Resilience isn’t just a buzzword—it’s a necessity in today’s volatile world. In this edition of Gamechangers in Resilience, we are thrilled to sit down with Terry Downing, a true titan in the fields of operational resilience, business continuity, and crisis management. Terry’s career spans an incredible array of industries and institutions, from the British Army to global powerhouses like Mastercard, Citi, IBM, and Legal and General.
In this interview, Terry shares insights from his extraordinary journey, lessons learned from navigating complex crises, and his vision for the future of resilience in ever-changing times. Whether you’re an industry veteran or just starting your resilience journey, Terry’s expertise and passion for making a difference are sure to inspire. Let’s dive in.
Q: How did you get your start in Operational Resilience?
Terry: I suppose I could say at 18.5 years old when I joined the British Army designing, building, and maintaining mobile and fixed voice, fax and data infrastructure. Only, in those days, the ability to continue to communicate with less than 50% of the infrastructure was the norm.
Q: With the increasing convergence of physical and digital risks, what do you see as the most significant challenges in integrating Operational and Cyber Resilience strategies?
Terry: Personally I do not see much of a difference handling a complex risk whether physical, digital or a blended threat. I have always prescribed to prepare for the unknown, train people to think on their feet, adopt, adapt and respond rather than follow a specific scenario because what ever is the threat it will more than likely be something that has not been thought of.
Q: What lessons can Operational Resilience leaders learn from the approaches used in cyber resilience, particularly in areas like response and recovery?
Terry: I would suggest that both Operational Resilience Leaders and Cyber Security Leaders should be one and the same to be honest. The command and control is the same, if you follow the NIST approach, it is only the specialist technical skills that are needed to identify, validate, isolate, resolve, repair, resume and improve that needs to be specific. The incident / crisis management response and recovery has the same objectives where is a physical or cyber threat. A threat is a threat. The objective is to minimize or prevent any impact to customers, services and organization.
Q: Executive and board engagement is often cited as a critical factor in resilience. What are some ways you’ve successfully gained buy-in and sustained their attention on resilience initiatives?
Terry: An interesting question that deserves a good answer and I think one that everyone struggles with. These days we do have the benefit of our industry (in the financial, CNI and utility worlds) of specific regulation where executive boards have to demonstrate knowledge, skiils (Cyber and Operational Resilience), engagement and leadership.
Resilience can only work if it starts at the top. A focused resilient culture starts with the C-level. Otherwise, as Dr. Peter Drucker once said, “Culture eats strategy for breakfast”. This is very true and it’s the same for trust.
Where there is no trust there is no real true resilience because self-preservation becomes the culture.
Q: How do you balance the need for high-level strategic alignment with the more tactical aspects of building resilience across an organization?
Terry: Haha…you are really asking the tough questions.. Operational Resilience should be part of the organization’s business strategy. Business and Operational Resilience framework strategies are not separate from each other.
The Operational Resilience strategy is the business strategy in action. Operational Resilience is really just an organization proving it can meet its commitments to its consumers.
Nothing more. Isn’t that what a business strategy should ensure?
Q: What role does storytelling play in engaging leaders, and how do you craft compelling narratives around Operational Resilience?
Terry: Storytelling is a key tool in the Operational Resilience professionals kit bag. Being able to use stories and analogies based on relevant, factual information is paramount to getting concepts and reasons across. However, this requires the storyteller to actually have experience and be able to adapt to the audience on their feet.
Q: How do you approach fostering a culture of resilience within an organization, especially across diverse teams with varying priorities?
Terry: Firstly, as I stated earlier, a culture of resilience has to start at the top, be highly visible and continuously promoted.
The best way, I have found, is to create a network of champions who are trained, encouraged, and rewarded to keep Operational Resilience top of people minds.
It is also very important to have each Executive Leadership Team be accountable for their units culture of resilience. There needs to be internal marketing with celebrations for annual success stories but also not have a blame culture for failure. See them as improvement opportunities and celebrate people for fixing the problems. Again this comes down to a culture of resilience and trust.
Q: As Operational Resilience continues to evolve, what skills or mindsets do you think are most critical for professionals to develop?
Terry: How long have I got? I am very fortunate to have an engineering background, having attended Ashbridge Business School and the opportunities to build several Business Continuity, Disaster Recovery and Crisis Management solutions for major organizations. Today’s Operational Resilience professionals need to be able to talk both technically and business, they need to be investigative, analytical, adaptive, problem solving, engaging, educators, consultants, facilitators, mentors and be able to get their hands dirty when called to do so. Be constantly learning, thinking bigger picture but able to drop down to an operational level as needed.
Q: If you could give one piece of advice to organizations just beginning their journey in Operational Resilience, what would it be?
Terry: Only one?
That is difficult.
Hire a senior certified Operational Resilience expert who sits on the board just as they have a CISO today.
As a second piece of advise … Start at the top with a culture of Resilience and Trust based on their organizations needs and not those of a cookie cutter approach. Remember: culture eats strategy for breakfast.
Q: What is your leadership playbook you are building in real-time?
Terry: Not sure I have one. My approach is to be true to my own core values (#CHILLER) and do no harm to the organization, my fellow employees and its products/services consumers.
