Organisations are built upon complex and diverse networks of interconnected players; no business is an Island. However, the technology that has enabled these players to work together can also make them vulnerable. On one hand the globalisation of information systems has provided the means for organisational growth and economic prosperity through the easy access of highly available information. On the other it has facilitated the democratisation of the cyber threat by making the skills and knowledge to exploit information systems widely available. Likewise, disruption, of any type, at one end of the chain can reverberate throughout the entire network. For example, the so-called ‘NotPetya’ attack originated from a single implementation targeted at Ukraine, but ultimately spread well beyond its borders along supply chains to affect numerous companies globally, causing hundreds of millions of dollars of damages.
But organisations do not have a monopoly on these communication structures and social media has enabled highly public two-way conversations between those at the root of the disruption and those impacted by it, providing a platform for the latter to voice their grievances. Unfortunately for organisations, this can have potentially devastating consequences for their relationships with stakeholders and the reputations on which they are built. Competition is fierce, and these stakeholders can, and will, take action to cut businesses out of their global supply chain if they are considered a risk.
Mitigating supply chain risk
Business Continuity teaches us to minimise our supply chain risk by having multiple suppliers for key products and services. It has also become common practice to try to further reduce risk by arms-length contracting and “incentivising” supplier performance with hefty fines for non-delivery. These are both excellent strategies if all you want to do is “survive” a disruption. However, the modern consumer, who has access to the global marketplace, is no longer satisfied to wait for an organisation to execute a heroic recovery and will vote with their feet at the first sign of trouble.
Organisations therefore need to be able to “thrive” despite uncertainty and disruption. To do this, they need friends.
Best practice for networked operations
There are three key ingredients to being able to thrive. First, businesses need to be adaptive, knowing when to change and optimising operations according to the outside environment. Leadership is also crucial – with leaders instilling in people the will to succeed during challenging times. The third and final area - one which is frequently neglected by organisations - is their network. Forging and maintaining effective relationships with stakeholders, customers and suppliers is a key component not simply to being able to maintain successful operations, but also to maintaining a competitive advantage and achieving profit and growth. This is where an IT can really help. We saw earlier that globalised IT systems facilitated growth and how it has been used against us to create a vulnerability. But if organisations have resilient IT both internally and with their partners, they can also use it to ensure that relationships do not crack under pressure.
Using IT resilience to promote trust agility and collaboration
How can organisations move from arms-length adversarial relationships to one where they are mutually supportive without placing themselves at undue risk? The first thing to do will be assess the value of each relationship. For example, if value is measured simply by the commercial contribution that each person makes, the relationship will only be safe when hard value is being provided.
In contrast, closely coupled networks - where parties help each other out when things go wrong - will be more resilient. Highly collaborative relationships where knowledge and insights are shared mean that people will think twice about dropping you like a stone when things go wrong.
Here are five ways organisations can use IT resilience to create collaborative relationships and boost resilience:
Aim for flexible business relationships - Flexible relationships facilitated by regular information exchanges are mutually beneficial and supportive rather than adversarial. The marker of a resilient organisation is one that is not totally averse to taking risks, and look instead at how the risks of the entire value chain can be best shared among its players
Build strong communications – Shared resilient IT will provide multiple channels through which you can have a constant dialogue with your suppliers, vendors and customers. It will also allow you to talk to them at the earliest stage possible when something goes wrong demonstrating foresight, agility and integrity which will help businesses to avoid grievances being shared on social media
Show commitment to the relationship – Work together to build resilient connections. Businesses that have a vested interest in working on joint future products and services signal to the rest of the network that they are investing for the future rather than just in it for the profit
Ensure that relationships are a strategic issue – IT resilience is often seen as a cost or an insurance for when something goes wrong. However, relationships can be existential. Therefore, if you want the attention of the board make corporate resilience your driver for IT resilience
Practice as a team – When multiple organisations respond together, things get complex. A football team wouldn’t enter into a tournament where the first time the players meet is on the pitch. Organisations should therefore use their IT infrastructure connection to wargame their responses to different scenarios and learn how each other responds before it has to be done for real
Weathering the storm
A simple software glitch somewhere in your supply chain is all it takes for you to experience disruption. While most organisations will invest time and money drawing up contingency plans to get the business back on its feet in as short a time as possible, attention must also be paid to the impact a disruption can have on the networks in which they are embedded. A robust and agile IT infrastructure can not only be used for transactional purposes between customer and supplier but can also be used to ensure that key relationships with other components of the supply chain are nurtured. A truly resilient organisation will invest in building strong relationships “while the sun shines” so they can draw on goodwill when it rains.
About Dr Sandra Bell
Dr Sandra ‘Sandy’ Bell is a risk and security professional with over 25 years’ experience of the design and management of business-friendly risk, continuity and security solutions for customers across Europe. Instrumental in the development of resilience standards in use today, other notable achievements include advising UK governments on National Security Strategy and successfully delivering comprehensive security solutions for three high-risk Olympic venues hosting Heads of State.