As black disruptions become commonplace, agility in business continuity and operational resilience strategies is key.
By: Steve Richardson
Risk, continuity, and resilience professionals faced adversities on multiple occasions throughout 2023 due to the evolving threat landscape. Over the past year, organizations dealt with geopolitical challenges, supply chain disruptions, climate change impacts, cyberattacks, and much more. The scale and scope of disruptions continue to increase, so it is critical that organizations strengthen their risk management and operational resilience postures to ensure that they can continue delivering on their customer promises in 2024, no matter what.
No industry was unscathed from crisis in 2023, particularly due to the shifting geopolitical landscape – including the ongoing war in Ukraine, the newly sparked conflict in the Middle East, increased political tensions, and regional and global banking failures. But these disruptions cannot serve as an excuse. Organizations today are expected to have the necessary strategies and resources that enable them to remain agile – and this requires dedication to risk, continuity, resilience, and regulatory compliance efforts.
Organizations must evaluate how the risk landscape has evolved over the past year and reflect on the widespread impact that disruptions have had in order to best position themselves for success in 2024.
Geopolitical events led to rippling supply chain disruptions in 2023. This forced Western organizations to deploy contingency planning to ensure full operationality and the ability to continue delivering their core products and services. Organizations have had to consider alternative shipping routes and suppliers, sometimes moving four or five tiers down the value chain in response to supply chain disruption. Some organizations have had to move operations out of affected geographic regions to mitigate the impact of geopolitical events. This places a spotlight on why having proper supplier and third-party risk management programs is critical.
The reality is that there is no end in sight for global supply chain disruptions in 2024, so organizations must prepare for them by implementing robust risk management strategies and resilience planning as well as securing the safety and security of their personnel globally. On top of supply chain disruptions and current geopolitical events, additional warning signs of tension in Southeast Asia have the potential to cause disruption in 2024 – especially in the large trade/manufacturing centers that much of the world relies on.
To ensure a proactive approach rather a reactive approach to disruption, organizations must focus on multi-tier business continuity and disaster recovery planning in 2024. This should include supplier diversification as well as spreading manufacturing production capacity and operations to avoid concentration risk. In this new era of disruption, it is critical to get a head start on resilience before disaster strikes.
The failures and subsequent fallout of Silicon Valley Bank and Signature Bank in early 2023 have led to a more scrutinized global regulatory landscape for financial services firms – but less-regulated industries should take heed too. Failure to adequately manage risks could result in disruptions that undermine the foundations of the business.
Stress testing will be essential for organizations across verticals in 2024 as Boards and customers prioritize resilient operations. Stress testing allows an organization to visualize pain points that can cripple the business when disruption occurs. Over the next year, we will see more non-regulated industries undertake vigorous stress testing to better understand operational weak points and deploy adequate resources to strengthen their resilience posture.
In 2023, we saw cybercriminals continue to target high-value organizations, including through the ICBC ransomware attack and the MOVEit cyberattack. These attacks have demonstrated the cascading effect that a cyber event can have across an organization’s supplier ecosystem – and how quickly financial and reputational damage can follow. In 2024, we expect to see direct cyberattacks on organizations, cyber threats on widely used third-party suppliers in order to access critical customer data, and an uptick in new cybersecurity regulations.
Organizations must strengthen their scenario testing efforts to account for ever-evolving cyber threats. Assume that any event that can cause disruption will cause disruption – even black swan events. Scenario testing will be a crucial aspect of business strategies so that organizations can more confidently display to regulators and customers that they are able to continue delivering their critical products and services regardless of potential disruptions.
Third parties have become increasingly crucial to conducting regular business operations – and this is a trend that will continue in 2024. As a result, organizations must increase their focus on third-party risk management to ensure effective and comprehensive business continuity planning. Organizations must closely examine their third-party relationships throughout the vendor lifecycle. Proactive risk management throughout the third-party onboarding process is critical as well in order to fully understand what risks the organization is assuming. Organizations must manage ‘unknown risks’ by asking due diligence questions around risk management governance.
More robust and integrated stress and scenario testing is also imperative to managing third-party risks and understanding how the organization would respond to them. Organizations must know how each of their business units will respond to potential disruptions with a critical third party. In 2024, it will be important for organizations to have a 360-degree view of their third-party ecosystem in order to maintain a strong resilience posture and to show regulators and customers that they can deliver their core products and services during times of uncertainty.
As black swan disruptions become commonplace, agility in business continuity and operational resilience strategies is key. Building a solid foundation requires effort from across the organization to accurately map business processes and dependencies – both internally and externally across processes, people, and applications. With a culture of proactive risk management from the top down that encourages all employees to act as risk managers, your organization will be best positioned to address the risk landscape in 2024.
Steve Richardson is Chief Resilience Innovation Officer at Fusion Risk Management.
Tune in to hear from Chris Brown, Vice President of Sales at CADDi, a leading manufacturing solutions provider. We delve into Chris’ role of expanding the reach of CADDi Drawer which uses advanced AI to centralize and analyze essential production data to help manufacturers improve efficiency and quality.