Born To Be Wild

Author: admin

  • Integrated Business Continuity Plans: Tackling Cyber Risk Head-on

    Integrated Business Continuity Plans: Tackling Cyber Risk Head-on

    Cyber risk is one of the biggest concerns facing organisations today. The effects of a cyber attack or data breach can be felt throughout the entire organisation with far-reaching ramifications for customers and staff. This is no longer just an IT concern – it’s everybody’s business.

    “It’s critical that business continuity professionals incorporate cyber threats in their business continuity planning, along with the traditional threats such as severe weather or supply-chain disruptions,” says Simon Petie, Regional Manager at RiskLogic. ‘But rather than having two separate response models – one for IT and one for the business continuity team – IT’s response needs to be integrated into the existing business continuity structure . This integration has the added benefit of giving IT an insight into the potential impact to the business as a whole.”

    Potential cyber attacks

    Cyber attacks are constantly changing and attackers are finding new ways to breach defences. Such attacks can wreak havoc in an organisation causing reputational damage as a result of compromised personal or financial information, loss of productivity and decreased revenue. In some cases, it can even shut down operations or put an organisation out of business entirely.

    “An organisation’s response must be tailored to different cyber threats,” confirms Daniel Muchow, Head of Cyber Security at RiskLogic. “The plan also needs to highlight what activities are to be performed by IT and define specific communication points between IT and leadership. This could include periodic situation updates as well as advising on response options. In a cyber crisis, it’s critical that designated IT personnel, as subject matter experts, have the power to authorise actions as necessary.’”

    Updating the business impact analysis

    Keeping the business impact analysis up to date to ensure it identifies all critical IT processes, data and locations is also important. If there is a network failure, plans must be in place for secure access alternatives. Like other disaster responses, backup systems also need to be regularly tested.

    Today, information technology is woven into the very fabric of organisations. When the IT department is able to work seamlessly with business continuity leaders through an integrated business continuity plan, organisations can respond quickly and appropriately to a cyber attack. Costs will be minimised, data better protected and reputational damage effectively controlled.

    For help integrating Cyber Security risk control with your business continuity plan, contact RiskLogic on 1300 731 138 today.

  • Learning Resilient Leadership: Putting leaders ‘in the box’

    Learning Resilient Leadership: Putting leaders ‘in the box’

    Resilient Leadership has become one of the top searched business queries on YouTube (the world’s second largest search engine).

    Recently I was consulting a large business on Incident Management and understanding resilient leadership. We worked on their overall framework for managing incidents, and then produced a beautiful array of nested documents to show how ready the company was to manage incidents. But then came the interesting part; the validation.

    What I found was that the company was quite concerned about the exercise and scenario methodology.

    In fact, we spent a number of meetings going into specific detail regarding the scenario that was to be tested, the key leader (and CMT lead), who we were conducting the work with, wanted to be fully briefed on the scenario and to be part of the staff administrating the exercise.

    Having queried this type of approach with other consultants, it seems that this is not an uncommon occurrence.

    So, what’s the problem here? 

    Applying the most basic military or sporting mindset to this story reminds me of the adage ‘train as you wish to fight’. The issue in the anecdote above is not that the leader wanted to ensure the exercise met the required goals or milestones to satisfy internal, higher or external entities, but more the absence of actual leadership due to a fear of failure.

    To internally monologue this type of leader;

    Of course I would like to be involved in this scenario, but deep down I don’t want to look like I don’t know what I’m doing. I don’t want to worry my team about my capacity to perform under pressure. I’ll find a solid excuse such as oversight of the exercisers or the need to accurately assess the response teams. In fact, I’ll most likely convince myself so much that I wouldn’t even have considered myself in the first place.

    The term ‘in the box’ is a phrase used to describe people being exercised under test conditions. If you are ‘in the box’ you are being tested.

    So, should a leader go ‘in the box’ with their team? Even in situations where they may have to pass supervisory or exercising duties to others (maybe even a junior). Should they step into the box when they know their deficiencies are likely to be seen? Should they step into the box knowing they may fail?

    I was a commander of a Special Forces Task Unit in the Irish Defence Forces. This unit has an extremely rigorous selection process with less than 1% membership of the entire Defence Forces.

    During my time as a leader within this organisation, I failed multiple times. I failed in front of my teams. Sometimes, I felt like I had made a fool of myself.

    On one occasion during a physical competition on an obstacle course, I couldn’t scale a wall. Everyone else in my sub-unit could without any support. My technique and strength let me down and I was so embarrassed that I eventually had to get assistance to scale it. How could I ever ask of them what I could not do myself?

    It hurt tremendously, and there was nothing I could do to change that moment. But I could and would do two things;

    1) I found a weakness and therefore could fix it. I would train and train to ensure I could scale the wall. I trained during the weekends, springing up my house perimeter wall, over and over.

    2) Most importantly, I didn’t hide from the fact that I was below standard and didn’t hide from future tests of my capability.

    Standards are standards, and any test is exactly that, a test against a standard (even if only self-assessed). If I don’t test myself with my team:

    • Then I won’t know where I’m weak.
    • I might dangerously presume that I’m at the standard.
    • How would I ever know how I will go as a leader when ‘it’ happens for real?
    • How will we work under pressure if ‘for real’ is our first time?
    • How will they have confidence in me as having done the same as them, having shown my weaknesses, and then shown the leadership to remediate my weaknesses?
    • Then how would it be fair of me to appraise my team on their performance?

    In answer to the question should a leader go ‘in the box’? – the answer (albeit without individual context) should be YES by default.

    In my experience, the best leaders don’t just go ‘in the box’, they crave the opportunity to get in the box with their team, to give it a crack, to fail together (if they have to) and then learn and repeat the test.

    The best leaders in my experience dislike sitting outside the box while their team is in it. They make the time to get into the box. They cancel other plans to show how important it is.

    Everyone squirms at the thought of assessment. No-one likes to be caught off-guard in front of their team.

    But in my experience, while the short-term effect of mucking up during a blind exercise will feel like a complete failure of your leadership, the long-term personal leadership and group dynamic gains far outweigh the embarrassment and incompetence.

    If you rate your team then you will know they will admire your honesty of effort, over your ability to nail a debrief from the sidelines. Remember, this is training, where the entire idea is to learn from it, and your mistakes are always the best learned lessons.

    So, as a leader:

    • Step into the box. It may sting a little, but you and your team will be stronger for it.
    • Step into the box with facilitators who understand this concept, who have been in the box and who appreciate the challenge.
    • Do it with those you trust, both to challenge you (because you will then learn) and who will protect you (with their experienced ability to read live exercise direction).

    Because a real incident or crisis is not the time to begin your learning – it’s the time to do it and do it well.

  • Thinking About Embedding Organisational Resilience

    Thinking About Embedding Organisational Resilience

    To succeed in these uncertain times, strengthening organisational resilience has never been more important.

    Last year was a wake-up call for all of us, and to thrive in the coming decade, organisational resilience must be developed and the ability to withstand unpredictable threat or change, to then emerge stronger.

    The world is undergoing increasingly fast and unprecedented change. Catastrophic events will grow more frequent but less predictably. They will unfold faster but in more varied ways. The digital and technology revolution, climate change, and geopolitical uncertainty will all play major roles. Here is how.

    Technology & Digital Revolution

    The digital revolution has increased the availability of data, the amount of connectivity, and the pace at which decisions are made. This offers transformational promise but also comes with potential for large-scale failure and security breaches together with rapid cascading of consequences. It also increases the speed at which a company’s reputation can change in the eyes of consumers and employees.

    Climate Change

    The changing climate presents structural shifts to companies’ risk-return profiles, which will accelerate in a non-linear fashion. Organisations need to navigate concerns for their immediate bottom line together with pressures from governments, investors, and society at large. All this while natural disasters are growing more frequent and severe.

    Geopolitical Uncertainty

    An uncertain geopolitical future provides the backdrop. The world is more interconnected than ever before – from supply chains to travel, to the flow of information and how it’s digested. But these connections are under threat, and most organisations have not designed their role in the global system for robustness to keep functioning smoothly, even if connections are abruptly cut.

    In today’s world, where the future is uncertain and change comes fast, organisations need to look beyond short-term performance and basic organisational health. They must be able to not only withstand unpredictable threats, or change, but to emerge stronger. In short, there must be significant resilience.

    Starting to embed resilience

    Traditionally, to stave off disaster, organisations have put in place business continuity plans to respond to a list of potential threats—hurricanes, server outages, cyber-attacks etc. They have tended to include a dose of conservatism in a single-scenario planning approach. This approach is outdated.

    Businesses should strive as much as possible to embed resilience in the way they work, in a way that makes them better in normal times, not just in the face of unpredictable threat or change.

    To get started in building resilience for the years ahead, companies can take three steps:

    1. Understand how resilient your organisation is today.
    2. Determine what your organisation needs to be resilient in the future.
    3. Design your approach to developing and maintaining the resilience your organisation needs.

    Companies that understand the resilience they need for the future can implement sensible change.

    In case of vulnerabilities, this may mean transforming in ways big or small to enhance resilience directly. But, most importantly, firms should look to build resilience into any transformation they undertake, regardless of the primary goals—from digital to growth to cost.

    This yields more robust change and helps you bake in resilience from the outset.

  • What to do when your boss says “drop everything”

    What to do when your boss says “drop everything”

    Tim Archer Head of Communications

    I received an email recently from a CEO who I do a lot of work for. The subject title was “Emergency”. With a clear tone of urgency he said he had a serious issue on his hands and wanted me to “drop everything” and help.

    Given this is exactly what I do as a corporate communications consultant, he had my full attention as I went into crisis mode.

    At least until I read the second line of the email, where he asked me to supply my WhatsApp number so he could brief me.

    For the briefest of moments, I had fallen for a scam.

    Hovering over the sender address revealed the email had not come from the CEO. It was from “sandraralph182@gmail.com” no doubt a random hacker sitting in their dressing gown in some far-flung corner of the world.

    We have all received these emails.

    People who work in finance or accounts are targeted particularly heavily with urgent requests from “their boss” to transfer money or pay a bill.

    So called Business Email Compromise is rampant because it works.

    More than 3,300 incidents were reported to the Australian Cyber Security Centre in the last 12 months, nearly half of which involved financial loss. In total $79 million was scammed out of the pockets of Australians last year.

    In New Zealand, $1 million is lost to cyber crime every month, the majority of which is phishing, credential harvesting, scams and fraud.

    The good news is the Australian Federal Police, working with their local and international partners, were able to claw back $8.45m before it landed in the thieves’ accounts.

    In one case last year, an Australian business was sent two seemingly legitimate invoices that included altered account details for a bank in Singapore. They paid the invoices, worth $500,000 and $2.1 million, before they realised they had been scammed.

    However, because they reported the fraud immediately, police were able to contact Interpol and Singaporean authorities who put a hold on the $2.1m second payment. Unfortunately it was too late to catch the $500,000 payment which no doubt funded a major celebration by the cunning thief.

    The message from police is loud and clear.

    • Do your due diligence before payment.
    • If you are suspicious, pick up the phone and check with your supplier.
    • If you fall victim, don’t be embarrassed.
    • Report it immediately to maximise the chances of recovering the money.

    Human error is always the weakest link in cyber attacks. Good staff communication and education is always the best defence.

    At RiskLogic, you can get industry leading Cyber Consulting and Crisis Communications Planning to help build a culture around this very real and common threat. It’s this awareness within your organisation that can make it harder for cyber criminals to break through.

  • How Business Continuity Can Help SME’s to Multinationals

    How Business Continuity Can Help SME’s to Multinationals

    The idea or concept of Business Continuity or a Business Continuity Plan is often seen by small to medium-sized businesses as not important or relevant to them; they’re just a small fish in a big bond and these global disasters are likely to have a bigger affect on the FTSE 500 than them.

    The truth is, even the biggest businesses have neglected their plans during the pandemic.

    If we think about disruptions that have occurred across the last year, a lot of them have been widespread and impacted businesses of all sizes. But perhaps for the first time, there is an opportunity for small businesses to utilise best practice, and start adopting a resilient culture now.

    From large multinational corporations, right down to the small family-owned businesses, everyone has been affected. It’s easy to focus on the big disruptions, but every day businesses are subjected to yet another disruption from cyber-attacks, system outages, supply chain issues, or even a burst pipe running out into the office.

    Some of these disruptions stand alone and are faced on top of the major disruptions we’re dealing with, such as losing access to email systems, or access to seeing the team face to face again.

    These are flow-on effects from our major disruptions such as; needing to wait for telecommunication networks to be rebuilt after bushfires destroy the infrastructure, or needing to repair supply chains after they are thrown into disarray from border closures.

    I was once being trained on a new system and the question was asked “what happens when this fails?” This was met with some pretty bold statements such as “at our organisation, we don’t have system failures” and “Telstra is more likely to fail than our system”.

    Sure enough, a couple of weeks after the system was launched there was an outage that lasted a few hours but affected many of our customers, leaving teams to try and figure out workarounds.

    Business Continuity Plans aren’t a one size fits all product. The same style of plan that suits global corporations isn’t going to work for smaller businesses, however we’re seeing the evidence this year that disruptions don’t discriminate, they can hit organisations of all shapes and sizes. Fortunately, plans can also be shaped to organisations of all sizes.

    At RiskLogic, one of our smallest clients (in terms of staff) holds four people. They service a global audience in the tens of thousands. So, the argument could be made that their internal structure is so small, they can manage it in an agile, in-house format. Despite that assumption, this client’s plan is comprehensive and has been well tested and used during the supply chain disruptions of COVID-19.

    In the big scheme of things, it’s so easy to underestimate the value of Business Continuity. I had a mentor tell me

    Business Continuity Plans are the tools required to help businesses collect resilient procedures, but they end collecting dust instead.

    But it can be so much more than that. It can help those small businesses thrive through what is likely their toughest battle. It helps large corporates stay on top of what their stakeholders expect of them.

    Business Continuity should be and can be used by all, so start yours today!

  • IPCC Climate Report Critical for Business Continuity Change

    IPCC Climate Report Critical for Business Continuity Change

    If somehow you missed the world’s most popular report this week, then let us introduce you to the mammoth 3,949-page document, IPCC’s The Physical Science Basis on Climate Change. 

    You can download it here ↗

    Collated by 234 scientists across the world, the report is essentially a code red for humanity, which of course means it’s also code red for your organisation. It doesn’t sugar-coat the truth, and unlike many trending documentaries and shared assumptions, we’re not “running out of time”, time is essentially up! And this report sticks the blame unequivocally on humans and large multinational corporations.

    We asked our consulting team how often they’d heard of climate change or natural disasters being a major part of organisational resilience planning, the consensus not being in favour but rather dwarfed by ransomware or pandemic concerns.

    If you are neglecting the grim reality of a warming planetyou may be subjecting yourself to serious public scrutiny and regulatory change.

    There were no-holds-barred in the IPCC’s report when they chose to name and shame the top companies contributing to the world’s highest carbon emissions. You don’t want that sort of acknowledgement.

    But not everyone’s business is mining fossil fuels and chopping down trees. Many of us work remotely, perhaps permanently, and we have complete confidence that our carbon emissions are next to zero. However, a wide-stretching employee base is still very much subject to natural disasters. Take the significant bushfires of 2020 in Australia and the flooding in New Zealand this year to name a few. Many of our clients saw their team members go offline without warning for days.

    Staff can be more easily controlled and supported during an event within the workplace, this is almost an impossible task remotely. Extreme weather events are playing havoc on people’s livelihoods, affecting physical dwellings, as well as their mental health too.

    The World Economic Forum (2021) estimates the cost of mental disorders to be $16 trillion in 2030, exceeding that of cancer, diabetes and heart disease combined.

    AON 2021 Global Wellbeing Report highlighted the top physical wellbeing risk impacting company performance is stress (67%), followed by burnout (46%). The top two wellbeing issues reported from the 1,648 participants across 41 countries who participated: work-life balance (65%) and mental health (46%).

    How does this connect to business?

    In the coming years, countries will experience an increase in drought exposure primarily due to the interaction between climate change and population growth.

    By 2025, two-thirds of the world will be living under “water-stress” as demand outstrips supply according to the GAR’s Special Report on Drought. By 2030, more than 600 million people will be displaced as a result of drought. And by 2035, the damage to our globe will take between 2,000 and 3,000 years to reverse, says the IPCC report.

    That’s only thirteen years away.

    This places greater strain on food and energy production, agriculture, and mining, with significant impacts to supply chain, trade, and human migration.

    How is this relevant to your business?

    This is a smouldering crisis. Like the increase in global temperatures the IPCC discloses, the impacts these natural disasters are having will not be realised for a while yet.

    The Global Risks Report for 2021 listed extreme weather and failure to mitigate climate change within its top 5 global risks by likelihood and impact.

    While Australia and New Zealand are no strangers to drought, the impacts of drought in other parts of the globe can and will have cascading consequences to many industries and will require organisations to identify potential impacts of drought and other extreme weather scenarios on critical business processes, financial revenue, and evolving customer needs.

    We’re seeing a similar domino effect already through supply chain impacts caused by the pandemic. The blockage of the Suez Canal on March 23rd was exactly what the already fractured global supply chain could have done without. Some reports suggest that the impacts of that event won’t be realised for another seven months yet.

    There will (probably) be regulation changes.

    It’s important to begin preparing for impending change that will be implemented by the government. A watch on regulation change isn’t new, but there is a real chance this one could be extreme (and rightly so).

    While some countries will play catch up here, this side of the world (Australasia) has vocal populations that will demand regulatory change implemented by their governments. These changes could have massive effects on your business and people and will require an agile approach.

    World leaders will head to Scotland in November for the pivotal COP26 international climate talks. They’ll be tasked with taking the IPCC’s scientific report and turning it into meaningful policy.

    These policies will surely find their way to our shores, and as such, organisations will have to pivot their plans and procedures. And if it feels like those policies might not affect you, consider the impacts and severity of the European GDPR regulation and the millions already handed over by organisations that aren’t even based in Europe.

    You can get ahead of the curve here by reviewing your business continuity plans today. Look for your potential procedures and policies that won’t work or be adequate during a natural disaster. Ask yourself where are the gaps a new legislation will take advantage of?

    With the continuous growth of the COVID-19 Delta variant, we still don’t know how long our teams will have to work from home. As this unknown continues, we will need to adjust our plans to combat events that can impact our team’s current location of work; it’s an absolute must!

    What can Business Continuity do to help?

    With all the excitement and hype around the IPCC’s report, it can seem that it’s a wait and watch situation, but that’s not entirely true. Organisations can pull out their business continuity plans now or start a new one with the intention to support and manage climate change.

    The simple act of adding this into your next quarter’s critical implementation plan will generate a culture buzz worth going public about.

    Welcoming feedback from our clients, suggests that employee positivity and devotion to their employer is increasing alongside implementations on carbon policies and commitments to the climate. Employees are proud and boasting news of their employer’s commitment to make a difference, and this in turn resonates with customers, stakeholders, and the media.

    As millennials continue to dominate much of our workplace, so too do expectations on doing their part for climate change. An evolution of business continuity is well underway, but this can be a positive time for organisations to revamp how they manage crisis events.

    business continuity plan is an organisational must but often finds the top shelf with the thickest dust. It doesn’t have to be that way anymore. We have an opportunity to put more momentum behind a resilience program now that a report like the IPCC’s is front and centre.

    Use this three-thousand page document as an excuse to amplify your resiliency.

    For more information on how we can help with your business continuity, click here ➜

  • Were business continuity procedures sufficient for the pandemic?

    Were business continuity procedures sufficient for the pandemic?

    Each year business continuity leaders and crisis teams come together to execute what can only be described as their worst day. Extracted from their day jobs these individuals, at the mercy of their risk teams, are presented with a real threat that they then must manoeuvre under realistic conditions to a positive strategic outcome.

    New crisis team members come together to focus on the strategic response of an event off the back of the business continuity panel’s operational response. With experienced hands, and the continual focus on plans, preparations at an organisational level – you may be led to believe assurance of overall success.

    Yet when faced with a novel event, teams need to pivot to a different set of rules that bypass, sometimes, meticulously trained response mechanisms.

    What are novel events and how do they arise? 

    They are generally encountered in one of three situations:

    1. The triggering event is outside the risk bearer’s realm of imagination or experience, or happens somewhere far away.
    2. Multiple routine breakdowns combine to trigger a major failure.
    3. The risk materializes very rapidly and on an enormous scale.

    Organisations that regularly deal with fast-evolving situations know the importance of preparing for the unexpected.

    Yet, the pandemic – one example of a novel event – left many teams without a pre-existing playbook. Reaching for solutions that worked well in other crises but failed to deliver under the circumstances of the pandemic and developing the need for rapid change to response mechanisms.

    So how do crisis teams prepare for the next novel event?

    Decades of behavioural research shows that people pay attention to information that confirms their beliefs but disregard it when it conflicts with them. Experienced teams can reinforce established response patterns that do not always translate well to novel risks, whereby the best approach may be counter intuitive.

    How do experienced teams bring forth the experience of shock and uncertainty in annual exercise activities?

    Make it a part of learned behaviour. 

    1. Practice doing more with less. Involve resource scarcity of some kind during your next planned exercise. Example: Drop the crisis / business continuity lead from the exercise.
    2. Disrupt the embedded response through role cross-training. All individuals seek the experience of how other roles on the crisis team function, developing a better idea and perspective of how your role depends upon others. Example: Each response team member takes on a role different to their own.
    3. Give up control. Empower rapid decision-making to different people including to experts in coordinating teams such as incident or operational response. Example: Don’t allow the team to get stuck in the weeds, ensure the response focus is purely at the strategic level and delegation works.
    4. Independent viewpoint. Gain an expert opinion through an independent observer on the approaches used and whether the team favours a particular one. Assess the evidence to understand the ability to think innovatively. Example: Contract a consultant to observe your next exercise. 

    The beauty of disrupting your routines and learning new ways to solve problems in anticipation of a crisis is improvisation, which will make it better able to cope when met with uncertainty.

    Call to action:

    1. Get uncomfortable during your next exercise, allow teams to find their edge and practice in a safe environment the skills needed to respond to a novel event. Break rigid patterns and build muscle memory in how to apply the foundational elements of a business continuity plan/crisis response and/or plan to an event that the organisation would not ordinarily allocate resources to prevent. This training will further strengthen and build business continuity and crisis capability and confidence under all situations.
    2. Find the right consultant that understands the art form of delivering on these delicate objectives. With the right consultant to guide you, team members come out of it as a positive learning experience and with the confidence to tackle what comes next.

    Getting smarter with how you function under high stress situations and cope with improvised decision-making, and still perform are all active components of a good exercise program. Allow RiskLogic’s depth of field experience, team of experts and industry acumen to support the preparation and delivery of your next exercise.

    A fresh approach with expanded objectives for mature teams can best prepare you for the next crisis – both personally and as a team.

    Source: The Risks You Can’t Foresee

  • Should we still have our Crisis Management Team Activated?

    Should we still have our Crisis Management Team Activated?

    Should we still have our Crisis Management team activated? It depends.

    That answer might not be the one you were hoping for, but each organisation is different and as such, you need to adapt to your unique situation.

    In general, we advise clients, if you have a capable team overseeing the ongoing day-to-day pandemic management effort, then you can reduce the frequency of the Crisis Management Team (CMT) meeting.

    Scenarios that may require the CMT to meet again could be a suspected positive case in the organisation, a certain level of community transmission, lockdowns, and impacts to business operations – like supply chain disruptions.

    If you have a dedicated COVID Management Team, or a support team separate to the CMT, who will keep monitoring the day-to-day operational impacts, you need to ensure you have triggers in place for bringing the strategic thinkers (CMT) back in.

    The CMT should look to delegate where possible but require a deep understanding in order to do that.

    What are others doing?

    We’ve seen some organisations have a separate COVID management team activated, with the CMT no longer active full time – or remain just as a reporting line to provide updates.

    On the flip side of this approach, some organisations only have their CMT activated. This means they can’t delegate as easily and need to remain more actively involved as the event progresses.

    It’s been nearly 24 months since the pandemic took form. In general, it may be beneficial to give the CMT members a break. A stand down from a wellbeing perspective may provide space to evaluate how your organisation currently stands. It can identify whether anything has slipped from the team regarding managing operational aspects – rather than staying strategic.

    That said, everyone is different and there is no definitive answer. Before answering this question for a client, we ask them a few key points first.

    • How big is your team and where are you currently operating? Are there high-risk locations for community transmissions?
    • Are all versions of your response team trained up under the same business continuity and crisis management plan?
    • How has communication been during the pandemic? Could this be improved?
    • Are you still remote or are you working on a return to work policy?

    If you’re finding it difficult to answer these questions with clarity, give our consulting team a call or email, obligation free to discuss.

  • Focus is on corporate resilience for board members

    Focus is on corporate resilience for board members

    Article by Risklogic team

    As boards move beyond crisis management, specific risks and organisational issues are increasingly top of mind. In turn, Business continuity finds itself embedded into more organisational fabric – producing more focus on corporate resilience.

    While the argument can be made that it’s too little, too late, RiskLogic is seeing a positive shift in those who are now more able to deal with concurrent events.

    As the Delta variant continues to evolve, leadership teams are needing to consider a longer term approach to their response. This focus heavily involves a new culture of resilience that has people front and centre.

    Psychological safety, a term coined by numerous employee surveys, has become one of the top considerations for employers in 2021. Seek.co.nz reported an increase last quarter in candidates applying for more flexible working arrangements from their would-be employer. This same report added that many departing employees are seeking workplaces that are better able to address the concerns of a diverse workforce.

    According to Business Insider, Australia, company leaders ranked psychological safety the third most-valuable way to ensure a safe work environment, and 57% highly value psychological safety, according to Aon’s 2021 Global Wellbeing Survey of more than 1,600 companies.

    “Maybe that means people are judged more on merit, which might increase diversity as people are evaluated on the quality of their work instead of the old boys’ club. If you’ve been coasting on your personality and not on your work, this is not a good era for you,” says David Lat, a longtime analyst of law firm culture and a former top-tier recruiter.

    Corporate resilience & people.

    Faced with a global crisis in 2020, board directors and executives reported a renewed focus on corporate resilience as RiskLogic client feedback suggests.

    When board directors were asked about the topics on their 2020 agendas, corporate resilience made the biggest jump since prior years, not surprisingly amid a global pandemic. This commitment doesn’t appear to be slowing down, and some of the best are also turning their attention to more impactful staff demands within workplaces.

    Personal resilience was seen as a key element to resilience programs across all types of organisations. Many board members and leadership teams have reported on crisis response teams being active for nearly 24 months. This heightened level of response has become exhausting for most, and leaders need to recognise this.

    Now, as boards (and the rest of us) look toward a COVID-19 recovery, teams are shifting their attention toward more specific risks and organisational and cultural issues. Some supermarkets across Australia battle less with the restrictions of supply chain and customer numbers, and more with the wellbeing of their employees who are potentially exposed to risk every day.

    The most adaptable boards, according to the directors we have spoken to during the pandemic, were more likely than their peers to have resilience on their agendas, and provide a focus to both organisational resilience, and personal resilience.

    As the RiskLogic consulting team continues to meet and work with more directors, crisis managers and executives, one thing is clear, those with a focus on enhancing corporate resilience are the ones more likely to succeed.

    To discuss your board & executive team’s resilience agenda, you can contact our expert team for a no obligation discussion.

    Find out how to talk to RiskLogic ➜
  • Uncovering Post Pandemic Crisis Trends

    Uncovering Post Pandemic Crisis Trends