Five tips for improving organizational resilience

Published: Thursday, 26 August 2021 08:17

Developing a truly resilient business means moving beyond business continuity says Padma Naidoo. Here she gives five tips for companies that are making this journey.

Organizational or business resilience defines an organization’s ability to go beyond just business continuity, enabling it to better build foundations that are agile, flexible and adaptable. To create systems and processes that allow for resilience in decision-making and improvements in business capabilities during times of turbulence. It’s the seatbelt that keeps the C-Suite in place as the organization navigates uncertainties and complexities in mercurial markets and complicated times. Properly managed and approached, resilience can deliver benefits that include stakeholder confidence, enhanced digital transformation and capabilities, and the measurable achievement of strategic business objectives.

Whether you decide to use the term organizational resilience or business resilience makes no difference – the concept is the same. The prefix depends on the type of entity you are developing a program for.

Taking the business down the resilience road requires an intelligent approach that recognises the value of technology, stakeholder buy-in, C-Suite engagement, and digital transformation. True resilience ensures organizations are well equipped to navigate the problems and uncertainties that define modern business. Here are five tips to achieving organizational resilience today.

Differentiate between resilience and continuity

Business continuity refers to the policies, processes and planning that enables the organization to recover acceptable delivery of its products and services in the event of an unplanned event, such as a security breach, physical event, or sudden market risk.

Organizational resilience encompasses business continuity but expands beyond it, providing several proactive benefits to the organization. It’s defined by the BS 65000 ‘Guidance on Organizational Resilience’ standard as the organization’s ability to ‘anticipate, prepare for, respond and adapt to incremental change and sudden disruptions in order to survive and prosper’.

Successful organizational or business resilience lies in rethinking ways of working. In building new pathways to engagement with partners, customers, employees, and supply chains. It has to be driven from the board level, owned by executive management, and recognised as an essential, not an optional extra.

Embrace a flexible working environment

Organizations with multicloud environments achieve significant and measurable business benefits from agility, efficiency and scalability and the recent trend is an accelerated cloud/digital transformation strategy. It is imperative that these environments are secure and that data privacy and protection are woven into the very fabric of the organization. This is particularly relevant today as data privacy and protection is mandated by legislation across more than 80 percent of the world, and data is one of the most critical assets of an organization.

By completely rethinking your IT security to accommodate new ways of working today, and in the future, the organization is capable of adapting to the continued impact of the pandemic and has the flexibility required to manage security, data, system and compliance intelligently.

Underpin resilience with security

Many organizations lack visibility into their cloud applications and systems, which leaves them vulnerable to attack and at risk of non-compliance. Resilience involves comprehensively unpacking the threat landscape and the business's position to measure risks and vulnerabilities accurately. Then, using this information to inform security practices and ensure that a flexible working environment remains an asset, not a liability, and that the organization is capable of fully realising its cloud investment. This is an iterative process, as the threat landscape is constantly evolving.

According to the NTT 2021 Global Threat Intelligence Report (GTIR), the organization has to stay ahead to achieve resilience in both the cyber and business realms. Privacy and protection are increasingly essential, and remote work attracts more web attacks (32 percent) and application attacks (35 percent). This puts the business under immense pressure to refine and redefine its security posture to ensure it has the right tools and systems in place to remain resilient in any circumstances.

Secure by design

Security is more than a system, a set of controls, a toolkit and training. It has to be a living process and state that evolves alongside the business, constantly moving through the chain of assessment, prioritisation, adaptation, and implementation. The concept of 'secure by design' allows for security to be effectively integrated into the organization. It prioritises people and process while allowing for the business to consistently adopt and manage best practice cyber security frameworks and standards to ensure that it remains a key strategic component of the business.

This approach moves security further away from the must do, must comply, must remain compliant mandate, and closer towards security as a business benefit and an essential pillar in defining business resilience. It ensures that all parts of infrastructure, applications, interfaces and processes are secure so the business can drive value and transformation.

Don’t eat the whole elephant

Resilience encompasses every part of the organization. In an IT context, it extends from flexible working enablement, to cloud investment, to secure by design, to recovery and to the effective use of available data to better inform business decisions and processes. It can be overwhelming for the organization to leap into resilience as an all or nothing approach, and unnecessary. Resilience doesn’t need to include every corner and crevice of the business; it just needs to be clearly defined by objectives that ensure a structured approach that meets business needs. And, these objectives need to be as resilient as the process itself, adapting to changes in the organization’s micro and macro environments, its risk appetite and more.

A business resilience process that recognises the impact of the pandemic, the need for flexible working, the rise in cyber crime threat actors and vectors, and the new normal of privacy and protection, is one that can adapt to the challenges that lie ahead, and the challenges that are here, right now.

The author

Padma Naidoo, senior security consulting manager at Dimension Data.