Group Managing Director, ESA Risk

Author Bio ▼

Mike specialises in corporate security and fraud investigations, risk management, global business intelligence and forensic technology. He has over 30 years’ experience in advising law firms, financial institutions, companies and investors on operational and strategic affairs spanning more than 25 countries.Mike Wright is a member of the Association of British Investigators, the Association of Certified Fraud Examiners, the Fraud Advisory Panel, the World Association of Detectives and the International Compliance Association.A UK Ambassador for the World Association of Detectives and a past board member of the Association of British Investigators, he has presented at international events and seminars, including on corporate fraud investigations.Before moving into corporate investigations and risk management in 1990, Mike served in the Corps of Royal Electrical and Mechanical Engineers (REME).Full bio here
December 11, 2023


Lithium-Ion batteries. A guide to the fire risk that isn’t going away but can be managed

The road from risk management to resilience in the age of crisis

Strategic business resilience is increasingly prized but myriad hurdles make for uneven progress.

Broadly speaking, risk management is about identifying, evaluating and mitigating risks to reduce the likelihood and impact of those risks being realised.

Resilience is also about handling risk, but focuses instead on maintaining business continuity amid adverse events, bolstering an organisation’s ability to rapidly adapt to disruptions, and protecting its people, assets and reputation.

Resilience First, a non-profit founded in 2018 to foster greater business resilience across UK industry and critical infrastructure, has therefore described risk and resilience as “opposite sides of the same coin”.

Both concepts remain fundamental to enterprise strategy, but operational resilience in particular has grown more important in an increasingly unpredictable world where businesses have in recent years been hit by a series of unforeseen dislocations.

Risks motivating the rush to resilience

Threats include growing geopolitical instability, with the ongoing war in Ukraine demonstrating the risks of operating in authoritarian or politically unstable jurisdictions.

Brexit and the rise of populist leaders in several countries, meanwhile, have both threatened to make the trading environment less hospitable through protectionism, trading barriers and immigration restrictions.

And Covid-19 forced organisations, almost overnight, to enable their workforce to work from home and adapt to severe restrictions, such as the food service sector’s sudden reliance on food delivery. The pandemic is still disrupting supply chains and causing industry to question the wisdom of globalisation and the just-in-time (JIT) manufacturing model.

Other threats include rampant inflation, cyber attacks, rapid digitisation and the worsening climate crisis.

The merits of business resilience

In a Resilience First webinar on the topic, Lord Toby Harris said risk assessments alone leave organisations unprepared “for not only the ‘black swan’ event (previously unobserved, hard to predict, high-impact) but also those ‘black jellyfish’ (known but more complex that may have a sting) and ‘black elephants’ (known and in plain sight but with which no one wants to deal)”.

While risk assessments often centre on a small number of easily understood risks, resilience offers a holistic approach involving scanning the horizon for a variety of threats and modelling crisis scenarios against which to stress-test an organisation.

Far from merely mitigating risk, resilience can therefore inform strategic thinking and give birth to business models more suited to volatile environments.

Barriers to resilience

There’s sometimes a tension between instilling organisational resilience and the imperative to build value and revenues. For instance, abandoning JIT models and building redundancy in supply chains can foster strategic resilience but higher costs are surely unavoidable.

Another barrier to embedding and maintaining operational resilience relates to human psychology. With disruptive crises being rare, it’s all too easy for leaders to lapse into complacency as short-term operational goals consume organisational focus. Moreover, crises typically trigger changes after the fact that mitigate a recurrence of similar adverse events, whereas it’s harder to argue for investments geared to preventing perhaps similarly likely, but more novel, outcomes.

Like many business objectives, achieving resilience is also undermined by business units operating in silos, as well as a lack of collaboration between government, industry and other stakeholders. This is where organisations like the Resilience Rising consortium, which brings organisations including Resilience First and communities together to promote resilience and share best practices, can come in useful. They can help stakeholders solve complex challenges that are difficult to solve on their own.

Finally, as with ESG reporting, targeting strategic resilience is undermined by a lack of universal frameworks for measuring performance quantitatively.

The route to business resilience

The Business Continuity Institute recently predicted that cyber attacks, natural disasters, the mental health crisis and – fuelled by ongoing Covid-19 restrictions in China in particular – supply chain disruptions including a global computer chip shortage, will pose the biggest challenges to strategic resilience in the coming months.

Bolstering your organisation against such threats is an undertaking that encompasses people, processes and technology. Organisations must evolve their culture, training, practices, business models and technical infrastructure accordingly.

Resilience must be organisation-wide, underpinning strategic decisions around risk, finance, operations, technology, human resources, product development and so on.

To give one example, technological and operational resilience was tested by the sudden need to equip employees to work from home at the outset of the pandemic.

Experts advise enterprises to consider not just the immediate impacts of crises but consequences further downstream, too.

It’s also important not to merely ‘fight the last war’ – to prepare for novel or long-forgotten threats as well as recurrences of recent crises.

Covid-19 offers a salutary lesson here. While the pandemic took businesses by surprise it was foreseeable – pandemics are guaranteed to happen, however rarely.

Resilience First also talks of moving beyond a “traditional linear approach to risk management” to a resilience management model that focuses on “preparing for the consequences of dangers in a generic sense rather than the causes of specific dangers which we cannot foretell”.

And, as well as preparing for these “generic dangers”, businesses must have early-warning systems in place to spot their initial signs.

Build your operational resilience

This article was originally posted by ESA Risk, an organisation that provides support on business resilience strategy.

Free Download: The Video Surveillance Report 2023

Discover the latest developments in the rapidly-evolving video surveillance sector by downloading the 2023 Video Surveillance Report. Over 500 responses to our survey, which come from integrators to consultants and heads of security, inform our analysis of the latest trends including AI, the state of the video surveillance market, uptake of the cloud, and the wider economic and geopolitical events impacting the sector!

Download for FREE to discover top industry insight around the latest innovations in video surveillance systems.