Executive need to listen

COLUMN | October 21, 2020 | 4 min read

Operational resilience is the new C-suite KPI

The next crisis is coming. Here’s how to make sure your organization is prepared

By Barbara Kay, security and risk product marketing lead, ServiceNow

  • Organizations need to track and measure how they steer through disruptive events
  • Operational resilience requires continuous collection, evaluation, and monitoring of internal and external changes
  • Resilience metrics can draw from multiple domains, including IT, security, HR, facilities, and employee health and safety

For me, the expression “keeping a level head” conjures children walking around the room and up the stairs balancing books on their heads. But It literally means maintaining perfect posture—upright and aware, smooth movements, consistent focus.

In business, we already use the “posture” idea to gauge our cybersecurity or risk status. We can also have a strategic posture—lean in versus lean back—or a competitive posture.

In the wake of a global health crisis, organizations also need a posture for operational resilience. In a nutshell, operational resilience is the ability of organizations to continue to serve customers, deliver products and services, and protect their workforce in the face of disruptive events like COVID-19. It can help companies anticipate, prevent, and recover and learn from these events. At ServiceNow, for example, we just announced new capabilities to manage these types of risk.

In practice, companies can measure and track operational resilience as a key performance indicator (KPI). The concept relies on two key principles:

  1. Use it or lose it. Operational resilience is something businesses must actively plan for and maintain. Like other “postures,” you lose it when you forget about it and start to slouch.
  2. Establish metrics. You get what you measure—so having a way to express resilience in numbers permits oversight, improvement, and a little healthy competition between lines of business and stakeholders.


Business agility: The strategic imperative to survive and thrive in volatile times

A smart resilience posture can be assessed not just within IT or cybersecurity, but with functional programs, suppliers and people. Ideally, it should reflect the broad organization. The functional programs are actionable at a policy and control level. The rollup provides the perspective required by C-levels and the board.

The right resilience posture can both spark and answer questions like:

  • “How well are we supporting the expectations of employees and customers?”
  • “How will a terrible hurricane season affect my business? My workforce? My customers?”
  • “How well have we thought through the potential scenarios for disaster and disruption?”
  • “What can we do to reduce key risks?”

This laddering of perspectives is possible when you overcome the stovepipes and fiefdoms of information and decision-making around the organization. Resilience is also an ideal use case for your company’s digital enterprise platform, as it pulls asset, IT context, and security data from IT; enriches it with human resources, vendor, health and safety, and facilities data; and organizes it all based on business criticality and risk.

A successful resilience posture requires clear lines of authority. “Resilience requires clarity about who really owns the risk,” says Kevin Barnard, ServiceNow’s chief innovation officer, who previously spent 14 years at GE and GE Capital, where he managed IT disaster recovery, business continuity, and crisis management. “Business processes are the main priority and their owners are the primary beneficiary of operational resiliency,” he adds. “If IT is still the decision-maker in this conversation, you’re doing it wrong.”

Operational resilience involves continuous collection, evaluation, and monitoring of changes, internal and external. It also requires agility—planning for what you can, handling what you must as it happens.

That’s difficult to pull off without digitizing work processes. In a new global survey of executives and employees commissioned by ServiceNow, 91% of executives reported they still conduct routine workflows offline. That won’t fly for operational resilience. Manual and paper-based systems are already problematic under normal conditions, as they add delays, errors, and costs. When you add in all the work relocation requirements brought on by a global pandemic, and you can see why these operational workflows need to go digital.

“Before COVID, we thought long-term crisis management would last a week. We didn’t imagine the shutdowns and workplace changes,” says Sundari Parekh, vice president of security governance, risk and resilience at InComm. “Our business continuity plans and frameworks built with ServiceNow permitted us to continue to run our processes, be flexible, and respond with minimal impact to InComm or our clients.”

There’s a very attractive carrot here. Digitally transformed companies are already more resilient and more profitable than their digital laggard peers. Our comprehensive analysis of operational data from thousands of large enterprises on the ServiceNow Now Platform® worldwide found that even before the pandemic hit, companies that had digitally transformed their operations were already seeing gains in cost savings and operating margins.

Analysis from IDC also shows that a “digital divide” exists between the performance of digital leaders and laggards during the pandemic.

IDC’s risk-based business model shows how essential operational resilience will be to transit the economic recession. The divide underscores how advanced companies will suffer less impact and move more quickly into acceleration. They can use the preserved economic resources for strategic reinvention and acquisitions that will leave their less resilient competitors far behind.

We see resilience as an essential attribute of healthy organizations. It’s an effective lens for understanding what’s working and what needs to improve so your overall mission can be achieved. Success requires work on the fundamentals: breaking down silos, building trust and collaboration among stakeholders, and automating processes to be insightful, efficient, and timely.

Given what we’ve learned in the last year, building operational resilience is doable, important, and urgent.

Want to Get Ahead and Stay There? Rethink IT Service Delivery.

Related articles

Inside value capture
Inside value capture

A roadmap for maximizing digital value in modern organizations

Customer experience in the next normal
Customer experience in the next normal

A global crisis is accelerating the digital transformation of customer service

The future of security is automated
The future of security is automated

There aren’t enough security analysts in the universe to manage a rising tide of threats. Automation can help.

Digital gold rush
Digital gold rush

Finding Australia’s new common wealth: Why ethical AI, human-machine teams, digital identity and diverse perspectives will transform the next decade


Barbara G. Kay, CISSP, leads product marketing for security and risk at ServiceNow. She has been laser-focused on security and risk management for more than 15 years.

Loading spinner