Organisations are concerned that they lack the relevant skills or talent to drive corporate resilience, despite the fact that they actively recruit dedicated resources to support the resilience agenda, with a good proportion investing in training and awareness.

These are the suggestions of a Control Risks-commissioned study that set out to assess the degree to which resilience has become embedded organisationally.

Over one third of respondents of Control Risks’ 'Business Resilience Survey 2016/2017' felt that their organisations lacked the relevant skills or talent to drive corporate resilience – an increase of 17% on 2015. Just under a third of respondents have actively recruited dedicated resources to support the resilience agenda, and half have invested in training, awareness, and communications.

Senior partner at Control Risks and author of the survey, Mark Whyte, said the increased threat from disruptive events has encouraged companies from all sectors to consider specific threats to their operations and identify areas of vulnerability, but that they may not be doing enough. “ It is clear that many organisations are focused on the need to become more resilient, but the implementation of the strategies and tactics that support this is currently taking too long.

“To build a resilient organisation the emphasis should not purely be on strategy, or the culture of the organisation, or the way it handles risk management. A resilient organisation is one where these three components integrate to achieve the desired effect”.

The importance of effective leadership was highlighted in the report, with 53% of all respondents indicated that the effectiveness of leadership was the highest priority objective supporting the resilience agenda. This aligns to the guidance in ISO 22316, which states effective management and governance supports organisational resilience. Anticipation of and managing change rated as the next highest priority for organisations. To build sufficient adaptability, resilience should be driven from the executive and management and should be embedded across the organisation.

Companies appear to be more worried about long-term reputational damage than short-term financial loss. Over 70% of respondents see reputational damage as the most significant concern to their business in the event of a disruption – considerably more than reduced revenue (38%), the loss of new business opportunities (25%), or reduced shareholder value (26%). Respondents rated cyber security as the most potentially disruptive external threat to their organisation, with 47% stating this was their primary concern.

Some 92% of respondents agree that cross-functional working and sharing of information is a key principle of resilience. However, 48% of respondents remain reliant on centralised governance and oversight instead of multi-disciplinary risk meetings that would perhaps encourage greater cross-functional collaboration and information sharing.

Some 62% of respondents were either aware of or have read the draft of ISO 22316 – the guide to organisational resilience. 92% of respondents agree with the core principles which focus largely on shared purpose and collaboration across functions. However, 18% of respondents indicated that they would not be striving to adopt the core principles, preferring instead to stick to existing processes.

Director at Control Risks and report co-author, Andy Cox, said the successful implementation of a resilience programme takes time. “The development of resilience frameworks that span the enterprise, capturing and integrating existing risk management activities requires resource and patience. Having set-up many of these programmes for our clients, we have learned that the best way to approach this huge task is to consider it as a series of prioritised projects that incrementally increase the resilience of the organisation over time.”

Share Story: