Marin Ivezic, Enterprise Resilience and Cyber Security partner, PwC
When we look at what enables a company to survive change and thrive, there are number of key factors that we might name: strategy, leadership, vision, culture, talent management, operational efficiency, and a wide variety of others. While any of these might be useful at a given point oftime, and may indeed help us to build a strong company, none of these items alone will enable a company to survive and be successful over the long term. The key factor to long term organizational viability is enterprise resilience.
Defining Enterprise Resilience Enterprise resilience is an organization’s capacity to anticipate and react to change, not only to survive, but also to evolve. Enterprise resilience grew out of a variety of disciplines and is a superset of several of them such as Risk Management, Incident Response, Crisis Management, Disaster Recovery, Business Continuity Management and Emergency Management. While these individual capabilities are important, enterprise resilience is more than just reacting to crisis events as they happen. It is not even just about proactive crisis-proofing the organization. Enterprise resilience is now a key organizational capability. It allows organizations to have the capacity to change before the case for change becomes desperately obvious.
Change is literally all around us. We may see the borders of nations altered, economic powers rise and fall, new breakthrough technologies, global warming, and any of a host of other such occurrences take place overnight.
We have only to look at the example of desktop PCs for a stark illustration of this. Just few years ago these devices were on nearly every desk and were the main computing platform in the market; today their sales have declined to almost nonexistence and the computing is rapidly moving to mobile personal devices, to the cloud, and to the Internet of Things (IoT) devices.
Or, let’s look at the example of GPS receivers for another illustration. Less than ten years ago, these devices were the pinnacle of navigation technology; today their function has been reduced to an incidental feature included in lowest entry model smart phones and IoT devices.
The ability to be resilient in today’s market is critical. It is a fortunate confluence of events that just as the pace of change has become a dizzying one-way ratchet of acceleration, we are seeing enterprise resilience mature as a concept.
With this maturity come the practices, methodologies, and standards enabling us to put these concepts in place within an organization. As illustrated in the anecdote of the sword of Damocles, enjoying great fortune and power also involves the potential for great risk. Resilient enterprises can afford to take on more risk and respond to changes much more quickly than other enterprises and are more able to cope with potential downfalls. The freedom to explore risks and play with new technologies confers a distinct competitive advantage on organizations.
What Resilience in an Enterprise Looks Like?
The traditional definition of resiliency in an organization comprises four areas: preparedness, protection, response, and recovery.
● Preparedness - Tactical plans of action for disaster or crisis, implemented cross functionally within the organization
● Protection - Not only hardening against identified threats, but also contingency plans and alternatives in the case of disruption
● Response - Steps taken during and immediately after a crisis
● Recovery - Regrouping and bouncing back quickly The components of this particular definition have a distinctly more tactical bent to them and largely involve concrete steps that can be taken to develop resilience. For a more strategic and enterprise-centric resilience definition, we can look to an example of a more recent framework:
● Adaptive capacity - Ability to reorganize for change
● Agility - Ability to make decisions at required speed
● Coherence - Ability to make mutually beneficial decisions
● Relevance - Consistently delivering on stakeholder needs
● Trust - Knowing how to create investment-worthy relationships
● Reliability - Consistently delivering to expected quality, on time
These factors are further grouped into two segments. Adaptive capacity, agility, and coherence are all related to an organization’s ability to respond to change. Relevance, trust, and reliability are all concerned with an organization’s outside relationships. With many decisions, the particular implementation of such efforts will vary from one organization and situation to the next.
The practices making up enterprise resilience are not something we can just agree on in an executive meeting and walk away claiming to espouse them. These concepts are hard work to implement well, but are implemented by successful organizations.
Where does Enterprise Resilience belong in an Organization?
The pace of change in the marketplace is being driven primarily by the pace of technological change. Nearly every passing day sees advances in existing technologies; faster networks, increasingly dense storage, and faster and smaller processors. In addition to these, we see new technologies emerge; self-driving vehicles, IoT, blockchain, hyper-efficient renewable energy, and others. Technology advances are creating immense opportunities, but are also making organizations increasingly vulnerable as businesses becomes more complex, virtual and interdependent.
It is within the purview, perhaps even more strongly, the responsibility of technology management to drive enterprise resilience and to enable us to take advantage of these waves of technological changes. Having a technology background and the ability to understand new technologies and their potential impacts and risks to the business is a very valuable set of skills from an enterprise resilience perspective. CIOs could, and I would argue, should become the change agents driving this coherent, adaptive and agile start-up mindset through entire organization. To quote, perhaps apocryphally, Albert Einstein, “A ship is always safe at the shore - but that is not what it is built for.”
PwC was incorporated in 1998. Headquartered in New York, United States, it is one of the largest professional services network providing integrated risk management and organizational resilience services.