Companies tend to over-estimate how resilient they will be if disaster strikes – and this could have catastrophic effects.
Risk Consultancy Control Risks has published its survey “The state of organisational resilience”. Defining resilience as the ability of an organisation to assess, anticipate, mitigate, and recover from disruptive events, the survey assessed the degree to which the concept of resilience has gained currency and become embedded within organisations.
Key findings from the research include:
* There is a discrepancy between business’ perceived resilience and their actual resilience. 86% of surveyed businesses report suffering some form of disruption in the past five years, with 28% of respondents reporting more than seven disruptive events. This is in spite of 68% of businesses claiming to monitor and analyse risk proactively.
* This discrepancy costs. Of the businesses that have suffered disruption, 37% report that those events led to financial losses of more than £1-million.
* Companies are more worried about long-term reputational damage than short-term financial loss, with 72,7% of respondents seeing reputational damage as the impact of most concern to their business in the event of a disruption – considerably more than reduced revenue (50%), loss of new business opportunities (37,9%) or reduced shareholder value (34,8%).
* Political instability is seen as the principal external threat, with 62% of respondents indicating that they are mostly concerned about both direct political risks to their business and the impact of political instability on the broader security environment – rating considerably higher than macroeconomic uncertainty (34,8%).
* Resilience is hard – but not impossible – to achieve. Ways for companies to become more resilient include engaging in higher quality risk analysis; allocating responsibility for monitoring (and responding to) risk clearly and authoritatively; and rigorously vetting and managing third-party relationships.
Mark Whyte, senior MD of Control Risks and author of the survey, comments: “Companies are aware of financial and reputational consequences of disruptive events and feel that they have measures in place to identify risks, but the survey results reveal that the majority of companies are still suffering from such events. Companies need to take a comprehensive and integrated approach to risk monitoring, encompassing political, economic, technological and legislative factors, rather than just looking at specific threats.”
Andy Cox, director at Control Risks and the report’s co-author, adds: “Our respondents acknowledge that executive buy-in is vital to ensuring companies can identify and respond to risk, but more needs to be done to ensure that all levels of the business, including third-party suppliers, are engaged in risk mitigation. Responsibility needs to be clearly defined and organisations need to share knowledge and expertise to make sure everyone is able to identify possible threats.”