Modern history will probably be categorized as BP and AP i.e. Before Pandemic and After Pandemic. Such has been the impact of this forced lockdown on the world.
Organizations have had to scramble to adjust to this new normal. Just like all aspects of the world, even they have a BP and AP reality.
In the BP era, companies were mostly focused on efficiency. The market placed more importance on which organization could deliver the best product at the best price. Which organization could market its product well and which organization could use its economic clout to dominate the market.
However, in the AP age, the market has forced organizations to accept a new type of characteristic that is essential for success; “RESILIENCE”
WHAT IS RESILIENCE?
Definition of resilience (Merriam-Webster):
1.The capability of a strained body to recover its size and shape after deformation caused especially by compressive stress
2.An ability to recover from or adjust easily to misfortune or change
To stretch this definition further, resilience should also take into account aspects like:
- Ability to fail gracefully and recover nicely (Stephen Flynn as quoted by Uri Friedman) (https://www.msn.com/en-us/news/world/the-pandemic-is-revealing-a-new-formof-national-power/ar-BB1b1Gl3)
- Ability to self-heal and so that they can come back stronger after a shock (https://news.northeastern.edu/2017/04/11/new-global-resilience-institutehelps-manage-challenges-of-21st-century-turbulence/)
To be sure, before the pandemic, Business Continuity was one of the tools used to achieve resilience. However, even organizations with mature Business Continuity practices never really realized how important this capability was. Even though the Business Continuity Plans were tested regularly, organizations rarely faced a “worst-case” scenario that pushed them to the brink.
The pandemic did just that. Even country plans, meant for the “worst-case” country outage scenarios, were not adequate to address the world-wide catastrophe.
The pandemic was a blunt message to organizations that efficiency, at the cost of resilience, was not a sustainable strategy. Resilience is a long term, permanent strategy, which must be part of every strategic decision. Resilience is one of the cornerstones of an organization and not a bolt-on after all the strategic decisions based on “efficiency” are already taken.
Once in place, organizations can draw on its resilience capability in the eventuality of any disaster; be it pandemics, fake news or cyberattacks.
NEED FOR A NEW APPROACH TO RESILIENCE
As mentioned earlier, while Business Continuity is not a new concept, the sort of crises that we are faced with will be unprecedented in our lifetimes. Bolt on solutions where business continuity is planned once strategic decisions have already been taken, may have worked in a previous age, but may not work in the current business environment.
Today’s business environment is characterized by:
· Strategic decisions based largely on cost and efficiency
Be it introducing a new process or product, the first consideration is how to create something most efficiently by taking into account factors like costs, existing capabilities etc. For example, when an organization is expanding its services, it would prefer to expand in the same location with additional space, to leverage on existing capabilities and maximize sunk costs.
· Outsourcing of processes
This is not just outsourcing of processes or specific parts of a product but also includes outsourcing of technology we see today in terms of the cloud.
· Complexity
In the quest for efficiency and squeezing out as much value as possible, to deliver the service/product in the best/cheapest bracket, organizations have made friends with complexity. But complex systems come with the inherent risk of being fragile. At the best of times, it takes great effort to manage “Just in Time” / “Just in Sequence” type of processes. This is because such processes include a lot of variable and moving parts and many suppliers. Add to this the uncertainty and unpredictability of a disaster and you have a recipe for a meltdown.
· Globalization
With a global market and global supply chain, organizations that were hitherto unaffected by happenings in other parts of the world are now vulnerable. When Pune, India is affected by a disaster, it can have implications on the global auto industry. And we all know what can happen when China catches a cold.
PERCEPTION IS REALITY
Another important factor that organizations must take specific care of is that they must not only be resilient but also seen to be resilient.
Earlier, the metrics for evaluating how good an organization is, typically excluded any measure of its resiliency. While the odd organization would include some information on its business continuity capability, inadequate importance was given both within and outside the organization.
Customers of organizations must have trust that the organization is resilient and will be able to continue services. For this, organizations would need to invest resources in publicizing their resiliency efforts. Some ways to do this would be to get global continuity related certifications like ISO22301, publish specific information of resiliency initiatives as part of Environmental, Social, and Corporate Governance (ESG) reports etc.
SO WHERE DO WE GO FROM HERE?
Organizations that have handled the pandemic well will come out stronger. However, it does not mean that organizations who have fared poorly have no future.
In the larger scheme of things, this pandemic should be taken as a sign to revaluate strategic options. Making resilience an important consideration during strategic decisions and investing in resiliency building measures like business continuity and disaster recovery would help organizations plan for the uncertainties that lie ahead.
In Part 2 of this article, we will discuss “Resilience by Design”, a concept that we feel will hold the key to building successful resilient organizations.
You liked what you read ? Leave a comment.
Thanks Keith for the practical steps.
Thanks Keith for your analysis which I agree on. What I’d like to see more than business-ready organizations is people-ready as it is the individuals, righlty trained and informed who will make a resilient organization. Executive still see resilience as a cost and not as competitve advantage until something wrong happens. One question to you how do you make sure company executives take pro-active decisions when it comes to investing in resilience? Thanks
The biggest issue with resilience is that this “common sense” subject has become so esoteric due to the jargon involved, that business executives are unable to comprehend and take it on board.
The first step in my view is to simplify this body of knowledge. Get rid of the jargon that makes it difficult for lay people to understand this subject. The jargon actually accomplishes what it is supposed to i.e. be a barrier of entry.
Making resilience a board room agenda would be the next logical step, just like cyber security has become a key board concern,
Another step should be building a framework that could enable business decision makers to clearly understand the long term cost – benefit of investing in resilience. Much of the work already done in the domains like BCP/DR can be leveraged for this analysis. Another framework that has caught my interest is The FAIR (Factor Analysis of Information Risk) cyber risk framework which tries to quantify cyber risk. This could be a good model to adapt for resilience.