.
2The Guardian (2016). Ukrainian blackout caused by hackers that attacked media company, researchers say. https://www.theguardian.com/technology/2016/jan/07/ukrainian-blackout-hackers-attacked-media-company
3Computerworld (2016). No, Israel’s power grid wasn’t hacked, but ransomware hit Israel’s Electric Authority. http://www.computerworld.com/article/3026609/security/no-israels-power-grid-wasnt-hacked-but-ransomware-hit-israels-electric-authority.html
More information on crisis management?
Do you want to know more on crisis management? Please contact Theodorus Niemeijer at +31 682019385