Evolving Resilience Strategies is BC Management’s latest research report. In this article Cheyene Marling highlights the key findings from a global survey for the report, which was carried out in Q4 2021 to understand the current trends in resilience management.
In our latest research report, Evolving Resilience Strategies, we gathered insights from more than 185 resilience professionals across industries on the evolving strategies and approach to resilience management. Within the full report you’ll find data points highlighting what disruptions today’s resilience programs address, the executives who care most about resilience and are often involved in strategic governance, and what investment strategies are planned for 2022.
In the following I will highlight four key takeaways from the report that I think are critical for resilience teams to think about as we navigate 2022.
Executive engagement surged in 2021
Executives showed increased scrutiny of resilience management capabilities and became actively involved in program reviews, resulting in increased financial support of resilience (via staffing, software automation, and technology). Executives were also more involved in exercises and supported elevated awareness across the organization. Looking forward into 2022, the survey data highlighted that many organizations are planning to sustain increased investment when compared to 2021 while focusing more on increasing situational awareness and threat intelligence in addition to technology resilience/recoverability. Those organizations with self-assessed immature programs are planning to invest significantly more in their resilience management strategies in 2022.
But not all executives…
While the data indicates increased executive scrutiny and support of resilience management initiatives, it’s important to note which executives care most about an organization’s resiliency capabilities. Our BCM Trends data assessment (collected between 2009 to 2020) indicated a shift away from program placement within information technology (27 percent to 16 percent) towards risk management (11 percent to 22 percent). The data from this study also reported that the chief information security officer (CISO) is the executive most engaged (80 percent) in resilience, followed by the chief risk officer (CRO) (77 percent), and the chief security officer (CSO) (75 percent). The executives who were the least engaged included the chief administrative officer (CAO)(42 percent), chief financial officer (CFO)(53 percent), and the chief compliance officer (CCO)(55 percent). The findings also highlighted that the CRO (45 percent), CIO/CTO – chief information/technology officer (44 percent), and CISO (41 percent) are most likely to sit on a resilience program governance committee, while the CMO/CCO (chief marketing/communications officer), CAO, and CHRO (chief human resources officer) were less likely to be involved in the program’s governance committee (13 percent, 15 percent, 28 percent respectively). We would expect the CHRO to become more involved in the future, especially when considering the severe impacts the COVID pandemic and ‘The Great Resignation’ continue to have on the workforce.
Integrating resilience management programs with other risk disciplines is increasing, but not yet pervasive
The data findings indicated that most resilience management programs address technology disruptions (88 percent), pandemic or a public health emergency (87 percent), and health/safety issues (82 percent), while only 52 percent of organizations noted that their program addresses supply chain disruptions and only 42 percent of all organizations focus on supply chain continuity/resilience. When taking a cross section of the data based on level of program maturity, we discovered that only 38 percent of immature programs and 64 percent of mature programs address supply chain-related crises in their programs. We expect a significant increase focus on third party resilience capabilities in the years ahead.
Program prioritization and scope has shifted
When it comes to plans, most focused on the response to disruption affecting a location, addressing the continuity of the functions resident at that location. The survey results report that many organizations have been shifting their focus (76 percent) to address when cyber attacks or reputation/brand issues may exceed day to-day management control. Additionally, remote working and distributed workforce strategies, especially driven by the COVID pandemic, have also motivated organizations to be more strategic in setting resilience strategies. One such approach is more coordination with enterprise risk management to develop targeted plans focused on efforts that collectively ensure product and service continuity. There is still room for improvement as few programs address a number of strategic business issues such as liquidity, credit, or product (recall, quality, delivery) issues that exceed business-as-usual management efforts.
Obtain the full report (registration required).