Community
Moving from simple risk management to real resilience is a critical new capability that organisations are striving to attain. Teams seek to quickly mature resilience as we reopen our businesses, countries and economies in the post-COVID-19 world. Organisations that do this well and become ‘anti-fragile’ will thrive – those that do not will find themselves being driven and battered by new waves of change.
In previous posts on Risk Quantification, the Digital Impact Chain and how 2020 is Changing the way we 'Do Risk and Resilience'– Forever – I’ve focused on how risk management is changing and becoming more aligned with scoring techniques based on multiple factors from both technology and business stakeholders. This blog post takes Risk Quantification a step further and redefines Resilience in terms of becoming anti-fragile.
What is Resilience? What is Anti-Fragile?
Traditionally we think of resilience in terms of how quickly something can ‘bounce back’ from an impact. Business Continuity teams focus on metrics such as the number of days or hours to return to operations (RTO) or a recovery point (along a process) objective (RPO). RTO and RPO are typically used to measure resilience goals through business impact assessments (BIAs). Disaster recovery teams execute playbooks that have been tested – often months back in a different environment – and struggle to bring processes back online after an incident.
But all that has changed with the COVID-19 pandemic and the call for change that worldwide protests are demanding. In a world where human speed is outflanked by digital transaction speed and decisions are made on real-time analytics, old approaches to business continuity and disaster recovery simply don’t cut it.
Developing real Resilience means becoming ‘Anti-fragile’ – a concept spearheaded by Nassim Taleb, author of Fooled by Randomness, The Black Swan, and Antifragile. Organisations and processes become anti-fragile by continually testing with small shocks to the integrated fabric of people, process and technology. Why? Because Risks are interconnected. Risks can cascade. A COVID-19 hot spot can close access to a critical single-source supplier. Creating greater diversity and fairness at work can mean reworking resource plans and partnerships but in a good and sustainable way. In a world where rare events dominate the landscape because risks have cascaded in ways we have not anticipated, anti-fragile is the route to real resilience.
How Do We Develop Anti-Fragility?
If you have been able to incorporate Risk Quantification, with a bottom-up, top-down approach to score risks, by aligning operational, infotech, security and cyber teams - you can now start moving from risk to true resilience. But to develop anti-fragility, your teams must do more and increase the scope of resilience across a digital environment - not only within your organisation, but also across your vendors and cloud service providers (CSPs). This means aligning processes such as incident response that now have a larger, wider-spread impact across many distributed, virtual stakeholder groups. Anti-fragile as a goal, especially with increasing digital transformation, assumes your teams see where there can be a chain reaction across the technology and business process workflow – with upstream and downstream processes across CSPs connected to other third and fourth parties.
The best way to start building anti-fragility into resilience programs is to start acting with agility, begin building a strong capability to quickly adapt, leverage early warning signals and have tested, executable plans to bounce back.
Let’s look at some general categories with examples of how our current reactive practice can be transformed by building anti-fragility into our GRC programs and technologies:
Summary and Call to Action
Remember – Business Continuity Planning is not enough. Real Resilience requires a commitment to developing anti-fragility across the entire fabric of your extended enterprise. We are in an unprecedented age of change with more digitalisation and greater diversity in both people and technologies which is transforming our third party relationships and the way we work. Organisations should anticipate and be ready to embrace this change by building anti-fragile concepts into your Resilience strategy and plans.
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Nikunj Gundaniya Product manager at Digipay.guru
14 October
11 October
Priyam Ganguly Data Analyst at Hanwha Q cells America Inc
Fang Yu Co-Founder and Chief Product Officer at DataVisor
09 October
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.