Fusion Risk Management’s Steve Richardson highlights the top continuity lessons learned in 2023 that can help businesses build resilience for the future
Continuity and resilience practitioners have been faced with numerous challenges throughout 2023 due to the ever-evolving threat landscape.
The World Economic Forum cites the cost-of-living crisis, geo-economic confrontation and natural disasters, and extreme weather events as the top three short-term risks that organisations faced in 2023 – but those are just the tip of the iceberg.
As global disruptions are likely to increase in scale and scope in 2024, organisations need to strengthen their risk management programs and resilience posture to remain operational, no matter what.
2023 saw a major shift in the geopolitical landscape, with the ongoing war in Ukraine and a newly sparked conflict in the Middle East.
Increased political tensions – coupled with a wave of banking failures earlier in the year – have left no industry unscathed.
Organisations are now expected to rise to the occasion and bolster their risk, continuity, resilience, and regulatory compliance efforts or face potential disruptions that could severely damage the financial and reputational wellbeing of their business.
Practitioners must understand how the risk landscape has changed over the past year to better prepare for 2024 – and this starts with reflecting on lessons learned from 2023.
Ongoing geopolitical tensions lead to supply chain disruptions
The war in Ukraine and heightened tensions with Russia have led to supply chain disruptions that have forced Western organisations to deploy contingency planning to ensure full operationality and continued delivery of critical products and services.
Scarcities of critical raw materials that fuel organizations globally have grown owing to the Ukraine conflict. Ukraine’s top exports of agricultural products (46%) and manufactured goods (42%) have been impacted due to ongoing conflict, leaving organisations in the dark about how to make up for the shortages.
Supply chain disruptions have forced organisations to consider alternative shipping routes and sources for their suppliers, sometimes moving four or five tiers down the chain to avoid disruption.
The importance of rigorous supplier and vendor management has had renewed focus in 2023.
Some organisations have had to consider moving operations out of certain geographic regions to mitigate the impact of geopolitical events. We expect that these ripple effects will continue across supply chains in 2024.
“Organisations must get a head start to strengthen their resilience posture before disaster strikes.”
Organisations must prepare for this to ensure continuity of core business services as well as the safety and security of their personnel – regardless of location.
Additional warning signs of tension in Southeast Asia have potential to cause disruption in 2024 – especially in the large trade/manufacturing centers that much of the world relies on.
Multi-tier business continuity and disaster recovery planning should be the cornerstone of every organization in 2024.
Organisations must get a head start to strengthen their resilience posture before disaster strikes. This should include supplier diversification and spreading manufacturing production capacity and operations to avoid concentration risk.
More rigorous stress testing will be key to avoid disruptions and reputational damage
The failures and subsequent fallout of Silicon Valley Bank and Signature Bank in early 2023 resulted, as expected, in a more scrutinised global regulatory landscape for financial services firms.
But less-regulated organisations should take heed too.
Failure to recognise and manage risks could result in disruptions or disasters that could undermine the foundations of the business. Stress testing will increase in importance for organisations across verticals as boards and customers prioritise resilient operations.
Stress testing visualises pain points that can cripple an organisation when disruptions occur. Over the next year, we will see more non-regulated industries undertake vigorous stress testing to better understand operational weak points and deploy adequate resources to strengthen their resilience posture.
Cyber threats continue to evolve
In 2024, we can expect to see direct cyberattacks on organisations, cyber threats on widely used third-party suppliers to access critical customer data, and an uptick in new cybersecurity regulations.
Cyberattacks over the past year, including the ICBC ransomware attack and the MOVEit cyberattack, have demonstrated the cascading effect that these attacks can have across an organisation’s supplier ecosystem – and how quickly financial and reputational damage can follow.
“In 2024, we can expect to see direct cyberattacks on organisations”
Organisations will have to bolster their scenario testing efforts to account for increased and ever-evolving cyber threats.Assume that any event that can cause disruption will cause disruption – no matter how unthinkable this previously was.
Scenario testing will be a crucial aspect of organisational strategies, not only to ensure that dynamic and agile business continuity plans are in place in the case of disruption, but also to display to regulators and customers that the organisation has its ducks in a row and can ensure the continued delivery of critical products and services regardless of potential disruptions.
An increased focus on vendor relationships
Vendors have become increasingly important to the delivery of core products and services, and we expect that this trend will continue in 2024.
With so many critical operations tied to vendors, organisations must increase their focus on third-party risk management to ensure effective business continuity planning.
Organisations must examine their vendor relationships with a fine-toothed comb from start to finish. They need to put a special focus on the onboarding process in particular to fully recognise what risks they are assuming.
“More robust and integrated stress and scenario testing is imperative to understanding and managing third-party risks.”
They also must have a better understanding of ‘unknown risks’ by fully understanding how vendors are governing their own risks.
More robust and integrated stress and scenario testing is imperative to understanding and managing third-party risks. Organisations must know how business units respond to potential disruptions with a critical vendor.
In 2024, it will be important for organisations to have a 360-degree view of their vendor ecosystem to maintain a strong resilience posture and to show regulators and customers that they can deliver core products and services during times of uncertainty.
A dynamic and agile response to disruption ensures success
As 2024 opens on a complicated risk landscape, we must look to fortify our organisations against all potential disruptions.
True business continuity and operational resilience requires a full organisational effort that looks to shift the culture from being reactive to one of proactive risk management and continuity for all employees.
We must all act as risk managers and should look to organisational leadership to lead the charge to create dynamic and agile frameworks that help practitioners address the increasingly complex risk environment.