Before 2020, most boardrooms focused on the short-term. They looked at stock prices, quarterly earnings, and investor sentiment as measures of success. Although companies were beginning to adjust their short-term focus to long-term investing by the end of 2019, many organizations still focused on 90-day results. When the global landscape changed in early 2020, boardrooms were no longer concerned with quarterly earnings. Their focus was on survival.
Organizations with disaster recovery or business continuity plans dusted them off in hopes of minimizing the negative impact. Unfortunately, many companies found their plans outdated. Those with a plan executed it — many for the first time. What corporations quickly learned was disaster recovery and business continuity plans were designed to address temporary disruptions in operations, lasting less than 30 days. They really didn’t have a plan for an interruption that lasted more than 365.
Few companies were prepared to deal with the complexity of charting a path during uncertainty. Most claimed they would come back better. They would become resilient even though they had no idea how to do that.
Becoming resilient takes more than 90 days. It is an ongoing process that acknowledges the unknown, unpredictable — even the improbable — and finds ways to navigate the changeable landscape with success. It requires addressing the following:
Focusing on these factors improves a company’s ability to absorb pressures, recover core functionality, and thrive no matter what the altered circumstances.
If any department in an organization understands redundancy, it is IT. Keeping a company’s infrastructure operational is a CIO’s primary responsibility. It is also a concept that no one wants to pay for. At least, not at the level to ensure resilience.
Redundancy is more than a disaster recovery site and systematic backups. What happens if the catastrophic event is a cyberattack that shuts down a country’s electrical grid? Unless the recovery site is in another country, it isn’t much help. Resilience planning means looking at redundancy through a completely different lens.
Beyond physical redundancy, IT needs to think about functional redundancy. How deep is a given skill set? If there’s only one person, cross-training others is essential. Not only does that provide functional redundancy, but it also brings other perspectives to a problem that can lead to innovative solutions.
The difficulty with resilience redundancy is time and money. How does IT convince management that it needs a local backup site and another one halfway around the world? Or, how willing are executives to forego the release of a new feature so more cross-training can occur. Although these hurdles are likely to remain, IT can realistically use catastrophic scenarios as evidence of the need for more hardware or cross-training. No one can say that the odds of a global economic crisis brought on by a global health crisis are so minute that it’s not worth considering.
At first glance, diversity may not appear to impact resiliency. Yet, years of research have shown that a diverse team makes organizations more resilient to an economic shock. In this context, diversity means the representation of nationalities, genders, abilities, ideologies, and religions at all levels of an organization.
Building diversity requires a corporate culture that is willing to ensure inclusivity. Organizations have to change their recruitment and screening processes to eliminate unintended biases. They should also:
- Acknowledge a lack of diversity. Most companies have a problem with diversity. Look around you at the next meeting. How many look like you?
- Develop mentorships. Design mentorship programs that encourage minorities to participate in your company.
- Conduct diversity training. Do as much diversity training as possible. Everyone has certain biases, not all negative, but still biases. For example, Americans tend to think Asian men in technical fields are always smart.
- Change language. Train people to use more inclusive language.
- Ensure flexibility in celebrations. Reconfigure time off so employees of different religions or cultures can celebrate the days that have meaning to them.
Although many of these changes must occur at the corporate level to be effective enterprise-wide, CIOs can adjust hiring processes to include underrepresented groups. When cross-training for redundancy, think out diversity as well. The more comfortable employees are with their co-workers, the more likely they are to contribute when an organization is in crisis.
Segmentation like redundancy is not new to IT. Cybersecurity best practices suggest segmenting a network to minimize catastrophic failures. Being resilient means taking a longer view towards segmentation. The move towards more integrated systems and the deployment of APIs is counter to the idea of modularizing an organization. Deciding how to implement a segmentation strategy requires balancing efficiency with resiliency.
A resilient IT department has the ability to quickly reconfigure its infrastructure in a crisis. That means identifying components that may need to interface differently in an emergency and ensure that reconfiguration is possible without causing a system-wide failure. For example, summer temperatures are in triple digits and humidity is high, when the power goes out and air conditioning fails. It’s possible that rolling blackouts may continue for days. How quickly can nonessential equipment be disabled while maintaining mission-critical operations?
Here is where other resilient components can play a part.
- Moving over to a redundant system would eliminate the problem.
- Someone from another culture may have experience operating equipment in such environments.
Even a non-catastrophic event can benefit from a company’s resilience.
Businesses do not operate in isolation. They depend on suppliers and service providers to function. As recent events illustrate, organizations have to include those dependencies in resiliency planning. If a company in the supply chain fails to deliver, what resources are available to counter the failure? The same applies to service providers. Does the infrastructure use a multi-cloud configuration? If not, maybe that should be a consideration in case one cloud service fails.
Suppose IT depends on data from a supplier to provide consumers with possible delivery times. Suddenly, a border closes and the supplier cannot move inventory. Does IT have the agility to adjust the system to let consumers know the shipment is delayed? Not all consumers, just those impacted by the one supplier. Can IT do enough time to avoid an influx of customer support calls?
That’s what constitutes resiliency. It is the ability to respond to the unpredictable in ways that ensure sustained growth in altered circumstances.
Resilient enterprises look at the future differently. They realize that short-term decisions must be balanced against long-term protection. Risk management has become more than assessing probabilities because it only takes one improbable event to change an organization’s future.
As the world transforms in unexpected ways, companies have to segment their operations to ensure flexibility and establish redundancy so there are resources to support agility. They have to look beyond the traditional and embrace diversity to ensure wide-spread growth. Most importantly, they need to think outside the box to develop strategies that enable organizations to be resilient.