Organisational ResilienceWhat on Earth is Going On?

Growing a global resilience technology business has its pros and cons. Rather than telling you my sob story of long flights, airport delays, jet lag and soulless hotel rooms (yes, yes, cue the violin), I thought I’d reflect on a few observations that came from four weeks on the road from Australia, to the UK, Europe and the US of A.

If you’ve heard my take on our profession before, you’re probably aware I take a no holds barred approach to calling out things that are holding us back, as well as the opportunities to leverage.

If you’ve not heard much from me before, be warned you might not like or agree with what I’m about to say.

So ready? Here we go.

 

The UK – Is it Resilience, Organizational Resilience, Operational Resilience, Business Continuity? Who Cares?

First stop Britain, with its third prime minister in as many months. The UK provided a chance to connect with resilience practitioners globally at BCI World.

Are we really still arguing about Operational Resilience vs Organisational Resilience?

Yeah, it turns out we are.

While organizational heads are looking for ways to true-up their ability to become more resilient, build risk awareness and engage staff on the journey, many practitioners are still in a war over definitions and terminology. This discussion still dominated the conference, which begged me to ask myself: do we not have bigger issues to tackle?

There are, however, signs of a changing of the guard. During our panel discussion of “The Land of Confusion”, I made a bold move to bust the myth that you need a plan before you exercise a team.

After the oxygen left the room of 100+ practitioners, you could hear a pin drop. Only minutes before, the same audience had admitted by a show of hands that very few (1 out of 100) had actually picked up a business continuity plan during their last critical event. While the room was quiet, no less than 6 resilience professionals came up to me personally after the session to thank me for throwing that down the gauntlet at my own peril.

So we’re not picking up plans. But the majority of us still feel shocked at the concept of not relying on a plan.

  • Are we ignoring the obvious melting of our own iceberg?
  • Do we put that much value on our ability to create a plan, over the ability to influence people?
  • Are we protecting a set belief that only our discipline believes in?
  • As resilience practitioners, are we listening to what our customers (internal stakeholders) are saying?

When you argue that Business Continuity is different from Resilience – does anyone hear you, or is it a tree falling in the empty woods?

If resilience is a journey of continuous learning and improvement, and you don’t pick up your plan during a crisis…is there still room for a plan, in a crisis?

Hate on that question all you want, but before you do, don’t forget to self-reflect. The future of our profession relies on it.

 

 

Europe – The Closer You Get, the More Real it Feels

The drums of war might not yet be beating, but they’re keeping a lot of people awake at night. Through discussions with locals both in the risk and resilience profession as well as out, the energy crisis associated with the conflict between Ukraine and Russia was a prominent concern. Some people went so far as to predict greater conflict throughout Europe in the coming year(s).

While this came up in conversation in the UK, the proximity to the conflict made this concern not just a topic of conversation, but an active monitoring of the threat of conflict.

Ask any Australian about the energy crisis in the UK and Europe and it will not be featured at the same level of distinction as it will at a local level.

The immediate takeaway here, is just how important it is to get up close and personal to your counterparts internationally to truly understand the global threat landscape.

While risk reports are helpful, they lag. Threat intelligence is useful, but it’s immediate and tactical in nature. It does not allow for planning at a holistic level.

Taking the time to work with your local counterparts in the various regions of your organization allows us to get a first-hand account of the threats that are featuring high on the radar. COVID obviously put the brakes on a lot of travel and travel budgets, as well as a personal appetite to travel. Video conferencing certainly helps bridge the gap but when you sit down and break bread with colleagues or clients, you feel the intensity of their concerns. A topic that gets replayed several times in conversation over a boardroom table, a coffee table, or a dinner table, requires consideration. If you’re sitting there thinking that your role is about building a plan from the safety of your home office, or local site….and not building your network across your counterparts globally, you’re in the wrong job. Sorry, not sorry.

The big questions for resilience organizations navigating global and distributed threats:

  • Have we tailored our preparedness to the local conditions?
  • Have we microsimulated (at the very least) how impacts of a conflict at a local level, may reverberate to the organization at a regional/global level?
  • Do we have a strategy for safe passage, for succession, for workarounds of critical functions, for the loss of critical infrastructure due to state-sponsored cyber attacks?
  • What are the immediate and going impacts to safety and welfare, supply chain, third-party vendor risk, and economic impacts?
  • Are we empowering our local teams with the knowledge and capability to both prepare for and respond to a rapidly escalating situation with agility, that prioritizes what’s truly important – or are we disengaging them with a resiliency campaign focussed on hurricanes?

 

The US of A – Rates Go Up, Budgets Go Down

Economic recession, be it technical or not, is now flowing through the halls of organizations everywhere. With six rate hikes taking place in the space of 2022, there is an undercurrent of economic instability in every major city between New York and Los Angeles.

The rush to the end of the year is well and truly on, and the Risk and Resilience business case for 2023 has never been more important.

Despite mass redundancies making headlines from coast to coast, the recruitment market for skilled professionals remains hot.

Which escalates the importance of retention and team engagement.

Questions for those building career pathways for Risk and Resilience:

  • How does their role align with their future pathway?
  • What opportunity are they getting to work on innovation in resilience as opposed to being on the Business Impact Analysis hamster wheel?
  • Where are they going for new ideas to fuel the organization’s ability to create impact and efficiency in resilience?
  • How long will the budget for professional development remain constrained?

Talent shortages and salary hikes are also creating a new wave of demand on program efficiency and scalability. With technology shaping the fabric of every organizational function from customer service to supply chain, there has been a marked shift from executives charging teams with finding new ways to achieve more with less.

Key questions for those embarking on a digital transformation initiative:

  • Is your 2023 resilience strategy reliant on using methods from 2021?
  • Is your organization digitizing a manual process, that simply puts the process in the cloud, or does it truly create tangible efficiency and/or impact?
  • Are you staring down a 6-month implementation or is time to value empowering your team to demonstrate quick wins in the first 30 days?

In a vacuum of government stimulus and the upbeat notion of economic growth, comes a scrutiny your team might not have felt since the Global Financial Crisis. If you didn’t have the opportunity to work through and fight for budgets during the Global Financial Crisis, find yourself a business-centric mentor quickly to help you navigate.

 

 

Australia – There Goes My Data….Again.

The headline of cyberattacks that plagued some of Australia’s largest organizations this quarter is dominating discussion in the boardroom, in elevators, and at dinner tables nationwide.

As millions of Australians feel the personal effects of a series of data breaches, boardrooms everywhere are questioning yet again their cyber security posture, their response capability and insurance coverage. Brand and reputational impacts are taking a front row seat in the journey to resolution.

The recent cyber events in Australia have had such an impact that a new collaboration between the ACSC (Australian Cyber Security Centre)  and UK’s NCSC (National Cyber Security Centre) has formed, with the centres committing to improving each nation’s cyber security posture and protecting their networks from cyber threats.

Conclusion

What does this mean for your organization? Never let a crisis go to waste.

The optimism bias regarding catastrophic cyberattacks “never happening to us” should be on its knees right now.

There is a unique and timely opportunity to harness the lessons from these attacks to support your program’s traction, be it for bolstering your support for new initiatives at an executive level, or highlighting the reality of the threat at an operational level.

Before long, the world will turn, the holiday season will settle nerves and headlines turn to natural catastrophes and other current events.

Interested in a global exchange of perspectives about the future of Risk and Resilience? Join us in December at The Big Resilience Reset for a discussion on how firms around the world are integrating risk and resilience into mainstream business practices.

Author:
Marcus Vaughan
iluminr Cofounder & Chief Growth Officer