Business Resilience: 8 Trends to Know in 2022

Where can you hear the latest on strengthening your business and managing ever-increasing risks? Go where more than 1,000 business continuity, disaster recovery, crisis management, and IT professionals gather to hear the latest tips, trends, and tools for building business resilience.

But wait, I’ve already done that for you. After attending the Disaster Recovery Journal’s Spring World Conference and learning from 85 industry experts, I’ve synthesized what I found to be most important and useful for my clients. The result: eight business resilience trends to know in 2022. 

First, a quick refresher… 

What is Business Resilience?

Often used interchangeably with “business continuity,” both terms require being prepared for the disruptions businesses are experiencing today, as well as anticipating tomorrow’s emerging threats. Business resilience goes beyond cybersecurity to address broader security environments and needs of organizations like yours, from increasing workplace safety to recovering from a natural disaster. 

Resilience relies on three key indicators of readiness:

• People are informed, trained, and prepared with needed skillsets
• Documentation provides simple, accurate, and repeatable processes
• Resources are readily available, accessible, and sufficient.

The ISO 22301 standard specifies requirements for setting up and managing an effective Business Continuity Management System. The ISO standard defines business continuity as the “capability of an organization to continue the delivery of products and services within acceptable time frames at predefined capacity during a disruption.”

Put simply, business resilience is about preparing for risks, protecting from threats, and recovering from disruptions so you can continue to serve your customers. 

Why is Business Resilience Important?

As you consider the effort of strengthening your business resilience, weigh it against the substantial costs of disruptions and impacts to your organization. 

The average total cost per data breach of 2,000-100,000 records in 2021 was $4.62M, according to the Ponemon Institute 2021 Cost of Data Breach Report. The majority of costs stem from lost business, increased cost of acquiring customers, loss of reputation, and diminished good will.

Threats to your business are increasing and overlapping, as Gartner highlights in their Top 8 Cybersecurity Predictions for 2021-2022:

“By 2025, 70% of CEOs will mandate a culture of organizational resilience to survive coincident threats from cybercrime, severe weather events, civil unrest and political instabilities.”

2022 Business Resilience Trends

2022 is already shaping into another turbulent year for risk and recovery, giving business continuity experts a lot to talk about. Consider these eight trends as you review your own efforts to strengthen your organization’s resilience:

1. The Risk Landscape Is Changing

Five or 10 years ago, we didn’t have nearly as many risks to worry about. Today we have to be prepared for the business impacts of ransomware and other cyber threats, civil unrest, active assailants, severe weather such as increasingly dangerous hurricanes and winter storms, infrastructure outages, supply chain disruptions, pandemic outbreaks, and much more.

If it feels like the number of disasters are increasing, the stats confirm it. The 2022 Global Assessment Report on Disaster Risk Reduction published by the United Nations Office on Disaster Risk Reduction reports a nearly 75% increase in the number of disaster events recorded worldwide during the last two decades, compared to the previous 20-year period (from 4,212 to 7,348).

Many of these incidents are occurring in ways we wouldn’t have imagined a few years ago, such as a ransomware attack of Colonial Pipeline causing panic that drove gas shortages. 

Takeaway: The shape of risks and their business impact continue to evolve. Business resilience requires continuous planning for a growing list of potential and actual business interruptions and disasters.

2. Operational Risk And Resilience Is The Lens We Should Be Looking Through, But…

Operational risk and operational resilience – the ability to recover from an unplanned outage or other disruption – provide the lens we should look through to shape our business continuity programs and policies. 

But the attributes of resilience valued by organizations can vary from one company to another. Identify which areas are important for your business to focus on in building resilience by asking questions such as:

• Are your operations located in areas with high incidences of natural disasters? 
• Do you have several new employees not yet fully trained on important processes? 
• Are you unsure how prepared your third-party vendors are for supply chain disruptions? 
• Which risks are you willing to accept if mitigating them would cost more than the likely impact of a business disruption?

Takeaway: Determine what operational resilience means for your company. You have to define it before you can put tools and metrics against it to measure progress.

3. Work From Home Disrupted Nearly Every Industry, And We’re Still Adapting

Year three of the COVID pandemic, and organizations are still adapting to increased work from home and hybrid workforces. Companies have established differing policies for going back to work – five days a week in the office for some, while others have adopted hybrid or remote models. 

New technology solutions are emerging to help keep remote workers productive when their power and internet are disrupted. Some organizations are adopting emergency notification systems with geolocation, so they can provide emergency alerts to specific areas of their dispersed workforce.

Takeaway: Consider your contingency plans to maintain WFH connectivity during and/or following a disruption, such as requiring remote employees to go to an alternate remote site or into the office if it’s safe to do so. Without a clear plan, you’re relying on employees to resolve the situation themselves.

4. Employee Safety Is More Important Than Ever

In the Great Resignation era, your employees are factoring in more than compensation and benefits when deciding whether to stay with your company. AlertMedia’s 2022 State of Employee Safety Report finds workplace safety is more important than ever among American workers, with 90% believing their organization has a legal and moral obligation to protect employees from unnecessary risk of harm when working or traveling on their behalf. 

While most employees report their employer offers safety training, only 38% of working Americans strongly agree they’d know what to do in the event of an emergency at work.

Nearly three-fourths of respondents say workplace safety is extremely important to them, but only about half believe their own safety is extremely important to their employer. 

Takeaway: As organizations deal with more severe and increasingly frequent threats, many employees lack confidence in their employer’s commitment to their safety and in their own preparedness for a work emergency.

5. How You Exercise Is As Important As What You Exercise

When you’re creating, delivering, and running a business continuity or disaster recovery exercise, the how is as important as the what. The Business Continuity Institute updates its BCI Good Practice Guidelines every few years, providing a step-by-step guide for business continuity and resilience professionals. 

Their guidelines also recommend how often to perform specific exercise types, from basic discussion-based and tabletop exercises to more complex simulations and live drills.

A good quality exercise isn’t run in pockets of your organization. You want to involve people representing all functions across your company, including facilities, operations, security, human resources, disaster recovery, legal, communications, and finance. 

Takeaway: Use proven best practices to prepare your organization to deal with disruptions and test your readiness.

6. Everyone Should Be Worried About Third-Party Risks

Vendor relationships aren’t just for your purchasing department to deal with. According to Deloitte’s Third-Party Risk Management Global Survey Report 2020, 84% of respondents said their organization had experienced a disruptive third-party incident in the last three years. Damages ranged from less than $1M to more than $1B. 

Use due diligence in selecting, onboarding, and managing your vendors to reduce your third-party risks. Be sure they’re prepared and can continue to do business with you in the event of an outage or other disruption. Ask your vendors if they have up-to-date business continuity and disaster recovery plans that are written and tested. 

Takeaway: You don’t want their outage to become your outage, especially in the face of increased regulations globally that can result not only in fines but in some cases criminal liability.

7. A Strong Business Continuity Program Is Better Able To Respond To Incidents

The more you do to prepare for an emergency – using a risk assessment, business impact analysis, business continuity planning, recovery time objectives, training, and exercises – the more effective your response plan and recovery will be.

A strong business resilience program covers several areas such as:

• strategic crisis management led by senior management that addresses the consequences of an extreme disruption
• issues management by individual sites or departments
• business continuity for critical business processes 
• disaster recovery of critical IT systems
• emergency response to potential injuries, damage, or contamination.

An important first step is to establish a core crisis response team – something more than 30% of businesses lack, according to PwC’s Global Crisis Survey 2021. The PwC report advises:

“Organizations with a strategic crisis response plan can mobilize more swiftly, stabilize business operations and respond effectively to the shockwaves of disruption.”

Takeaway: Ensure you have a core crisis response team in place, and shore up the skills in your organization to address any gaps.

8. Program Maturity Still Has A Long Way To Go           

The journey to move from a reactive resiliency model to a mature, proactive business continuity program requires continuous effort and a change in corporate culture. In a resiliency culture, business continuity pervades the way organizational members think, act, and work.

Many organizations are still in early stages of the journey. Only 17% of companies have tapped their enterprise risk management team to lead critical event management, according to Forrester Consulting’s Failing to Plan is Planning to Fail 2021 survey. Just 1% distribute responsibility across the organization instead of a siloed approach.

Several different business resilience models exist. Choose one and stick with it, such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework that focuses on five core functions: identify, protect, detect, respond, and recover.

Takeaway: Stay focused on your goal of continuing to do business at acceptable levels following a disruption. Learn to be ready for anything.

——————

For more on this topic, watch the 25-minute “Resiliency Transformed” session from the Sayers #Curio Virtual Tech Summit, now available free on demand. 

Download the Business Continuity Practice Overview and request a business continuity workshop. Sayers approaches business continuity planning through the lens of certified experts to design a comprehensive strategy for response and recovery.