It is Time to Invest in Digitally Enabled Resilience Programmes

Organisations are increasingly looking to technology as an enabler of their resilience programmes. Why? Because, by facilitating the aggregation of data across business continuity, (BC), operational resilience (OpRes), crisis management, risk and third-party teams, technology can solve many of the pain points faced, whilst improving the quality of best practice and change programmes overall.

Technology enablement of their programmes is becoming a key priority. Companies are starting to understand the need to underpin resilience strategies with technology that allows them to mine actionable intelligence from data across their  business.

The core driver is the expectations of customers, shareholders, market participants, employees and regulators, that have increased dramatically over the last decade and more. The days where you could manage a resilience programme using just a few people doing Business Continuity plans are gone. They now expect to have robust resilience plans and programmes in place. They expect partners to be preemptively testing their capabilities and remediating against their vulnerabilities – and in the event of a disruption to their services, they expect them to be able to respond really quickly and comprehensively.

Digital Transformation and the Speed of the Market

With the pace of modern business, you simply cannot meet that turnaround time without technology. Companies have to be able to keep up with the speed of delivery created by the digital transformations being undertaken across the board. There are three core reasons why businesses invest in technology at all:

• Saves time
• Saves money, and/or
• Improves the quality of and ease of delivery

The same is true of the reasons for investing in technology to underpin resilience programmes. Digital transformation typically aims to provide a holistic view of the organisation through a single application: one platform that aggregates the data from across multiple disciplines. This provides an up-to-date view at any given point in time of where an organisation may be or is vulnerable; what issues they’re exposed to; which risks they’ve accepted – even tacitly – and which scenarios they are or aren’t resilient to. With those insights, they can understand which parts of the business are the least resilient, and then allocate resources and budget accordingly.

With the information that they need to make decisions at their fingertips, businesses can respond quicker to any disruptive events. They can move to mitigate any impacts in a more timely manner, helping them to save money and time and ultimately deliver a better level of service.

Crisis Response

Organisations using technology are becoming agile where it matters – during crisis response – with the ability to see where the knock-on impacts could happen across the business. For example, in the event of a cyberattack, technology can help them see exactly which servers could be hit, which processes were reliant on those servers, and, therefore, which services could be impacted.

They could also see which services relied on those services occurring, so they can foresee the disruption down the line. It’s vastly easier and quicker to see the impact of a crisis occurring through visual process mapping than searching for key terms that might not be consistently applied through business impact analysis (or BIAs) in Word documents or Excel documents, trying to map the knock-on impacts from dependencies as you go.

Knowledge Retention and Access to Data

Retention of knowledge and insights is also key to resilience maturity – when staff turnover rates are as high as they currently are and have been for almost all businesses, post-COVID. So much knowledge and programme development simply gets lost or isn’t maintained each time someone moves on from company to company. By using technology, companies are not reliant on individuals’ availability or access to their inboxes or desktops or stored documents or audit trails, unsure whether what they’re viewing is really the most up-to-date version.

To the broader technology ecosystem, operational silos, distributed data systems, processes – all of those mean organisations really struggle to obtain that holistic, clear and reliable view of their footprint – and the resilience gaps are only identified when disruption actually hits.

Pain points stem from the traditional manual approach to resilience, business continuity, and trying to leverage manual plans. Gathering appropriate information quickly and effectively is a significant challenge, and so is utilising appropriate technology and tools to enhance the efficiency of their response when responding to their most serious disruption. Companies that have specifically experienced significant disruptions really have felt that pain, and they are recognising the value and the potential return on investment that technology provides in building a more robust and effective resilience programme and response capability.

Many firms need to break down the silos between disciplines, to exchange information and insights between the different departments. Technology plays a pivotal role in bringing all of these together so that leaders are able to truly understand everything that’s happening across the organisation.

Without technology connectors, that is more difficult or simply doesn’t happen, either because functions and stakeholders aren’t communicating effectively between teams or because it simply takes too long to share the information and any analysis of it in a meaningful manner – meaning that it’s out of date by the time it’s loaded into a system of record.

From a change management perspective, this in turn means that reliable decisions can’t be made prior to implementing change, and there is therefore every chance that it will lead to a disruption. In the event of an actual crisis, all the data that needs to be gathered from a range of teams, all the questions that need to be asked or the knowledge sought – would be far better accessed on demand.

Bolster resilience and meet compliance needs via the broader ecosystem.

External data sources can also be extremely valuable in resilience strategy. Application programming interfaces (APIs) and connectors – including emergency notification service providers, third-party financial risk monitoring, compliance and control frameworks, configuration management databases (CMDB) hosts, and process mappers through to open-source resources on geographic or environmental hazards – are all instrumental in helping firms shift from a reactive to a very proactive approach. They provide the situational intelligence layered over the resilience programme data to give it meaning helping to identify early on where disruption might occur.

• From a compliance-driven perspective, this insight can help to meet the requirement to communicate with customers in a timely and transparent fashion and take action to mitigate the impacts.
• From a business perspective, it can help maintain reputation. Everyone accepts that crises happen – in particular, and increasingly, data breaches, but preemptive measures, speed of response and transparency of actions make the difference in attracting new customers post-incident.
• From a financial, legal or regulatory perspective, companies can minimise impacts by, for example, engaging with the supply chain early to reduce the chances of disruption, whether that be scaling over to alternates or maybe just helping them out.
• From an operational standpoint, businesses will run smoother if they can identify potential causes of disruption before they can escalate into a full-blown crisis. This helps minimise the knock-on chances of things like a burnt-out workforce, difficulties and recruiting further down the line – and more besides.

The Strategic Value of Resilience Technology: Competitive Advantage

The leading driver for investment in resilience – if at all – has become strategic: seeking competitive advantage – which has begun to eclipse either fear or regulatory compliance as their primary reason. The move towards really investing in resilience from a strategic standpoint, moves resilience beyond that compliance exercise for a rainy-day insurance policy. Business leaders are starting to see that resilience can actually create value and competitive advantage.

The role of technology in enabling companies to meet that strategic objective means it has moved resilience from being seen historically as a cost-making function to a value-adding function. With a good understanding of the business, leaders can focus on the most important areas and then invest there to make sure the areas of priority are the most resilient to disruption. If the business is available when others aren’t available, especially in crises requiring use of finite resources, then the market share goes up.

If data is being aggregated across teams and any resulting reports, dashboards, conflicts and insights are being shared out to them, the company as a whole can make improvements to their wider ecosystem, and they can really focus their time on growth initiatives.

Both those factors should be grabbing the attention of strategic decision-makers as they provide a competitive advantage. If not, then the regulators are there helping to push the agenda through, and they can do that through pressure on boards to understand their cyber resilience statuses and make improvements accordingly.

Embracing technology is really the only way forward to improving resilience, to ultimately avoid catastrophe and to be successful. With resilience becoming an increasing Boardroom focus, the time to invest in supporting technology is now!

Marshal is a powerful, exclusive digital marketing platform that helps to simplify and scale access to the complex Security Risk Management and Resilience market, in order to develop opportunities, drive growth and achieve objectives across conflict zones to cyberspace.