Business resilience

What you’ll learn about:

Before 2020, business resilience was a smaller—though still important—capability for enterprises. Plenty of organizations understood resilience and its impact on business operations, but few implemented programs that developed resiliency for long-term success.

Today, business resilience is essential. No event has demonstrated this truth more dramatically than the COVID-19 pandemic. In fact, 90% of business leaders agree the pandemic raised the importance of risk management and corporate resilience. But even in the face of COVID-19, businesses had to keep pace with an evolving risk landscape and an increasing number of threats—all of which had the potential to strike a blow to critical infrastructure and operations.

That’s why building and strengthening business resilience is mission-critical to the future of any organization. Not only is resilience key to mitigating the short- and long-term effects of disruptive events, it’s also essential to growth and survival.

Let’s take a closer look at business resiliency and what can be done to create and maintain a more resilient organization.

What is business resilience in corporate risk management?

Although many businesses are still recovering from the global pandemic, they have taken a renewed interest in developing crisis contingency plans and other resiliency programs.

According to the International Organization for Standardization, resilience is an organization’s ability to adapt to a business disruption while maintaining operations under changing circumstances. In other words, a resilient organization is one that can absorb the initial shock of a disruption while also pivoting in response to its dynamic environment.

It’s important to note that business resilience shouldn’t be confused with business continuity. Although they’re related and often overlapping terms, business continuity planning is focused on immediate response and short-term operation. In contrast, resiliency approaches risk management with a long-term and proactive lens.

Moreover, business resilience is a combination of several risk management disciplines, including business continuity, disaster recovery and crisis management. But the bottom line: Resiliency is about planning ahead, anticipating disruption and adapting to changes as necessary.

Why is business resilience important?

Organizations that had at least some semblance of resiliency were able to keep critical business operations functioning during the pandemic and multiple, compounding crisis of the past several years. The others—those who lacked a resilient risk management posture—were more exposed to consequences such as the following:

  • Significant financial loss
  • Reputational damage
  • Threats to employee health, safety and wellbeing
  • Loss or disruption of critical infrastructure
  • Loss of corporate data, assets and other resources

According to the Bain Resilience Index, high-resilience firms have nearly double the survival rate of low-resilience organizations. That means resilience is becoming synonymous with survival. And when you consider the increasingly sporadic and unpredictable threat vectors that put organizations at risk, it’s plain to see why resilience is garnering so much attention.

The business resilience plan 

Anticipating disruption is fundamental to resilience. But to anticipate a disruptive event, you need to be forward-thinking—that’s where the business resilience plan comes into play. 

A business resilience plan is a document designed to help organizations navigate business disruption and return to a state of acceptable operation. In short, it outlines the necessary steps a firm should take to mitigate and survive a crisis. The basic contents of a business resilience plan include the following:

  • Business impact analysis: Evaluates the potential consequences of a disruption.
  • Risk assessment: Identifies risk factors with the potential to cause harm.
  • Risk management plan: Documents steps taken to keep risks in check.
  • Business continuity plan: Outlines how the business should continue to operate during a disruption.
  • Disaster recovery plan: Describes how a firm can quickly minimize the impact of a disaster so the organization can resume operation.
  • Crisis management plan: Outlines how to respond to a situation that negatively affects profitability, reputation or ability to operate.
  • Incident response plan: Describes procedures for identifying and responding to an emergency incident.

Benefits of resilience planning 

Business resilience isn’t merely a survival strategy—it’s an ongoing competitive advantage. Take the impact of a natural disaster, for example. When an extreme weather event strikes a manufacturing plant, it not only halts operations at that one facility, but also triggers a domino effect that’s felt across the supply chain. An effective business resilience plan provides the framework a firm needs to mitigate the ongoing ramifications of the disaster and accelerate recovery.

Thus, business resilience planning offers three key advantages:

  • Improved risk detection: Resilient firms don’t just wait for disruption—they anticipate and prepare. This enables them to recognize, mitigate and respond to risk more quickly and effectively.
  • Stronger elasticity: Resilient businesses are like rubber bands in that they can stretch to their limit and return to form. With a well-prepared and agile response plan, they can withstand the initial shock of unexpected disruption and rebound to an acceptable state of operation.
  • Greater recovery: Resilience enables organizations to thrive in their new post-crisis environment because of their ability to adapt and overcome the new normal.

What does business resilience look like in 2022?

COVID-19 may have been an eye-opener for most businesses, but the truth is that resilience has been a long time coming.

Business leaders must contend with a risk landscape that is more complicated, less predictable and increasingly difficult to manage. This includes a multitude of risk factors that are increasing in frequency and severity over the past 30 years. And global uncertainty, climate change, geopolitical risk, cyber attacks and natural disasters are all on the rise.

Here’s the problem: A substantial number of firms still lack the resiliency to keep up with the accelerating pace of the risk landscape. According to FERMA, just 57% of businesses believe they’re equipped to manage resilience, and nearly three-quarters of them see a clear need to strongly integrate resilience into their organizational strategy.

6 areas of business resilience 

The good news is that there are six fundamental areas of focus that business leaders can use to develop and strengthen resilience:

  • Financial resilience: Organizations are often blinded by short-term returns and not focused enough on long-term financial risk. Balancing the two with a solid capital position and sufficient amount of liquidity is key to mitigating fluctuations in revenue, cost or credit. For example, in 2016 Samsung Note 7 smartphones would catch fire under certain conditions, prompting a $5.3 billion recall. The crisis may have put Samsung’s smartphone operation in jeopardy, but it was able to quickly recover because of its flexible investment portfolio.
  • Technological resilience: Businesses that invest in secure, flexible technology stacks and operationalize high-quality data are better equipped to deliver projects safely, on time and under budget. They’re also able to develop a robust IT disaster recovery plan to avoid service outages and maintain critical business operations during a disruptive event, such as a cyber attack or similar incident.
  • Organizational resilience: Employee acquisition, retention and satisfaction are big parts of mastering organizational resilience. Firms that foster diversity and inclusion, develop a culture of agile learning and secure top talent are able to more flexibly navigate fluctuations in the workforce, such as the “Great Resignation.”
  • Operational resilience: Supply chain disruptions can undermine productivity and send business operations into disarray without contingencies in place. Resilient organizations are able to pivot to meet sudden changes in supply and demand, such as by adding redundancies to their supply chain.
  • Reputational resilience: Consumers, employees, investors and other stakeholders are holding businesses accountable for their actions and values. Resilient organizations bridge the gap between the two and closely align what they say with what they do. They embrace accountability, are open to change and actively listen and respond to societal expectations.
  • Business-model resilience: Traditional business models were put to the test when the pandemic forced companies to shift to remote work. Firms with flexible models in place were able to quickly adjust as needed, which enabled business continuity during a time of uncertainty.

When organizations embrace the six areas above, they’re better positioned to anticipate disruption, mitigate its effects, adapt to changing circumstances and thrive in the future. According to Boston Consulting Group (BCG), these advantages are what enabled just 12% of organizations to emerge from the pandemic as “New Winners” — those that not only survived the disruption, but used it as an engine for growth and transformation. 

Develop a resilient business

Implementing resilient strategies is much easier said than done—especially when organizations lack a proper understanding of risk and resilience. There are three main barriers to becoming resilient:

No. 1. The returns are long-term: 

Many businesses are focused on short-term returns rather than long-term sustainability. Achieving resilience requires a multi-timescale perspective—one that accounts for both immediate and future continuity. BCG estimates that roughly 60% of companies are preparing to navigate a likely recession, but only 40% are preparing for a rebound in demand. Even fewer have begun reimagining their business for the post-pandemic environment, meaning that most organizations aren’t adapting to the new normal.

No. 2. Plans are too static:

Companies are primarily concerned with creating fixed continuity plans rather than dynamic ones. But risk isn’t set in stone—it’s ever-changing and unpredictable. Stable plans are only effective when the causal relationship between incident and impact is clear. 

No. 3. Business leaders need convincing:

Strategies for business resilience often create value differently than an organization’s typical activities. For this reason, it may take clear evidence and explanation to convince decision makers that resiliency strategies are a worthwhile investment.

Building resilience: Strategies and best practices

Implementing a culture of business resiliency throughout an organization doesn’t happen overnight. But with time, dedication and a few basic strategies, businesses can get started in the right direction.

The following are tangible actions and best practices business leaders can use to win executive buy-in, develop strategic resilience and elevate their risk management abilities:

  • Integrate risk into everything: Consider resilience as both an opportunity and an imperative to expand the organization’s scope beyond the limits of short-term return. By assessing the impact of lost or reduced functionality in every business operation, you can coordinate a tailored response to mitigate a potential disaster.
  • Discuss resilience in terms executives understand: In other words, measure resilience in terms of the bottom line. Communicating the relative cost of disruption will help convince executives that resiliency is a critical component of growth and sustainability.
  • Be a forward-thinker: Look past the short term to help business leaders see the long-term implications of disruption. Shifting time horizons outward allows organizations to see the bigger picture and turn crisis into opportunity.
  • Identify strengths and weaknesses: Know where your vulnerabilities are. This is key to understanding the risk environment. Test your resilience strategies against various scenarios to better analyze performance and implement improvements.
  • Embed resilience within first-line teams: People are an important piece of the resilience puzzle. Ensure frontline employees are integrated into the resilience framework, which empowers them to participate in risk management and enhances their ability to spot and respond to disruptions.
  • Establish an early-warning system: The faster a threat is identified, the sooner it can be addressed and the faster the organization can respond. Third-party solutions, such as a real-time information tool, can be leveraged to kick-start incident response and get ahead of potential threats.

Foster resilience by operationalizing real-time technology

Although there’s much debate about how businesses should quantitatively measure resilience, there are four qualitative factors that all resilient organizations have in common. A truly resilient business can:

  • Identify and assess risks that threaten critical infrastructure.
  • Locate people and assets that might be in harm’s way.
  • Execute standard operating procedures and protocols.
  • Analyze performance before, during and after disruption and crises.

Mastering all four of these conditions is no easy task. But by implementing a real-time alerting solution like Dataminr Pulse, businesses can rise to the challenge faster than ever before.

Dataminr Pulse processes billions of units of information daily pulled from hundreds of thousands of publicly available data sources to detect the earliest indications of emerging risks and high-impact events—often within seconds or minutes of their occurrence. Combined with geovisualization capabilities, Pulse helps security teams locate and safeguard people and assets during a crisis by providing rich visual context. 

For example, when severe weather struck Western Europe, Dataminr Pulse alerted customers about potential flash floods in the area using geo-location data. This allowed customers to view relevant data at the hyperlocal level, prioritize risk by area and ensure business continuity.

Pulse’s collaboration capabilities also enable customers to develop their own iterative response playbooks. They can then quickly move from risk detection to mitigation—a critical advantage when managing a high-risk situation. And they can use real-time and historical data to assess incident management performance from end to end, including any lingering effects on the business.

As a result, those who employ Dataminr Pulse are better able to maintain business continuity and achieve the business resiliency needed to grow and compete today and tomorrow. 

Learn More

Request a demo today to learn more about the power of Dataminr Pulse. 

August 18, 2022
Risk in real time

Risk in Real Time newsletter

Sign up for our monthly newsletter for the latest on security and business trends, news and insights.

SUBSCRIBE
  • Business resilience
  • Corporate Security
  • Insight

Related resources

eBook

Dataminr Guide to Cyber-physical Security Convergence

Dive into this comprehensive guide to cyber-physical security convergence with definitions of cyber-physical risks, trends and tips for risk mitigation.

Insight

Innovate or Stagnate: Why CSOs Must Embrace an Innovation Mindset

Chief security officers are managing unprecedented levels of disruption—requiring them to not just adapt, but innovate, if they are to effectively safeguard their organization and strengthen resilience.