The global pandemic has sped up the digitalization journey of many companies and has emerged as a key catalyst empowering the switch to digitalization, according to a survey conducted by McKinsey & Company in 2020. It is not difficult to see that digitalization has brought forth many upsides due to its added convenience and efficiency, transcending the way we connect and do business beyond the difference of time zones and transnational borders. Businesses can now continue running and even thrive with the workforce working in the comfort of their own home, managers can view updates, co-workers can coordinate, communicate, share documents in real time, ensuring operational continuity even in the face of geological lockdowns (McKinsey & Company, 2020). Digitalization has brought closer, the way how people connect and eliminated the need for face-to-face contacts and meetings- eliminating the worries of infections while not compromising business productivity.
As businesses get increasingly global and the communication sphere between people shrinks due to the marvel of technology, competition has never been more intense as service and goods providers compete to push their products out better and faster. Customer support has also shifted its focus from conventional customer service centricity to the holistic customer experience (Harvard Business Review, 2021). Companies are now more focused on ensuring a better experience in using their service/ goods during these times of global uncertainty and emerging economy (PWC, 2018) (Martin, 2021).
The rapid emergence of the pandemic and work from home strategies have led to an increase in the number of organizations that rely on digital services. This is also reflected in the actions of government agencies and regulators. With the rise of digital platforms and cloud-based tools, users from commercial and consumer markets have also increased exponentially (Microsoft, 2021). The rise of 5G and the Internet of Things (IoT) has also led to the creation of new business opportunities. However, the looming risks associated with these new technologies remain high (Macarayan, 2022).
As corporations swarm to digital solutions providers to assist them through the various phases of their digital transformation journey, leaders should bear in mind that while there are many upsides to digital transformation, it is crucial to balance the transformation pace by focusing on agility, resiliency, operational efficiency, and sustainability instead of hopping hastily onto the transformation bandwagon out of fear from the loss in competitiveness in the market (McKinsey, 2021) (Gartner, 2021).
Agility, operational efficiency, and sustainability can be mapped out through a comprehensive needs analysis and engagement with the operational staff in combination with data analysis and an iterative Plan-Do-Check-Act (PDCA) cycle to ensure the seamless amalgamation between hardware and “heartware”- the people aspect of things (Sony, 2019). As the number of employees globally shifts to remote work, business leaders are now looking for ways to foster the social capital and cross-team collaboration that are driving workplace innovation. The company’s goal is to enable its employees to connect and communicate with each other, allowing them to develop effective communication and collaboration skills. As the world continues to recover, businesses must adopt flexible working practices that will enable their employees to thrive in the new era of work (Cancialosi, 2020).
Resilience is a paramount aspect that determines the success or failure of digital transformation in an organization. And this stretches way beyond just cyber security. The resilience of upstream and downstream stakeholders is just as important. It is also about managing the risks associated with an increasingly digital business environment. This environment is characterized by the need for continuous connectivity and data management (Frankiewicz & Chamorro-Premuzic, 2020).
The increasing number of attacks and breaches can have a dramatic impact on a business’s operations. They can also affect the ability to keep critical processes running. As a result, it is important for organizations to continuously improve their cyber security, align with their resilience and business continuity program.
Figure 1: Possible disruptions that disrupt business resiliency. Icon reference: Noun Project
An organization’s business success depends on the end-to-end resilience of your organization and the ability to ensure seamless support and therefore achieve the perfect customer experience. Having the right knowledge, skills, tools, and techniques can help organizations avoid negative customer experiences and enhanced business resiliency which may be attributed to a service failure (EY, 2020).
Despite the various advantages of digital transformation, the simple approach of protecting against cyber threats is no longer enough (Deloitte, 2022). Instead, it should combine physical disruptions that pose a risk to business resilience as well. The increasing number of breaches and attacks has prompted many organizations to rethink their approach to business resiliency. A more strategic and holistic approach is required to manage the risks associated with digital transformation and therefore the overall business continuity of the organization (EY, 2020).
Although different businesses have different requirements and goals, having the right tools and techniques can help you manage the risks associated with digital transformation. Having the proper tools can also help prevent unauthorized access to critical data
The complexity of today’s technology landscape is increasing due to the various hybrid and multi-cloud approaches that are being used by businesses. Due to the evolution of the industrial domain and the rise of the Industrial Internet of Things (IIoT), cybersecurity has become a major challenge for businesses. This is because attacks are becoming more sophisticated as the systems connected to these systems become more interconnected (Lohrmann, 2020).
The rapid emergence and evolution of digital businesses have created an environment where data and systems are becoming more interconnected. This has increased the surface area of an attack. As the digital world continues to evolve, it is important for businesses to continuously review their security measures to ensure that they are protecting their critical data and systems. This is especially important since it is becoming a vital part of their operations.
Achieving Resiliency in a Rapidly Digitalizing Environment
Having the necessary tools and resources to restore critical systems and applications quickly is very important for businesses. If a business is going to become more digitalise, it must have the necessary resources to protect its critical systems and applications (Sullivan, 2020). Having the proper resources and the necessary tools to manage and protect against cyber threats and actual threats is also important for businesses. These unmanaged risks have the potential to wreck a significant impact on companies’ bottom line. Businesses that rely heavily on digital tools and technologies as a consumer or as a service, will need to ensure a high level of availability, which means that factors like the Recovery Time Objective (RTO) and Recovery Point Objective (RPO) will need to be kept to very short in order to minimise the operation impact (US Department of Homeland Security, 2021). And to measure it, it must first be ascertained. Businesses need to determine the possible impacts that can be caused due to the failure of a certain service, business, or critical system. This can be determined by establishing a Business Impact Analysis (BIA).
Confidentiality of information is another important aspect that needs to be managed since businesses are custodians of personal information. This adds another element of susceptibility to organizational resilience as companies may suffer from fines and public scrutiny which leads to reputational damage and further erosion of market share and profitability.
The increasing complexity of today’s technology landscape has created an environment where information technology is becoming more critical to a company’s operations. It is now a vital part of every business’ operation regardless of its size or industry. Cyber security is not a silo function and plays a huge role in an organization’s business continuity that works hand in hand with other aspects such as emergency management to achieve total organizational resiliency (Storrar, 2021).
Assess your Business Activities and Supply Chain
Large organizations tend to focus more on various digital transformation initiatives instead of thinking of it as an ecosystem due to budgetary constraints or lack of leadership vision. As a result, projects are integrated in silos that stem from different partners, and these expose them to risks as having too many partners can prove to be an uphill task when it comes to monitoring their supply chain (Microsoft, 2021). The longer and more dependent of the chain, the less control you have and the higher the risk. As this means a longer response time required to recover critical business processes and more porosity for attacks to occur. These partners can also be in areas that may be adversely affected by political instability, and natural disasters and this inadvertently increases the chances of a loss in business continuity, and in severe cases, product/ service quality and damage to brand/ consumer confidence.
In February 2020, Accenture unveiled the third edition of its State of Cyber Resilience Report, which identified a group of cyber resilience leaders (Accenture Security, 2020). Despite the various steps that companies have taken to improve their security measures, the number of attacks targeting weak links in their supply chain has increased. The implementation of digitalization is often off-sync with the development of human capital, and this leads to higher push-backs and low adoption rates (Accenture Security, 2020).
Identify Organizational Risks and Formulate Mitigating Strategies
As famously quoted by Peter Drucker, “You cannot measure what you can’t define”, potential risks and business impacts need to be quantified, and mitigating strategies formulated so that necessary resources and training can be allocated to alleviate the impact of these crises should it occur. As different companies have varying business objectives and priorities, there is no “one-size-fits-all” solution that can serve as a panacea to all business continuity-related concerns.
Test the Efficacy
Review, exercise and testing is a major portion in determining the effectiveness of the mitigating plans, as well as the surfacing of any gaps that may be present in terms of the crisis response for upstream and downstream stakeholders, and whether the resources assigned are sufficient. Testing also enables operational staff to feedback on better ways to improve the entire resilience framework in the organization.
The demands of today’s customers and workers have changed as they expect real-time connected services. Due to the rise of COVID-19, more people are using digital tools to access their company’s data. Consumers are also using more digital services to accomplish their daily tasks (e.g. Shopping, paying bills).
While digitalization is important, resilience-building must go together. Business resilience goes beyond cybersecurity. Physical risks present from upstream and downstream of the organizational workflow may pose business continuity risks. While this is a complex exercise, it does not have to be a painful one. Despite the heightened awareness of cybersecurity from recent cases involving data leaks and phishing incidents, many businesses that have an established cybersecurity framework still fail to implement effective recovery strategies. This can result in revenue loss, regulatory penalties, and reputational damage.
Being able to identify and address the various aspects of digital resilience is a critical part of any organization’s strategy. One of the most important factors that influence digital transformation is the idea that it’s a holistic process. This concept doesn’t just involve addressing the various elements of digital transformation such as data and technology. It also involves addressing the various aspects of a company’s culture and approach to protecting its data.
Aside from addressing the various aspects of digital transformation, cyber resilience and business continuity is also fundamental and vital part of any organization’s strategy. It can be attributed to the increasing importance of protecting data due to the rise of cybercrime.
While companies may “open a can of worms” and possibly overwhelmed by it, an established management system enables management to have a comprehensive view of the activities essential to business continuity. Having a comprehensive cyber resilience strategy is also important for small and medium-sized businesses. Doing so will help minimize the impact of an incident and enable them to recover quickly.
Accenture Security. (2020). Third Annual State of Cyber Resilience Report. Retrieved from Accenture: https://www.accenture.com/_acnmedia/PDF-123/Accenture-3rd-Annual-State-of-Cyber-Resilience-Infographic-PDF.pdf
Cancialosi, C. (2020). Organizational Agility And Resilience- Two Critical Sides Of The Same Coin. Retrieved from Forbes: https://www.forbes.com/sites/chriscancialosi/2020/03/10/organizational-agility-and-resiliencetwo-critical-sides-of-the-same-coin/?sh=7b1375b9614a
Deloitte. (2022). Impact of COVID-19 on Cybersecurity. Retrieved from Deloitte: https://www2.deloitte.com/ch/en/pages/risk/articles/impact-covid-cybersecurity.html
EY. (2020). COVID-19 and pandemic planning: How companies should respond. Retrieved from EY: https://www.ey.com/en_gl/covid-19/covid-19-and-pandemic-planning–how-companies-should-respond
Frankiewicz, B., & Chamorro-Premuzic, C. (2020). Digital Transformation Is About Talent, Not Technology. Retrieved from Harvard Business Review: https://hbr.org/2020/05/digital-transformation-is-about-talent-not-technology
Gartner. (2021). The Future of Supply Chain: Resilient, Agile, Purpose-Driven. Retrieved from Gartner: https://www.gartner.com/smarterwithgartner/the-future-of-supply-chain-resilient-agile-purpose-driven
Harvard Business Review. (2021). Customer-Centricity Doesn’t Need a New Model. It Needs a New Mindset. Retrieved from https://hbr.org/sponsored/2021/04/customer-centricity-doesnt-need-a-new-model-it-needs-a-new-mindset
Lohrmann, D. (2020). 2020: The Year the COVID-19 Crisis Brought a Cyber Pandemic. Retrieved from Government Technology: https://www.govtech.com/blogs/lohrmann-on-cybersecurity/2020-the-year-the-covid-19-crisis-brought-a-cyber-pandemic.html
Macarayan, A. (2022). How secure are your IT systems in the age of 5G and IoT? Retrieved from Frontier Enterprise: https://www.frontier-enterprise.com/how-secure-is-your-cybersecurity-in-the-age-of-5g-and-iot/
Martin, N. (2021). The Power of Customer Experience: How to Use Customer-centricity to Drive Sales and Profitability. London: Kogan Page.
McKinsey & Company. (2020). How COVID-19 has pushed companies over the technology tipping point- and transformed business forever. Retrieved from McKinsey & Company: https://www.mckinsey.com/business-functions/strategy-and-corporate-finance/our-insights/how-covid-19-has-pushed-companies-over-the-technology-tipping-point-and-transformed-business-forever
McKinsey. (2021). Building a cloud-ready operating model for agility and resiliency. Retrieved from McKinsey Digital: https://www.mckinsey.com/business-functions/mckinsey-digital/our-insights/building-a-cloud-ready-operating-model-for-agility-and-resiliency
Microsoft. (2021). Digital transformation is no longer just a competitive edge, but critical for business resilience. Retrieved from Microsoft: https://news.microsoft.com/transform/digital-transformation-is-no-longer-just-a-competitive-edge-but-critical-for-business-resilience/
PWC. (2018). Experience is everything. How To Get it right. Retrieved from PWC: https://www.pwc.com/us/en/zz-test/assets/pwc-consumer-intelligence-series-customer-experience.pdf
Sony, M. (2019). Implementing sustainable operational excellence in organizations: an integrative viewpoint. Production & Manufacturing Research 7(1), 67-87.
Storrar, T. (2021). Closing the gap between cyber security and business continuity management. Retrieved from Continuity Central: https://www.continuitycentral.com/index.php/news/business-continuity-news/6544-closing-the-gap-between-cyber-security-and-business-continuity-management
Sullivan, E. (2020). What is business continuity and why is it important? Retrieved from TechTarget: https://www.techtarget.com/searchdisasterrecovery/definition/business-continuity
US Department of Homeland Security. (2021). IT Disaster Recovery Plan. Retrieved from Ready.Gov: https://www.ready.gov/it-disaster-recovery-plan
Written by: BCP Asia Consulting Team