Tag Archives: organizational resiliency

Immediate Vault

RIMS Risk Forum India 2021: Building Resilience As COVID, Cyberrisk Top Business Risks

Posted on by

An increasingly key theme year over year, resilience is at the root of the latest Excellence in Risk Management India report from Marsh and RIMS—and the RIMS Risk Forum India 2021 virtual event, where the report was officially released today. In the second year of the COVID-19 pandemic, risk professionals in India reported acute short- and long-term concerns about the interconnected risks of COVID-19 cases, global economic recession, and surging cyberrisks amid shifts in work arrangements.

In addition to the death of more than 5 million people in India, the pandemic has taken a considerable economic toll on the region. “According to the Organization for Economic Co-operation and Development (OECD), India’s economy contracted by close to 8% in 2020, while the world’s economy contracted by 3.5%,” the report noted. “Despite the OECD’s projections for economic expansion—both in India and globally—in 2021 and 2022, the potential for a prolonged global recession remains a concern for organizations in India.

buy fildena online orthomich.com/img/blog/jpg/fildena.html no prescription pharmacy

Previously one of the top risks for India-based risk professionals before COVID-19, cyberrisk has also increased significantly with the pandemic and the shift to remote work. “The shift to a remote workforce necessitated by sweeping lockdowns to stem the spread of the pandemic is widely seen as having increased cyberrisk,” Marsh and RIMS noted. “The Indian Computer Emergency Response Team (CERT-In) data indicated that cyberattacks in India rose by 300% in 2020, according to news reports. And cyber risk remained elevated in 2021, with more than 600,000 cybersecurity incidents reported in the first six months of the year alone, according to CERT.”

The continuing pandemic, resulting fallout, and ever-growing cyberrisk have presented the biggest risks for organizations in India in 2021, and the survey indicates that local risk professionals expect these to dominate the agenda for businesses in the year to come.

Despite the considerable concern, few respondents said their company is fully prepared for the continued fallout from COVID-19 or future pandemics. Asked to rate their organization’s preparedness from 1 to 5 (not prepared to fully prepared, respectively), the majority of India-based risk professionals ranked their organization a 3, and only 10% said they are fully prepared. While cyberrisk has been a top threat for longer, preparation is not much better for the threat—only a quarter of Indian companies said they are fully prepared for a cyberattack. This is particularly concerning as “some extent of remote work is expected to remain, leading to concerns of increased cyberattacks due to unsecured home networks,” Marsh said in a press release.

According to the report, this underscores the imperative to develop robust risk management strategies for both current and emerging risks and to focus on building resilience. Marsh identified four “common behaviors among companies that are on the path to becoming more resilient”: anticipating risk, connecting risk management to business strategy, avoiding gaps in the perception of preparedness, and measuring relevant data. Marsh and RIMS explained these further, defining key pillars that have set successful businesses apart, and potentially also offering considerations for other organizations to develop more mature risk management programs:

  • Anticipation: Resilient companies expect the unexpected. They have crisis management plans in place, but they also dig deeper, look farther ahead. Consider that during the pandemic even organizations with thorough business continuity plans struggled. Why? Many of them didn’t fully anticipate the widespread, long-lasting damage a pandemic could create.
  • Integration: Another key behavior among resilient organizations is to fully integrate risk management with operations and strategy. Doing so increases the ability to develop effective responses. Most organizations do not connect resilience planning with their long-term investment strategy. Those that do make the connection are on the path to better mitigating financial exposure, reputational damage, business interruption, and other losses.
    buy solosec online orthomich.com/img/blog/jpg/solosec.html no prescription pharmacy


  • Preparedness: On the journey to resilience, it’s important to develop an accurate perception of an organization’s preparedness. A false sense of security can halt an organization in its tracks. Companies often overestimate how quickly and effectively they will be able to respond to and recover from a given risk.
    buy antabuse online orthomich.com/img/blog/jpg/antabuse.html no prescription pharmacy

  • Measurement: There is no shortage of data and analytics in today’s business environment. But consistently applying metrics can be a stumbling block. Many companies fail to conduct a high rate of modeling and forecasting even on risks they see as important. And among the companies that do so, most only model in select areas.

Marsh and RIMS recommended that organizations in India focus on resilience heading into 2022 and beyond. “Resilience means being able to absorb the impact from a range of emerging risks and depends in large part on having robust risk management strategies in place,” the report explained. “This includes anticipating risk, connecting risk management to business strategy, ensuring your organization’s perception of preparedness doesn’t lead to a false sense of security, and measuring relevant data.”

Respondents largely indicated that their organization planned to increase investment in risk management, with 55% saying they expect increased resources, 27% expecting investment to stay the same, and only 4% expecting a decrease. This could be a critical differentiator in navigating COVID-19 recovery and other emerging risks in 2022. Indeed, 42% cited budget at the most critical barrier to understanding the impact of emerging risks on risk management.

Among the takeaways from the report, Marsh and RIMS urged organizations to invest in preparedness. “Look beyond pandemic as you develop a risk management strategy that is prepared to respond to any number of emerging risks,” the report said. “For example, shifting work patterns have intensified an already escalating cyber risk landscape that calls for a range of responses, from scenario planning to financial quantification.”

In addition to a panel on the Excellence in Risk Management India report, the RIMS Risk Forum India 2021 virtual event includes a number of sessions that address resilience challenges and opportunities for risk professionals in India. The program includes keynote addresses by Ajay Srinivasan, chief executive officer at Aditya Birla Capital Limited (ABCL), and Dr. Soumya Kanti Ghosh, group chief economic advisor at the State Bank of India, as well as education sessions like “Cyber Risk Management: A Priority for a Resilient Economy,” “Climate Risk and Your Path to Resilience,” “What COVID-19 Has Taught Us About ESG Risks and Why Risk Management Needs to Change,” and “Breaking the Chain: How Understanding Business Interruption Exposures Can Mean Supply Chain Resilience.”

The RIMS Risk Forum India 2021 virtual event continues tomorrow, December 4, and sessions will also be available for on-demand viewing for the next 60 days. Registration can be found here: https://www.rims.org/events/rf/india-forum-2021

Resiliency in 2018: Q&A With BCI’s David Thorp

Posted on by

Organizational resiliency is a focus of the Business Continuity Institute (BCI) and executive director David Thorp. It was the theme of this year’s annual Business Continuity Awareness Week, which Risk Management Monitor covered in May, and was the focus of BCI’s updated manifesto.

We reached out to Thorp to get his insight on organizational resiliency, how businesses can improve their continuity plans and for ways to better incorporate them into their culture.

Risk Management Monitor: What companies have best demonstrated resilience?

David Thorp: A few examples of organizations that have displayed a high level of resilience are Apple, TomTom, and PostNL.

Apple displayed resilience when they reemployed Steve Jobs to reshape the company.

TomTom started by making software for Palm computers. It has dealt with a rapidly changing marketplace and over the years it has:

  • produced navigation software for PDAs (personal digital assistant)
  • produced its own navigation devices
  • developed live traffic information
  • acquired a digital mapping company
  • developed navigation software for smartphones
  • struck up deals with car manufacturers

PostNL (formerly TNT) has had to adapt to the decline in regular mail as well as tapping into the requirement to deliver more packages (outside working hours) as a result of an increase of web shops.

RMM:  What do organizations most commonly overlook in their continuity planning?

DT: Two most commonly overlooked aspects are keeping plans up to date and exercising/testing.

Business continuity management is often initiated as a project, usually assisted with external expertise. Internal personnel frequently have this role in addition to their “normal” functions. As the organization changes, these plans often get overlooked. After one or two exercises have been carried out, the focus on exercising quickly diminishes.

Unfortunately, these two aspects have a large impact on the ability to recover as planned. It could be argued that this is an indication of a lack of management commitment.

RMM: Why do so many companies overlook their continuity planning and emergency preparedness?

DT: The biggest reason is that it is not a requirement for many organizations. When not required by a regulator or a customer, the organization must:

  1. know about continuity planning and emergency preparedness
  2. understand their risk
  3. understand its value before there is a possibility of it being implemented

By not having done a risk or impact analysis, it is also easy for organizations to think that a disruptive event will not happen to them and therefore not worth the hassle and investment.

RMM: How much time and effort does creating and initiating a business continuity plan take?

DT: This depends on the size and complexity of the organization, the ambition level and the resources available. For small organizations, it is possible to create and exercise plans within a month—but this would typically take a little longer as the required people will also have other tasks. For a large and more complex organization, it may take two-to-three years to reach the desired maturity level.

RMM: What advances would you like to see the global risk management community achieve with regard to planning and preparedness?

DT: I would like to see a better understanding of each other’s disciplines and a better collaboration between them. There is much overlap between the two disciplines and with better collaboration, we can more efficiently and effectively minimize risks and improve the continuity. We are currently working on better understanding how we achieve synergy between business continuity and risk management. We see this as being a prerequisite for achieving organizational resilience. Collaboration with other disciplines is also necessary.

RMM: We’ve seen examples of reputation crises that have in some cases forced companies to close. How can organizations avoid these pitfalls?

DT: A major factor in managing the extent of the reputation damage is the quality of the crisis communication. How well and honestly you inform those affected and of course how you deal with social media makes the difference in how you are perceived. The subsequent actions need to be in line with the messages communicated.

RMM: What has changed in the BCI’s Manifesto for Organizational Resilience that risk professionals should know about?

DT: The manifesto is built on the simple premise that resilience is not the responsibility of one part of the organization—it is the responsibility of discipline within an organization working closely together toward a common purpose. Risk Management, emergency planning, disaster recovery, security, facilities management, business continuity management, supply chain management, IT management, HR management…all have an equal role to play in delivering resilience.

The manifesto contains our undertaking to seek out alliances with other professional bodies along the spectrum of what might be termed “resilience disciplines” in order to work collaboratively. This would make organizations more resilient than if we each work within our own silo.