At the turn of the 21st century, businesses faced the frightening unknown of Y2K. The possibility that computer systems would collapse as the clock turned over was a wake-up call. Those that had been operating with a degree of comfort and complacency faced the urgent need to think about if (and how) they could navigate and thrive if the computers we had become so dependent on toward the turn of the century didn’t work. While nothing came to pass from this fearful possibility, the preparedness was put to the test only a year later when the unimaginable happened on 9/11. Financial services firms, in particular, were slower to recover because they had not sufficiently planned for how to reconstitute their business in the event of such a catastrophe.
Even as this new and uncertain environment thrust the U.S. government into a need to rethink national security and the protection of critical infrastructure, many businesses remained unprepared to do more than react to known hazards. Not a decade later, the consequences of that lack of appreciation for the dangerous complexity of the world we had built were felt with a double whammy. The mortgage crisis led to the Great Recession in 2008 and the unprecedented bailouts of major financial institutions to prevent a global financial crisis. The actions prompted Congress to pass Dodd-Frank in 2010, which brought significant changes to financial regulation. The operating environment reset and enterprise risk management became the focus as organizations once thought “too big to fail” began to do just that. Savvy, prescient businesses turned intent, strategy, behaviors, and technologies to standardizing and scaling proactive processes to avoid and manage risk.
Once again, the evolved mindset was tested – this time less because of isolated incidents, though 2016 did usher in a new ‘normal’ in geopolitical policies and economies. Over the course of the last five years, the volume and value of data and knowledge have grown exponentially. Global connectivity (and subsequent threats of disruption) has pulled machines, people, countries, economies, and businesses into a dense network.
With geopolitical and economic unknowns and interconnectedness both ubiquitous, the potential for disruption and calamity has become a given. Many companies have learned that the capacity to last is predicated on a healthy culture of business resilience – a mature ability to identify, anticipate, respond, and bounce forward from a known and unknown threat. Rather than moving into survival mode, these organizations evolve with the change in the operating environment. That takes an ability to look not only inside the organization but also at first-, second-, and third order external impacts.
Unfortunately, most executives lack the training or experience to manage disruption beyond the known and controllable. Even for the most data-rich businesses and seasoned leaders, there is much we can’t control. The behavior of other companies in the space is one such scenario. Take the beer industry, for example. It was working to band together to amass the collective strength to compete against the rising popularity of alternatives like liquor and weed – only to have one player, Anheuser-Busch turn over the apple cart with a snarky and mostly false Super Bowl ad. The act unraveled the progress and created a new legal issue with a backlash from corn growers.  An almost parallel situation has played out with big pharma. With the allegations about the Sackler family’s knowledge of the role of OxyContin in the opioid crisis, the British National Portrait Gallery opted out of a tremendously impactful $1 Million endorsement from the family.
The list of examples like these is long. In the past few months alone, we’ve seen other legendary market leaders like Pacific Gas & Electric, and Boeing face crushing and business-altering events. While there’s no way to prevent crisis entirely, having a culture in which business resilience is a shared effort and ingrained into the culture may be the best way to remain prepared for disruption beyond our value chain.
Have you asked your organization if it's resilient?
It’s possible, even likely, that your company has weathered many of the catastrophes and changes that comprise the brief history of the 21st century. Even if you have, assessing your capacity and culture for business resilience is a worthwhile exercise. Particularly if your organization is in the midst of quarterly or annual planning, it is an opportune time to assess and rectify weaknesses that may have you positioned for reactivity, rather than preparedness.
The Risk Lens
Business resilience includes and extends beyond enterprise risk to account for systemic and existential threats to the business that you may expect and others you can’t see coming.
Ask: Is our risk aperture wide enough for the highly complex and increasingly fragile operating environment?
Achieving business resilience objectives requires the capacity to address uncertainty and act with transparency. Healthy governance enables rapid communication, collaboration, and decision-making, even when disruption is beyond your control.
Ask: Do our governance structures enable the organization? If someone sees something, are we confident they will say something and that something will be done?
A resilient culture is inclusive and accountable.
Ask: Does everyone in the organization, from the CEO to front-line workers, know and accept their responsibility to raise opportunities and concerns?
Business resilience engages a dedicated program team and champions across each business unit, and a multi-disciplined approach.
Ask: Does everyone across the organization have the ability to sense and identify threats and vulnerabilities and help quantify them?
Continuous Learning and Education
Just as the risk environment is dynamic, so must your efforts be to remain poised to identify, anticipate, respond, and progress from a known and unknown threat. As an organization, you must recognize successes, leverage challenges as learning opportunities, and pursue ways to improve and drive ownership.
Ask: Do we have a progressive stakeholder engagement plan? How are lessons learned – good and bad – shared across the organization to help create muscle memory?
The success of your business resilience is measured over time, which requires a multi-year strategy focused on protecting the integrity of your enterprise and its relationships. Measure the efforts and outcomes of the long-term against a central baseline to measure future growth and maturation.
Ask: Have we managed expectations that the shift to business resilience doesn’t happen overnight? Do we have a baseline success metric for protecting the integrity of the enterprise and our relationships?
Answering these six questions is an initial step in the process of building a strong foundation for lasting business resilience. With the answers to your health check in hand, you can then begin to execute on a recurring process of seeing farther into the future, sensing external impacts more effectively, positioning your stakeholders for responsibility, and ultimately sustaining your corporate health in the face of environmental complexity and chaos.
In the almost 20 years since the turn of the century, the global operating environment has changed in rapid and dramatic fashion. Globalization, connectivity, rapid disruption, global economic swings, even the rise of cause-based communities on social media all have picked up velocity – and created turmoil for the businesses seeking to operate with a degree of stability. We know that there’s no slowing or preventing change. The only real option for most businesses is to control what they can and be prepared that they will also likely have to deal with events that are beyond their control. That takes spending the time and effort to build a culture of business resiliency into the fabric of the organization. History tells us that chaos and calamity are not ‘if.’ They are ‘when’ realities. Is your business poised to respond?
A recognized expert in critical infrastructure security and resilience, including cybersecurity, Caitlin helps clients navigate the complex operational challenges posed by an increasingly interconnected and interdependent global economy. As a leader in the Department of Homeland Security under the Obama administration, she led the development of public-private partnerships to influence policy and best practices related to managing security and the operational risks of a continually evolving threat environment. Caitlin holds a B.A. in public policy studies from the Terry Sanford Institute of Public Policy at Duke University and a certificate in business strategy from The Aspen Institute. In January 2021, Caitlin left her position as director at Toffler Associates to accept a role as the Senior Director for Resilience and Response on the White House's National Security Council under President Biden.
Toffler Associates is a future-focused strategic advisory firm. Our Future Proof® business consulting approach helps global leaders understand how future shifts impact current decisions so they can take advantage of opportunity, manage risk, and create future value.
DUNS Number: 167019020
GSA PSS #GS-10F-0414N
Women Owned Small Business
We are ready to ask and address your toughest questions.+1 703-674-5480
Our perspective will challenge you to think differently.SUBSCRIBE TO OUR BLOG