Even minor adverse events—for example, a construction crew accidentally cutting business-critical fiber-optic cables—can severely disrupt the organization.

Resilience matters because adverse events are not rare. In fact, the number of billion-dollar disasters that occur annually in the United States has tripled since 1999; the average cost of a data breach is $8.6 million. To safeguard against financial and human disaster, the entire organization—not just individual departments—must become resilient.

In response to changes in customer and employee behavior throughout the pandemic, many organizations have begun or accelerated a digital transformation. While useful for managing vulnerability, uncertainty, and complexity, digital transformation also increases the level of risk.

Crises can affect the entire enterprise, so solutions must reach every aspect of it; any modern enterprise, Wright says, must consider the gamut of external (or internal) risk. Predicting every potential risk is impossible, so organizations must learn how to respond to disruption quickly and resiliently.

However, because many organizations view risk from departmental silos, business leaders often can’t achieve holistic views of an adverse event’s impact on the organization, or what a proper response to it should be. COVID, for instance, sent employees home, quickly adding a technology challenge to a massive HR disruption. To mitigate organizational risk, Wright argues that leaders must take steps to break down silos. Resilience has to occur at the organizational level and incorporate people, processes, and technology.

COVID-19 was the mother of all reality checks, Wright says. An MIT Technology Review research report noted that 62% of North American respondents had business continuity plans in place before 2020 but that only half said those plans were effective during the pandemic.

That’s mainly because most continuity plans focus on conventional disasters like corporate network outages and easy-to-imagine black swan events.

Even businesses that, at the start of the first wave of pandemic lockdowns, moved their employees out of the office within days faced resiliency challenges. For them, the challenge quickly moved beyond technology, Wright says; it was people—how to support employees who were suddenly working from home while caring for families and who could no longer communicate with one another by simply walking across a hallway.

Wright describes lessons he’s learned, and unlearned, by studying organizational resiliency.

The biggest learning is that organizations that adopted an agile practice before or during COVID-19 are more resilient and better able to withstand this disruption. On the whole, flatter organizations were (and are) more resilient than hierarchical ones, Wright says, because they foster a feeling of trust that provides psychological safety for employees.

Companies that have sought employee input on issues like schedules, benefits, and even strategy have also seen the development of greater trust, which is correlated to resilience and, ultimately, with a stronger bottom line.

As for unlearnings, Wright says, the pandemic challenged his assumption that resilience is mostly about technology; that is, about having the right backup systems, the right redundancy. In fact, resiliency “is as much about your people and processes as it is about your technology,” he says.

Wright says it’s crucial for organizations to build “a living fabric of resilience” that covers all departments and the individuals within them. In most large companies nowadays, the task of fostering resilience is left to the chief risk officer, or is made a shared responsibility among, say, the CIO, CHRO, and COO. But those executives rarely have the remit and resources to focus on resilience as a companywide priority.

One way to promote resilience at the organizational level is to create a role for it: a chief resilience officer.

This C-suite collaboration and accountability is the sort of structure that needs rethinking, Wright says, because in a world where disruption is the norm, resilient organizations will outperform their peers, and businesses must build resilience into the strategy and structure of the organization.