Resilience: Beyond the Buzzword
The phrase resilience has become a common buzzword, being frequently used in organisations across all sectors. The literal meaning of resilience is the ability to bounce back from difficult situations or adapt to challenges.
This term has become increasingly common among organisations looking to improve their overall preparedness, whether it be IT or cyberattacks or more traditional types of incidents. Let us take a dive in the vast sea of resilience.
Defining resilience
Resilience reaches beyond risk management towards a more holistic view of business health and success. A resilient organisation is one that not only survives in the long term, but also thrives – ready for the future.
Imagine you are on a ship in rough sea, facing unpredictable weather conditions. Organisational resilience is like having a sturdy ship that can withstand those challenges and keep sailing smoothly towards its destination. Just like a ship, organisations encounter storms in the form of unexpected events. Resilience is the ability of an organisation to bounce back from these setbacks and adapt to the changing environment.
Building resilience requires a comprehensive approach. It involves having robust systems and processes in place, nurturing a culture of innovation and learning, and empowering employees to embrace change. Just as sailors undergo training and acquire skills to handle different situations at sea, organisations investing in their people foster the development of necessary skills and knowledge to navigate through challenges.
Resilience is not just about surviving the storms; it is also about thriving in the face of adversity. Resilient organisations can turn challenges into opportunities, adapt their business models, and find new ways to meet customer needs. They constantly evolve and reinvent themselves to stay ahead of the curve.
When dealing with organisational resilience, imagine a well-equipped and skillful crew aboard a sturdy ship, sailing confidently through the stormy seas, unafraid of challenges, and always striving to reach their destination, no matter what obstacles come their way.
Resilience is based on three important pillars
There are three key pillars that should form any organisation’s resilience program:
- Business Continuity Management (BCM)
- Incident and Crisis Management
- Risk Management
The model also includes the key foundational attributes of any proactive resilience plan, namely cybersecurity, proactive security, and capability development.
If we revisit the ship metaphor, imagine an organisation as a ship, sailing across a sea of business challenges. At the core of organisational resilience is BCM, which can be referred to as the ship’s construction. The hull provides strength and stability, just like BCM establishes a foundation for resilience. It involves identifying and assessing risks, understanding critical processes, and developing plans to keep essential operations afloat during disruptive events.
Risk management, on the other hand, can be compared to the ship’s navigation system. It helps your organisation plot the best course, anticipate potential obstacles, and take proactive measures to minimise risks. By identifying and evaluating risks, the organisation can steer clear of potential dangers and make informed decisions to protect its overall well-being.
As you sail through the business landscape, you might encounter unexpected incidents or even full-blown crises. Here, incident and crisis management act as your organisation’s crew members. Just as the crew handles emergencies, your organisation needs a well-prepared team and effective protocols to respond swiftly and decisively. They can help stabilize the situation, mitigate the impact, and guide the organisation back on course.
But resilience is not just about reacting to crises. It is about continuously learning, adapting, and improving. Picture your ship with a skilled captain and crew who learn from each voyage, enhance their skills, and upgrade their equipment. Similarly, your organisation should regularly review its resilience strategies, test its plans, and refine its processes to ensure they remain effective and aligned with the changing business environment.
BCM, incident and crisis management – all part of building resilience
Today, organisations must be strategically adaptable, operationally aware, and tactically capable of responding to the impact of any change. The one discipline that predicates impact upon business capability is BCM and it can be used as a central facilitator to build resilience and sustainability.
The need for organisations to break out of all operational silos and develop an ecosystem with resilience embedded at every layer of the organisation is key to being prepared to respond to any disruption.
The core of a sound BCM program is to have plans in place for all critical processes and recovery plans for all systems that these processes are dependent on. The plans outline the alternative ways of working and mapping out the dependencies towards resources, equipment and personnel needed. The strategic part of a BCM plan is ensuring we have mechanisms in place to lessen a disruption’s impact. That could be a fail-over site for all your IT or a spare can of petrol for your ship.
Ranging from cyber-attacks, negative media coverage, pandemics and electrical outages, a crisis can come in every form. Having a proper incident management process in place, knowing what to do to protect our critical business resources and to make sure the incident does not cause any unwanted disruptions. This could be setting up an incident response team – or in the context of our analogy – your life raft to leave the sinking ship.
The way we have helped our customers to obtain this knowledge is for example by doing crisis management exercises, providing a realistic scenario that will put their processes and plans to the test.
Risk Management as the navigation system
The third pillar, risk management, can be referenced as the navigation system. Risk management builds resilience by identifying the risks that may affect the availability of the resources that support deliveries, activities, dependencies, and critical infrastructure that must continue to function.
All continuity planning starts in the risk management arena – where we map out the risks and determine the impact of these risks. This gives us a solid ground to focus and prioritize our continuity planning. It will also help us build redundancy and prevent as many critical dependencies as possible.
The risk management work that is needed as input to the business continuity process and the overall resilience, does not necessarily need to be a stand-alone process – but to a considerable extent organisations will use existing identified risks that have been identified in other types of risk analyses to feed into the BCM work.
It is not if, it is when. When a disruption occurs you will be prepared, you will have a procedure, a game plan, rules, and a team, then it is game on.
For questions or inquiries please contact
