Resilience Challenges: Overcoming Low Maturity and Bridging Gaps
In this article, we will explore why resilience and Business Continuity Management (BCM) matters more than ever, and recommend a business-centric, incremental approach for organisations that are at the start of their Business Continuity journey.
We need to up our game
In the current geopolitical context (pandemic, war in Europe, climate change, etc.), we seem to move from crisis to crisis. Lawmakers in Europe respond with the current regulatory push (such as Cyber resilience act, DORA and NIS2), and many of these regulations will become a compliance reality for numerous businesses and sectors. In addition, operational value chains for organisations have become digitalised, and consequently more vulnerable to disruptions from IT-incidents and cyberattacks. Consequently, BCM and digital operational resilience are high priorities on the agenda. Despite this, we believe most businesses need to up their game further.
What we are doing is not enough
As business continuity risks have increased, organisations’ ability to respond to crises in their supply chain has largely remained the same. Often, businesses do not sufficiently understand their responsibilities within a cloud context, and the impact of cyber incidents continues to reach new records every year. Yet, we observe an abundance of security tools and vendors in the market, along with many comprehensive frameworks that address resilience holistically. If this is so obvious and so important, why is it so hard? Are business continuity and resilience goals insurmountable because of low maturity and huge gaps?
A little can go a long way
Initiating incremental, business-centric steps towards resilience is a good way to make key improvements. Choose easy-to-implement, non-technical measures that engage business leaders and management, and start building the various dimensions of resilience within existing processes.
These steps are a good starting point:
- Re-architect systems and networks as early as possible in the design pipeline (think Shift Left) and perform activities such as threat modelling for vulnerabilities and weaknesses before your artefacts are released.
- Train existing IT staff and Security Incident Response Teams (IRT) to improve soft skills (such as communication and emergency leadership) and integrate them as an active part of the continuity effort.
- Finally, redeploy critical business processes with an alternative failover-mode, where operations can function without dependency on assumed components like critical system integrations or cloud services.
Training – your silver bullet
There is a “silver bullet” to most resilience challenges. Your current business continuity capability or its latest improvements can be tested or assured with a key activity: emergency and crisis exercises. Such training sessions will uncover uncommunicated business priorities (“Are we not able to restore this earlier?”), highlight common role misunderstandings (“Is this not an IT responsibility?”) and reveal unclear emergency chains of command (“Surely, we don’t need to escalate this?”). All participants ought to observe these gaps together in a safe training context.
In your best emergency handling, you will probably never be performing better than in your worst crisis exerciseKoen Matthys
We implement effective solutions to sustain digital resilience
Resilience is so much more than a collection of emergency plans. Advisense has international and cross-sectorial experience in building a systematic BCM approach for your business, from Risk and Business Impact assessments to verification of your resilience capability. Our crisis exercise approach can help you shift your leadership’s thinking from risks to resilience.
Learn more about our expertise here or contact: