Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • The Security Leadership Issue
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityPhysicalSecurity Leadership and ManagementSecurity & Business ResilienceSecurity Education & Training

Business resilience: A critical program for organizations to enhance crisis response

By Marlon Guimaraes
business continuity planning and risk and resilience at the enterprise
March 23, 2021

The year of 2020 will be forever printed in world history and will certainly be remembered as the year we all managed multiple crises at once. Whatever the advert circumstances faced, it is unquestionably recognizable that we have been through tough times financially, psychologically, professionally and in other countless ways. The far-reaching impact of the COVID-19 pandemic is still causing irreparable damage in a myriad of ways, including the plunge of stock markets around the globe, while multinational companies request financial aid or file for bankruptcy. Consequently, an increase of unemployment and recession can already be observed across the globe.

Although light can be seen at the end of the “Coronavirus tunnel” attributed to the high expectation of the various vaccine announcements and their successful rate of efficacy, the vast impact to our personal and professional lives are far from over. Nonetheless, what is left is hope, and lessons to be learned (and applied).

Despite the wide-ranging and borderless impact of intermittent crises caused by this pandemic, society must look ahead. Humans have demonstrated over thousands of years that being resilient is an intrinsic characteristic, and we will – or at least try – to adapt to different and eventual difficult circumstances over time. But now that we have been dealing with this pandemic crisis for over a year, how can the private sector and risk and resilience professionals within their organizations, leverage a diverse set of crises and disruptions to develop or enhance preparedness, responsiveness, recovery, and actually save money and time?

It is evident that both the public and private sector have constantly witnessed historic recurrence, and the fact is that lessons can – and must - always be learned in order to strive for error avoidance in the long run. However, learning is not sufficient in order to improve. Organizations must convert lessons into concrete, but agile and flexible strategies followed by actionable items. One must accept the fact that crises will eventually occur, and that being vulnerable is a reality despite the often-heard sentence by crisis management professionals: “this will never happen in our company.” Risks and impact must be measured. Plans must be tested and constantly updated.

The basics of crisis management

Prepare, respond, and recover is the traditional framework lifecycle of a basic crisis management structure that should be implemented by any organization in any industry. However, is your company really preparing for unforeseen circumstances? How much money and time could preparedness and effective response be conserved? How big of an impact would a major outage or a data breach cost to your organization? What is the cost of a reputation fiasco? Several companies that have been through major crises will ratify that preparing for the worst would be crucial from a capital and time perspective.

Year over year, we read or see on the news multiple external/internal crises or major disruptions among agencies and enterprises: ransomware attacks, data breaches, disease outbreaks, environmental hazards, civil unrest, lawsuits, societal risks, employee turnover, workplace violence, and other relevant eventualities. Internal crises are also more frequent than we imagine.

Within the past few years, companies have been heavily impacted by considerable financial effects following a crisis; Pinterest settled a gender discrimination lawsuit with former executive for $22.5 million; Europe Union hit Google a $1.7 billion antitrust fine; Target, one of the largest retail companies in the U.S. was fined $18.5 million for a 2013 data breach that affected 41 million consumers; Equifax paid $575 million as part of settlement with FTC, CFPB, and states related to 2017 data breach; Facebook was fined $5 billion by the FTC, and was urged to update and adopt new privacy and security measures.

The added risk of work from home

In 2020, the vast majority of businesses worldwide adopted a working from home policy which automatically reflects a concern regarding security vulnerabilities related to the cyber environment. According to a survey conducted by Ontrack, 39% of organizations are not prepared for a ransomware attack and 1 in 5 organizations are not able to access a working back-up of their data. Enterprise-wide defense plans must be considered in order to reduce the risk of being caught in major downtime, loss of data or having to face heavy fines by privacy laws, followed by negative publicity.

Enhancing resiliency

The term “resilience” has been often used across the private sector in the past few years to mainly identify crisis management, business continuity and operational recovery efforts. Business resilience should be seen as an overarching strategic capability to efficiently prepare for, effectively respond to, and quickly recover from crises or disruptions, whilst applying all necessary strategies to continue providing critical services to internal and external stakeholders.

The world is coming to terms with a new economic and political order, trying to deal with increasing global threats; ranging from security, mass migration, cyber-crime, supply-chain, climate changes and others. Crisis management, business continuity management and operational recovery facilitate organizations to develop and enhance resiliency by providing the capability for an effective response to threatening events that have the potential to directly or indirectly impact organizations. Such programs provide the framework to understand how value is created and maintained within an organization and establishes a direct relationship to dependencies or vulnerabilities inherent in the delivery of that value. As such, mature business continuity, disaster recovery, and crisis management programs are key disciplines required in any organization to become more resilient — which is a key building block to strengthen any pragmatic program foundation. 

Resilient organizations with a mature business resilience program established are forward thinking and due to the ability to adapt to changing circumstances which may have the potential to result in damaging effects on the organization’s ability to survive and prosper. Data driven strategies followed by business impact analyses, and risk / threat assessments can result in significant decrease in money and time spent dealing with response or recovery that haven’t been identified.

In order to become more resilient, risk and resilience professionals must rely on setting the foundation correctly, therefore adding value to both internal and external stakeholders. To ensure resiliency in the face of varied risks, it is essential to have a holistic business resiliency strategy approach which permeates all business functions, concluding overarching plans, as follows:

  • A crisis management plan which contains directives with strategic and tactical procedures with predefined roles and responsibilities to effectively respond to crises or incidents with the potential to impact staff, customers, key stakeholders or cause significant financial, operational, and/or reputational impact to the business. 
  • A business continuity plan which proposes and rehearses a response to all identified and likely operational disruptions according to the business line. International standards as well as respected institutions such as the ISO 22301; BCI or DRI, respectively, can be very helpful in developing a business resilience program.
  • A disaster recovery plan which is a technical subset of business continuity mainly focused on IT recovery enables the organization to recover from disruptions.

It is obvious that crisis response plans/playbooks, business continuity and disaster recovery plans are part of a wider strategic governance and structure that incorporate many factors, including impact thresholds; risk assessments; policies or statements; guidelines and standards; incident management and remediation plans; playbooks; tabletop exercises; failover tests; mass notification and crisis communication tooling; vulnerability audits; debriefing or post-mortem practice; next-of-kin response; dedicated internal and external communication channel for transparent information; insurance; reporting and escalation procedures; continuous update of contact list and employees emergency details; intelligence capabilities; crisis briefings to C-suite level; collection of metrics; project management; third-party risk assessment evaluation; external technical and expertise support (e.g. legal, cyber, public relations); and many others.

There are two quotes by Warren Buffet that should be considered as a must within organizations regarding managing crises and overall resilience which cannot be neglected, especially if the goal is to thrive while facing a vulnerable and uncertain environment:

  • "It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently."
  • “Risk comes from not knowing what you're doing."

Business resilience programs will not generate revenue for organizations, but will most certainly create awareness, change a responsiveness culture into a preparedness culture, cut expenditure, save time and minimize reputational impact – not if, but when improbable circumstances become reality.

KEYWORDS: business continuity business continuity planning disaster planning emergency management emergency planning emergency response tool risk analysis risk and resilience risk management security leadership security management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Marlon Guimaraes heads Global Business Resilience and is responsible for all Crisis Management / Business Continuity efforts across the Booking Holdings group. With over a decade of experience in crisis management and international security operational and strategy functions, Guimaraes has a successful track record in growing and enhancing such programs in multinational companies ranging from technology to commodity industries. He has a Bachelor's degree in International Affairs; holds a Master's of Business Administration; and is certified in Business Continuity by DRI (CBCP) and in Crisis Management by the BCM-Institute (CMCS). He has lived and worked in Brazil, the Netherlands, USA, Mozambique, Oman, Malaysia, and other countries.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
close

1 COMPLIMENTARY ARTICLE(S) LEFT

Loader

Already Registered? Sign in now.

Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Coding

AI Emerges as the Top Concern for Security Leaders

Person working on laptop

Governance in the Age of Citizen Developers and AI

patient at healthcare reception desk

Almost Half of Healthcare Breaches Involved Microsoft 365

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • cyber security freepik

    When security and resiliency converge: A CSO’s perspective on how security organizations can thrive

    See More
  • cognizant

    Cognizant’s Global Business Resilience team leads crisis management

    See More
  • cyber business resilience

    5 steps to conducting a cyber resilience review

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!