21st century resilience
Getting it and keeping it
Faced with challenges from natural disasters and human infrastructure calamities, today’s organizations need to be able to respond to a crisis. Whether it’s a mere technical glitch, human failure, or a full-scale catastrophe, there will still be an impact on day-to-day operations and, ultimately, on business reputations.
- A risk-based world
- Evolving perspectives
- Moving toward resilience
- Resilience confidence
- Meet our leaders
A risk-based world
The world in which we live is changing, and the threats we face in the 21st century seem to be growing both in volume and complexity. Each day, we grow more connected in terms of technology, economics, and infrastructure than we have ever been in the past.
While natural disasters often grab headlines, human-caused events can also have widespread consequences. Because these crises and disruptions are so deeply linked with the very nature of the businesses we conduct and how we pursue them, it’s increasingly important to view risks as more intrinsic and ubiquitous than exceptional. They are no longer once-in-a-lifetime concerns.
In other words, risks are a part of the spectrum of operational factors that organizations should build around. To encompass those factors means focusing not just on “recovery,” but also on agility and ever-greater resilience so as to reduce the impact of events and speed up response. In short, organizations should consider the risk of their business decisions, integrating and strengthening their traditional crisis management capabilities under a new rubric that prepares them to be ready for anything.
Traditional standards and fundamentals of business continuity management (BCM) were largely defined between 1995 and the early 2000s—which came before social media, mobile technology, cloud computing, and ubiquitous analytics. In the face of this change, traditional BCM standards were still important. But they weren’t enough.
Today, instant is the word and 24/7/365 availability is the norm. In the years since BCM became a defined activity, financial markets have become truly global and supply chains have continued to evolve, with less “slack” and more points in the chain that can cause critical problems when there is a failure.
In contrast to the sedated vision of BCM that has predominated for so long, today’s risk picture demands both speed and a response capability that isn’t an afterthought or an add-on. While it might once have been acceptable to frame risks around a laundry list of familiar natural or human-caused mishaps—such as fires and floods—that’s no longer enough. Delivering resilience in a 21st century context means having some kind of “decision engine” that enables an efficient and effective response to the risks and threats to which a company is exposed.
Moving toward resilience
Previously, the foundation of BCM included:
- Key risk indicators
- Number of disaster plans created and catalogued
- Frequency of updates
Counting things may provide some metrics, but those plans rarely inform executives of their actual ability to respond to and recover from disruptions. A clearer indication is needed that the data “counted” reflects the critical elements of the organization and its risk exposure. Data needs to be transformed into information that enables decision making.
People are also part of the strategy. Risk and resilience belong to everyone in the organization.
Tapping into the organization’s collective wisdom and orchestrating the results can make resilience part of the fabric of the business.
Risk professionals need to engage at many levels in the organization to carry this message. While risk needs to become everyone’s job, awareness and knowledge of risk issues should flow upward in the organization, so they can be assessed on a strategic level and dealt with effectively, with the best possible resources.
The end result of resilience thinking should be resilience confidence: an objective, risk-based measurement unique to each organization that provides a clear sense of a company’s ability to respond to disruptive business events, while also offering clear guidance on correcting underperforming areas.
What does resilience confidence look like? It involves not only assessing risk but also determining what should be required to recover, replace, or rebuild critical business processes in the wake of business disruption, and in particular, the ability to meet recovery objectives. It’s both a plan and a toolkit.
The great truth about resilience is that, as an attribute with day-to-day business value, it isn’t helpful only when disasters strike—it can strengthen an organization and help improve agility at every level. Resilience is an attribute to strive for. And it may well be a requirement for the successful 21st-century organization.
Download the PDF to read the full article, which first appeared in Issue IV of Inside magazine, published by Deloitte Luxembourg.