Managing Director of BC Management
Get the Evolving Resiliency Strategies Report
In our latest research report, Evolving Resiliency Strategies, we gathered insights from more than 185 resilience professionals across industries on the evolving strategies and approach to resilience management. Within the full report you’ll find data points highlighting what disruptions today’s resilience programs address, the executives who care most about resilience and are often involved in strategic governance, and what investment strategies are planned for 2022.
I want to personally thank all of those who responded to the survey, our International Research Advisory Board, and everyone from the Castellan team for their efforts in developing this valuable report.
On Thursday, February 17th at 11am ET, we’ll host a webinar discussing the top insights from the full report in more detail, but here I wanted to highlight four key takeaways that we think are critical for resiliency teams to think about as we navigate 2022.
Executives showed increased scrutiny of resilience management capabilities and became actively involved in program reviews, resulting in increased financial support of resilience (via staffing, software automation, and technology). Executives were also more involved in exercises and supported elevated awareness across the organization. Looking forward into 2022, the data highlighted that many organizations are planning to sustain increased investment when compared to 2021, while focusing more on increasing situational awareness and threat intelligence in addition to technology resilience/recoverability. Those organizations with self-assessed immature programs are planning to invest significantly more in their resilience management strategies in 2022.
While the data indicates increased executive scrutiny and support of resilience management initiatives, it’s important to note which executives care most about an organization’s resiliency capabilities. Our BCM Trends data assessment (collected between 2009 to 2020) indicated a shift away from program placement within Information Technology (27% to 16%) in favor of Risk Management (11% to 22%). The data from this study also reported that the Chief Information Security Officer (CISO) is the executive most engaged (80%) in resilience, followed by the Chief Risk Officer (CRO) – 77%, and the Chief Security Officer (CSO) – 75%. The executives who were the least engaged included the Chief Administrative Officer (CAO) – 42%, Chief Financial Officer (CFO) – 53%, and the Chief Compliance Officer (CCO) – 55%. The findings also highlighted that the CRO (45%), CIO/CTO – Chief Information/Technology Officer (44%), and CISO (41%) are most likely to sit on a resilience program governance committee, while the CMO/CCO – Chief Marketing/Communications Officer, CAO, and CHRO – Chief Human Resources Officer were less likely to be involved in the program’s governance committee (13%, 15%, 28% respectively). We would expect the CHRO to become more involved in the future, especially when considering the severe impacts that the COVID-19 pandemic and “The Great Resignation” continue to have on the workforce.
The data findings also indicated that most resilience management programs address technology disruptions (88%), pandemic or a public health emergency (87%), and health/safety issues (82%), while only 52% of organizations noted that their program addresses supply chain disruptions and only 42% of all organizations focus on supply chain continuity/resilience. When taking a cross section of the data based on level of program maturity, we discovered that only 38% of immature programs and 64% of mature programs address supply chain-related crises in their programs. We expect a significant increase in focus on third party resilience capabilities in the years ahead.
When it comes to plans, most focused on the response to disruption affecting a location, addressing the continuity of the functions resident at that location. The survey results report that many organizations have been shifting their focus (76%) to address when cyber-attacks or reputation/brand issues may exceed day to-day management control. Additionally, remote working and distributed workforce strategies, especially driven by the COVID pandemic, have also motivated organizations to be more strategic in setting resilience strategies. One such approach is more coordination with enterprise risk management to develop targeted plans focused on efforts that collectively ensure product and service continuity. There is still room for improvement as few programs address a number of strategic business issues such as liquidity, credit, or product (recall, quality, delivery) issues that exceed “business-as-usual” management efforts.
Looking for more insights? Download the full Evolving Resiliency Strategies report and register for our upcoming webinar. You can also receive a complimentary customized dashboard for benchmarking your own data by participating in the survey here.
Managing Director of BC Management
Get resilience insights delivered to your inbox.