From the Christchurch terrorist attack to the Australian bushfires, crises this year increased in scale and impact. What does this troubling trend portend for organisational resilience in 2020 and beyond?
We had the experts weigh in. And the challenges, they noted, will be numerous.
For starters, advisory work usually begins with recognition of the problem at hand. Unfortunately, it’s at this stage when far too many senior executives and board members exhibit the least awareness, sometimes even outright complacency. Often, only a crisis will wake those key decision makers up, forcing them to form teams to address the underlying issues.
Cyber Risk Assurance’s Steven Dujin confirms this state of affairs, noting that “the recent … developments at Westpac have raised the awareness levels of senior executives and board directors to potential risks which they can no longer ignore.”
So, what could have executives done better? In Dujin’s opinion, a better crisis management system could have “saved Westpac about $1BN, the CEO his job… the reputation and the morale of about 30,000 employees.”
In an attempt to solve cyber-related issues, in particular, Dujin recommends organisations “include a cyber security framework into their risk management and crisis management plans. The awareness levels of all employees, board directors and senior executives needs to be improved. And having a crisis management capability where everyone knows their responsibilities could potentially reduce the potential for life-threatening situations, significant financial loss and disruption to business operations.”
Resilience Results’ Matthew Harper makes a related point. Harper sees the natural world around us as having “been pushed into an unpredictable and difficult to manage state and [now] we need to maintain confidence in those who protect us, those who warn us and those who support us.”
It won’t be easy, though. Harper acknowledges that the biggest resilience challenge of 2020 will be sustaining that level of confidence to manage the situation in a sustainable way; as he argues: “The impact on businesses will be to supply chain, energy, workforce, e-commerce and transport. In the cyber world, businesses will continue to learn the realities, strengths and frailties of the cloud. The competition in many businesses between cyber security and cyber agility will be challenged like never before.”
How, then, to mitigate the challenges going forward? Ben Scheltus of Continuity Matters has his own ideas: “[The key will be] the effective integration of the various functions that are responsible for mitigating risks and recovering from a disruptive incident. Larger organisations have typically developed ‘stovepipes’ that operate in isolation during business as usual and are not governed centrally during crisis situations.
Many practical solutions come to mind, from small tweaks to implementing end-to-end, integrated systems. In his experience, Scheltus has observed “[the] great scope for improving collaboration and efficiencies by having one Steering Committee that is responsible for the business as usual aspects of resilience activities and one executive led Crisis Management Team that has oversight of all response teams tasked with different aspects of operations. This approach will ensure there is a standardised approach to the assessment, escalation and treatment of incidents. Stakeholder communications must be controlled by the Crisis Management Team.”
What are some of the commonalties? All of our experts agreed that having information about incidents and risks at the tips of one’s fingertips – from first responders’ to Boards’ – was important, and that advanced technology could make efficient information sharing a possibility. Not just any software, though. The intuitive, easy-to-use technology in question would have to be able to tackle small incidents and large crises, alike.
Playbooks and libraries would be necessary, as well, to link the company’s technical requirements with its compliance needs. What’s more, the software would also have to include several integrated use cases as the traditional fault lines between incident and emergency management, physical security, and public safety are blurring.
Here, Noggin’s integrated safety and security solutions, already recommended by partner organisations from boutique consultancies to larger system integrators, have a natural advantage, when it comes to helping teams improve resilience. To learn more about strengthening your risk advisory practice with the Noggin integrated safety and security platform, please reach out to the partnership team at firstname.lastname@example.org.