Events over the last two years have created business disruptions and challenges for risk managers the world over. The recently released 2023 Global Enterprise Resilience Report from Infinite Blue explores recent events and identifies anticipated challenges over the next 12 months, so risk managers remain aware of emerging trends and threats and can plan for enterprise resilience.
The report analyzes three new realities that arose over the past two years, highlighting those that businesses must consider when planning for future events, including:
1. Distributed workforces: The distributed workforce presents a variety of challenges for risk management, including maintaining information security and data protection in remote work environments. A survey released by Tenable in 2021 revealed that 74% of organizations attribute recent business-impacting cyberattacks to vulnerabilities put in place during the pandemic, and 80% of security and business leaders say their organizations are more exposed to risk as a result of remote work. Migration to the cloud is another risk related to the distributed workforce. The same survey showed that 80% of security and business leaders believe moving business-critical functions to the cloud elevated their risk, while 62% of organization suffered business-impacting attacks involving cloud assets.
2. Multiple crises: Workforce shortages, supply-chain disruptions and natural disasters had a negatively impacted businesses as they struggled to coordinate the activities of various vendors and partners. In this hyper-dynamic environment, the workforce, supply chain, operations and vendors were rapidly and constantly changing, highlighting the need for accurate, up-to-the-minute information. This occurred, in part, because many corporate business continuity & disaster recovery (BCDR) plans were designed to achieve compliance, not resilience. The study explains that some “data center recovery plans accounted for an entire facility failure but couldn’t easily be adapted when a single server or network switch went down.” Risk managers should now be aware that today’s complex environment requires more flexible plans and responses.
3. Resource shortages: Previously, when a company faced a crisis, it could turn to other businesses, sister companies or contractors for help with manufacturing, logistics, raw materials, goods, services and people. During the pandemic, this was not the case. Nearly every enterprise was resource starved and stressed. Organizations with incomplete, siloed or static resilience programs faced the greatest challenges.
The report also explores how four anticipated situations in 2023 may influence risks. Trends to watch include:
1. Geopolitical tensions: Tensions between the west and Russia, China, North Korea and Iran will continue to create hazards for organizations. Especially concerning is cybercrime from these regions. Experts anticipate the risk of large-scale attacks, particularly those aimed at government networks and the nation’s infrastructure and financial system, to remain high in 2023. The war in Ukraine also continues to pose several threats to organizations with people and facilities in the region.
2. Supply chain disruptions: Supply chain pressures may ease, but U.S. companies may still encounter shortages in goods and materials due to a significant backlogs in shipping and warehousing capacity, raw materials shortages, weather events and manufacturing disruptions in China due to its prior zero-COVID policy.
3. Natural disasters: The trend over the past two decades of increasingly frequent and severe natural disasters will undoubtedly continue. Meteorologists are predicting that current La Nina conditions will continue into 2023, increasing the risk of hurricanes, droughts and forest fires regionally.
4. Economic downturn and market disruptions: Due to higher interest rates and inflation, some economists expect that a recession in 2023 is certain. This could have an impact on the profitability and stability of many organizations. Energy prices may continue to rise and, in some markets outside of the U.S., shortages may occur, causing further disruption in the supply chain and manufacturing capacity.
With an eye toward these potential challenges, risk managers should ensure that BCDR plans and resilience programs no longer operate in a silo and should create and adopt an organization-wide culture of crisis preparedness. Planning and training all people throughout the enterprise should communicate what is expected in the event of an incident and employees should be connected through a mass communication system.
For more information on the report, click here.