To contend with the explosion of cybercrime and its impact on business operations, many organisations are updating their disaster recovery plans to include cyber incident response. Many of the processes and guidelines in traditional disaster recovery plans have changed little in years, sometimes even in over a decade—making them ill-suited to address cyber disasters. More importantly, at a business level, disaster recovery is just one aspect of a larger discipline: operational resilience.
Disaster recovery is fairly narrow in its definition and typically viewed in a small timeframe. Operational resilience is much broader, including aspects like the sort of governance you’ve put in place; how you manage operational risk management; your business continuity plans; and cyber, information, and third-party supplier risk management.
In other words, disaster recovery plans are chiefly concerned with recovery. Operational resilience looks at the bigger picture: your entire ecosystem and what can be done to keep your business operational during disruptive events.
Repairing a broken chain
The broader focus of operational resilience requires organisation-wide participation. You cannot simply leave it to a single department or team. Instead, everyone needs to be involved, from executives and the board of directors to individual employees in multiple departments.
In today’s climate, it’s not just your own organisation that’s under threat - your suppliers, partners, and vendors are targets, too. If a major supplier is compromised or taken down, your business is at risk and there is a chance it might go down with them.
Leadership needs to understand risk and to know the risk tolerance and risk appetite of the company. That even extends to things such as procurement functions and agreements with third-party suppliers. Resilience needs to be built into everything down to every-day workflows, and if a single supplier is insufficient to manage risk, then diversity of supply is a must.
There are many cases where a cyber event at a supplier rendered multiple organisations unable to fulfil their business outcomes. For example, consider a retail organisation that is using a logistics provider to get products to their stores and that logistics provider experiences disruption caused by a cyber incident, which lead to stockouts in the retail organisations’ stores. Avoiding such scenarios requires a broader perspective. In the context of operational resilience, every risk management scenario and process must consider their supply chain.
Operational resilience and IT
When it comes to overall operational resilience, it’s imperative to remember that effective IT solutions and systems play immensely important roles in this. IT helps prevent, adapt, respond to, recover, and learn from operational disruptions. Mapping out your risk adverseness is key, identifying where improvements need to be made makes it much clearer to address, and no matter the size of your business, doing this will help you become operationally resilient much quicker.
What does Innov8 suggest? Well, first of all, IT resilience requires you needing to establish what your primary business objectives are, fully understand how you meet them or plan to meet them (look at your current systems, are they helping you meet those objectives how you need them to? Could there be smarter or more user-friendly ways?) You also need to identify risks, as mentioned above, and plan preventative measures to ensure swift recovery.
A good IT partner will help you get your immediate IT resilience in shape, but a great IT partner, such as Innov8, will want to ensure that they understand what your overall business goals are, uncover and leverage the synergies between your various business complexities, and even create new efficiencies – helping you achieve overall operational resilience easier.