You don’t need to be active in the underground or have a little Latin to come across the term “resilience”. Either you have something to do with psychologists from time to time, you have read our white paper “IT resilience” or you are among IT experts. The word has its origins in the Latin “resilire” – to bounce back. The most obvious translation into common parlance would be “resilience”. This refers to the ability to withstand external stress factors.
These stress factors have intensified over the past year. The pandemic has forced many companies to change the way their employees work within a very short space of time: Remote work, trust-based working hours and flexible workforce planning dominated companies in 2020 and 2021, ensuring that even the most conservative companies are opening up to these issues. This is an important step in order to remain resilient under these new conditions.
Organizational resilience – a definition
Organizational resilience (OR) describes the ability of an organization to react and adapt to change. Organizations with a high level of resilience demonstrate their ability to withstand and cope with stressful situations, such as disruptions, emergencies or even crises. The better their resilience is developed, the better they can recognize risks and opportunities arising from sudden and slow changes and react flexibly to them.
Experts confirm that most stress factors for companies lie in the area of IT. Resilient IT will therefore be the overarching theme of digitalization in the coming years. This is hardly surprising, as the majority of company-critical business processes are hardly conceivable without the use of IT. Due to the increase in security risks, the resilience of an organization and its IT is becoming increasingly important. Macroeconomic crises are intensifying the threat situation and its effects. Nevertheless, some companies seem to be defying or even strengthening the trend, while others react as if paralyzed.
What leads to resilience in a company?
Those companies that are resilient have acquired the ability to continue or return to work after a disruption, emergency or crisis. These companies are characterized by the fact that they have capacity reserves and are flexible enough to adapt their capabilities to new conditions.
They have therefore managed to respond to new situations with new solutions. New solutions are usually new technologies. Successful companies rely on hybrid IT. These companies provide parts of their IT in their own data center, while the other part is operated by cloud-based services. This strategy allows the company to take a very centralized approach to IT governance.
Some companies go one step further and migrate completely to the cloud or have applications operated by different cloud or data center providers.
Many companies can no longer take the necessary steps to implement and operate the new technologies internally. This is because resilience cannot be built up entirely without additional costs and resources. Sourcing strategies from managed service providers can provide such additional capacities.
Technologies – even if they are outsourced – cost resources. Two important components that create resilience are, on the one hand, having the resources to access technologies and the necessary expertise quickly and, on the other, ensuring resource transparency. An asset analysis using the ITFM method can help with this. Companies that do not ensure transparency for all required resources, services and costs are not only groping in the dark, but are also heading in the wrong direction. Illuminating these items is not an optional extra, but a necessary and fundamental obligation – otherwise the company will not become more resilient, but IT will simply become more expensive.
7 tips to build and expand your resilience
- Focus on IT budget efficiency through transparency
- consciously create redundancies
- Have broadly diversified resources
- be able to organize yourself
- be prepared for unforeseen events
- focus on your own skills and strengths
- and be able to design your own processes flexibly
How can you determine your resilience?
By finding out how well the system or organization continues to function during a major disruption or crisis. In the best-case scenario, with the minimum possible impact on business and operational processes. This is because the associated risks to business continuity can manifest themselves, for example, in reduced productivity, interrupted supply chains or postponed customer contact points.
Maintaining IT in the event of disruptions or (partial) failures in order to continue offering services or products at an acceptable level can be seen as the result of business continuity management (BCM) or, more precisely, IT service continuity management (ITSCM). This is a holistic process. It identifies risks for the processes and resources of an organization and analyses their impact in the event of an incident.
More on business continuity management
Although the more common term cyber resilience can be used synonymously, it has a different focus. It focuses on the dangers from the network, i.e. cyber attacks and data protection issues. However, the potential risks are manifold and can also be favored by internal factors such as the lack of strategic assets or cultural factors. Your strategy should definitely take backup, restore and disaster recovery into account. However, they only cover part of the effective measures.
The focus of consideration: risk
The development of risk-minimizing measures from a combination of management disciplines significantly increases organizational resilience. Standards can help to take the most important aspects into account. For example, the standard ISO 22316 Security and resilience – Resilience of organizations – Principles and attributes describes the basic principles, attributes and activities as well as the evaluation of resilience factors. It also describes cultural factors such as the exchange of knowledge, a shared vision and the importance of a supportive leadership culture. The development and coordination of management disciplines is also recommended.
Through an interdisciplinary approach, the now established management system standards for
- a business continuity management system (BMCS) in accordance with ISO 22301
- an information security management system (ISMS) in accordance with ISO 27001
- and a data protection management system (DCMS) based on the EU GDPR
with each other. This approach thus does justice to business processes that would now be unthinkable without the inclusion of IT. Beyond the common basic structure, the standards are linked by the fact that they pursue a risk-based approach, i.e. the correct handling of risks and opportunities. Other disciplines, such as IT Service Continuity Management (ITSCM), also focus on risk and can strengthen the resilience of companies and their IT departments through interdisciplinary cooperation. True to the motto: the whole is greater than the sum of its parts.
