Surviving uncertainty
In business, decision makers yearn for stability, yet increasing complexity makes it ever more difficult to make the right calls. As the UK’s recently published National Security Strategy concludes, “our world is characterised by radical uncertainty.” Events of recent days have brought geopolitical uncertainty to the fore. With rising volatility, an already complex situation has the potential to change rapidly, in unanticipated directions, with unexpected repercussions. All too often decision makers are susceptible to an optimism bias, “it will be alright on the night”, and they don’t consider the impact of a combination of seemingly unconnected factors.
With an ever-growing interconnected dependency on data and digital systems and infrastructure, the systemic complexity of modern economies and societies makes them surprisingly vulnerable to small disturbances that push systems beyond designed levels of tolerance, resulting in fail-safe responses. Think of the momentary glitch in the frequency oscillations in the Spanish power network in late April, that caused numerous generators to go off-line to protect themselves, resulting in prolonged blackouts across the Iberian Peninsula. Or consider the fire at an electricity substation supplying Heathrow airport a month earlier, that resulted in flight operations being disrupted for 18 hours or so. Last year a global IT outage was caused by a software update. More recently, we’ve had two national retailers suffer incredible disruption as a result of cyber attacks to their key systems. In all four examples, the costs of business disruption are considerable running into hundreds of millions of Pounds/Euros/Dollars.
Beyond the often ill-informed national fixation with the blame game, inflamed with the inevitable turbo-charged online commentary, what can we learn from this? Across Whitehall there is a sharpened focus on how to enhance organisations’ cyber resilience in the face of the increased threat. In a speech at the end of last year the Director of the National Cyber Security Centre stated:
“We need all organisations, public and private, to see cyber security as both an essential foundation for their operations and a driver for growth. To view cyber security not just as a ‘necessary evil’ or compliance function, but as a business investment, a catalyst for innovation and an integral part of achieving their purpose.”
As if that wasn’t enough of a carrot, the much heralded Cyber Security and Resilience Bill, due to be introduced to Parliament later this year, may yet provide the stick.
So what?
With stability something of a dream of yesteryear, leaders should consider how they might deal with business disruption or actual attack, resulting in loss of sales, difficult communications with stakeholders, and potentially the loss of sensitive data. Rather than viewing resilience measures as an additional cost, they should be viewed as value added means of retaining existing clients and winning new business. A couple of areas to consider in your quest for increased resilience:
- Avoid the tendency to assume that “it” won’t happen. Our inherent optimism should not overweigh the curiosity to consider what might be the worst thing to unfold.
- Failure to plan is planning to fail. Have a plan that addresses the who, what, how and when. A resilient mindset considers the critical activities and how they might be disrupted, establishes the interdependencies internally and externally, and prepares for plausible worst-case scenarios. Plans are then exercised and stress tested to determine whether enough has been done.
- Leadership teams set organisational risk appetite. They need to be risk aware, where necessary taking advice from those closest to the risk, although it is the C-Suite alone that are responsible for the treatment of the risk.
- Communications are key in times of trouble. As no organisation exists in isolation, nuanced messaging to staff, clients, suppliers, the general public, regulators, and investors needs to be considered as part of the planning activity.
- Never let a good crisis go to waste – Churchillian wisdom – although really a statement of the obvious, always take the opportunity to learn and adapt.
Ready to strengthen your cyber resilience?
In today’s unpredictable world, cyber resilience is no longer optional, it’s essential. At Redcentric, our dedicated cyber team is here to help you assess your vulnerabilities, develop comprehensive resilience plans, and ensure your business is prepared for any eventuality.
