A worrying number of organisations believe they lack the relevant skills or talent to drive corporate resilience.
This is according to one-third of respondents to a Control Risks’ Business Resilience Survey 2016/2017, and is an increase of 17% on 2015.
This is in spite of the fact that 27% of respondents have actively recruited dedicated resources to support the resilience agenda, and 46% have invested in training, awareness, and communications.
The Control Risks survey “The State of Enterprise Resilience”, assesses the degree to which the concept of resilience has gained traction and become embedded within organisations.
Further key findings include:
* ISO 22316 provides guidance on resilience programmes. 62% of respondents were either aware of or have read the draft of ISO 22316 – the guide to organisational resilience. 92% of respondents agree with the core principles which focus largely on shared purpose and collaboration across functions. However, 18% of respondents indicated that they would not be striving to adopt the core principles, preferring instead to stick to existing processes.
* The importance of effective leadership. 53% of all respondents indicated that the effectiveness of leadership was the highest-priority objective supporting the resilience agenda. This aligns to the guidance in ISO 22316 which states effective management and governance supports organisational resilience. Anticipation of and managing change rated as the next highest priority for organisations. To build sufficient adaptability, resilience should be driven from the executive and management and should be embedded across the organisation.
* Companies are more worried about long-term reputational damage than short-term financial loss. Over 70% of respondents see reputational damage as the most significant concern to their business in the event of a disruption – considerably more than reduced revenue (38%), the loss of new business opportunities (25%), or reduced shareholder value (26%).
* Increasing concern over cyber threats. Respondents rated cyber security as the most potentially disruptive external threat to their organisation, with 47% stating this was their primary concern.
* 92% of respondents agree that cross-functional working and sharing of information is a key principle of resilience. However, 48% of respondents remain reliant on centralised governance and oversight instead of multi-disciplinary risk meetings that would perhaps encourage greater cross-functional collaboration and information sharing.
Mark Whyte, senior partner at Control Risks and author of the survey, comments: “The increased threat from disruptive events has encouraged companies from all sectors to consider specific threats to their operations and identify areas of vulnerability. It is clear that many organisations are focussed on the need to become more resilient, but the implementation of the strategies and tactics that support this is currently taking too long.
“To build a resilient organisation the emphasis should not purely be on strategy, or the culture of the organisation, or the way it handles risk management. A resilient organisation is one where these three components integrate to achieve the desired effect.”
Andy Cox, director at Control Risks and the report’s co-author, adds: “The successful implementation of a resilience programme takes time. The development of resilience frameworks that span the enterprise, capturing and integrating existing risk management activities requires resource and patience.
“Having set up many of these programmes for our clients, we have learned that the best way to approach this huge task is to consider it as a series of prioritised projects that incrementally increase the resilience of the organisation over time.”