ARTICLE | April 12, 2021 | 4 min read

The return on business resilience

COVID showed the best-laid corporate contingency plans aren’t good enough

By Evan Ramzipoor, Workflow contributor

As the world begins to emerge from the COVID-19 crisis, business leaders are thinking about how to best prepare for the next crisis, however it manifests.

The key to survival, says Dave Wright, ServiceNow’s chief innovation officer, is organizational resilience, which he defined as an organization’s ability to continue to serve customers, deliver products and services, protect its workforce, and safeguard its reputation during adverse events.

Recently, Wright held a virtual roundtable with ServiceNow customers to examine the future of business resilience, risk, and the rise of a new C-suite member: the chief resilience officer

The modern enterprise faces a grave threat, Wright says, and it comes from within. In most organizations, risk and resilience are delegated to executives responsible for specific functions. But many of the greatest threats to organizational resilience impact the entire enterprise, if not the entire planet (think COVID-19).

While resilience is siloed, events like extreme weather, trade wars, cyberattacks, geopolitical conflicts, or unforeseeable supply chain disruptions (caused by, say, a cargo ship stuck sideways in the Suez Canal) are often not recognized as threats to the organization as a whole.

Resilience matters because adverse events are not rare.

Even minor adverse events—for example, a construction crew accidentally cutting business-critical fiber-optic cables—can severely disrupt the organization.

Resilience matters because adverse events are not rare. In fact, the number of billion-dollar disasters that occur annually in the United States has tripled since 1999; the average cost of a data breach is $8.6 million. To safeguard against financial and human disaster, the entire organization—not just individual departments—must become resilient.

In response to changes in customer and employee behavior throughout the pandemic, many organizations have begun or accelerated a digital transformation. While useful for managing vulnerability, uncertainty, and complexity, digital transformation also increases the level of risk.

Crises can affect the entire enterprise, so solutions must reach every aspect of it; any modern enterprise, Wright says, must consider the gamut of external (or internal) risk. Predicting every potential risk is impossible, so organizations must learn how to respond to disruption quickly and resiliently.

However, because many organizations view risk from departmental silos, business leaders often can’t achieve holistic views of an adverse event’s impact on the organization, or what a proper response to it should be. COVID, for instance, sent employees home, quickly adding a technology challenge to a massive HR disruption. To mitigate organizational risk, Wright argues that leaders must take steps to break down silos. Resilience has to occur at the organizational level and incorporate people, processes, and technology.

COVID-19 was the mother of all reality checks, Wright says. An MIT Technology Review research report noted that 62% of North American respondents had business continuity plans in place before 2020 but that only half said those plans were effective during the pandemic.

That’s mainly because most continuity plans focus on conventional disasters like corporate network outages and easy-to-imagine black swan events.

Even businesses that, at the start of the first wave of pandemic lockdowns, moved their employees out of the office within days faced resiliency challenges. For them, the challenge quickly moved beyond technology, Wright says; it was people—how to support employees who were suddenly working from home while caring for families and who could no longer communicate with one another by simply walking across a hallway.

Wright describes lessons he’s learned, and unlearned, by studying organizational resiliency.

The biggest learning is that organizations that adopted an agile practice before or during COVID-19 are more resilient and better able to withstand this disruption. On the whole, flatter organizations were (and are) more resilient than hierarchical ones, Wright says, because they foster a feeling of trust that provides psychological safety for employees.

Companies that have sought employee input on issues like schedules, benefits, and even strategy have also seen the development of greater trust, which is correlated to resilience and, ultimately, with a stronger bottom line.

Another learning: resilience pays dividends, especially in tough times. Boston Consulting Group, in a study that examined the performance of more than 1,800 companies over a quarter-century, found that resilience in unfavorable periods accounted for nearly 30% of long-term outperformance, even though crises occurred during only 11% of the study period. As the study put it, “performance during a crisis had almost three times the impact of performance during stable periods.”

Also: adversity breeds resilience, not just for organizations but also for employees. A study by ADP found that people who had experienced at least 5 of 11 so-called “risk factors”—such as furloughs, layoffs, changing work hours, and unplanned moves to work from home—were 13 times more likely to be resilient, Wright says.


Number of billion-dollar disasters that occur annually in the U.S. since 1999

As for unlearnings, Wright says, the pandemic challenged his assumption that resilience is mostly about technology; that is, about having the right backup systems, the right redundancy. In fact, resiliency “is as much about your people and processes as it is about your technology,” he says.

Wright says it’s crucial for organizations to build “a living fabric of resilience” that covers all departments and the individuals within them. In most large companies nowadays, the task of fostering resilience is left to the chief risk officer, or is made a shared responsibility among, say, the CIO, CHRO, and COO. But those executives rarely have the remit and resources to focus on resilience as a companywide priority.

One way to promote resilience at the organizational level is to create a role for it: a chief resilience officer.

This C-suite collaboration and accountability is the sort of structure that needs rethinking, Wright says, because in a world where disruption is the norm, resilient organizations will outperform their peers, and businesses must build resilience into the strategy and structure of the organization.

Want to Get Ahead and Stay There? Rethink IT Service Delivery.

Related articles

The future of security is automated
The future of security is automated

There aren’t enough security analysts in the universe to manage a rising tide of threats. Automation can help.

Securing hospitals against cyberattack
Securing hospitals against cyberattack

The healthcare industry is a soft target for nation-state and terrorist hacking groups. Waiting for the next attack is not the answer.

Companies are playing catch-up on cybersecurity
Companies are playing catch-up on cybersecurity

For many organizations, investing ahead of the breach is a hard sell

Cybersecurity risk in 5 stats
Cybersecurity risk in 5 stats

Security breaches and budgets are both on the rise, according to new research


Evan Ramzipoor is a writer based in California.

Loading spinner