Control-Risks-Global-Resilience-Survey-2020-report V0.6

Global Resilience Survey 2020: Findings Report

The majority of companies that had formally coordinated the resilience functions prior to COVID-19 reported fewer operational disruptions and financial impact from the crisis. According to the survey, before COVID-19, 62% of CSOs “owned” Crisis Management (CM), whilst 20% “owned” Business Continuity Management (BCM). After nearly a year of dealing with the pandemic, these percentages are growing as businesses are further expanding the departments and types of risks overseen by one lead entity, often Corporate Security. This allows them to better fulfil their duty to protect their most critical assets including their people, facilities, intellectual property, and reputation. As demonstrated by the survey, ever more companies are realising that integrating the management and strategy of resilience functions (in some cases, including IT security) makes business sense . By harnessing this momentum, resilience professionals can further secure their seats at the leadership table and showcase their strategic and operational insight and deep expertise in both CM and BCM. So where to from here? Here are four ideas:

Involve the resilience teams in ongoing ERM efforts . Historically, “people safety” appears as a vague and ambiguous risk on a company’s risk register, but COVID-19 is showing that people safety needs to be examined in both a more holistic and detailed way. Getting the resilience teams involved early and often as a key leader and influencer in identifying, assessing and managing the organisation’s top risks will benefit the organisation from Day 1 and likely result in a safer work environment for all employees, vendors and customers. Resilience professionals also will bring in a practical, more “boots on the ground” perspective that many board-led, compliance-focused ERM efforts are missing.

Formally align crisis management and business continuity capabilities . Resilience leaders demonstrated that during COVID-19 bringing together these two often-segregated response capabilities and fusing them will provide for a more effective and seamless response, but also provide potential efficiencies in the day-to-day management and resourcing of the capabilities.

Resilience professionals should maintain and grow their posture within the organisation , even after COVID-19 is controlled. Most of the major people-related threats, risks, and crises that companies face, and will continue to face over time, could benefit from a resilience expertise and leadership. Future pandemics, violent protests, workplace violence, IP theft, terrorism, kidnap, extortive crimes, and other insider threats – these threats must be taken seriously and resilience professionals should be provided with enough resources and funding to put reasonable preventative and monitoring-based measures in place to adequately manage these risks. Simply ignoring them, as many did with pandemics in the past, could mean serious impacts to the organisation.

Involve the CSO in cyber security and incident management. We are increasingly seeing a convergence of cyber and physical security functions, as organisations recognise that incidents these days are not simply black and white, and often pose both digital and in-person threats. Threat actors are rapidly evolving their techniques to move beyond enterprise IT systems. Most organisations are still in the awareness phase, but with attack vectors expanding, security and risk management leaders need to update and unify their current threat management strategies to factor this all in.

COVID-19 has shone a light on the often underappreciated yet incredibly valuable role of resilience professionals. Companies are now at a crossroads and can take better advantage of their experience and expertise to capitalize on people-based opportunities. As more people return to the office, employees and customers will expect to be walking into a safe and secure environment, meaning there is even more pressure to ‘get security right’ in the near future. By elevating the role of resilience leaders and recognizing the value that they bring through increased, proactive resourcing, organisations will feel increased comfort that they are meeting their Duty of Care requirements, in perhaps a more efficient and effective manner than has been so in the past.

Made with FlippingBook Online newsletter