Stephen E. Flynn, Ph.D., Founding Director, Global Resilience Institute & Professor of Political Science, Northeastern University
2017 was another year for the record books when it came to costly natural disasters. According to the reinsurer Swiss Re, the total economic losses for last year’s hurricanes, earthquakes, and wildfires totaled $306 billion. This placed it third among the four most costliest years for insured losses—and all these record-setting years have happened since 2005.
We need to stop acting as though disasters are rare and unknowable events. More of us are living in urban regions that are vulnerable to effects of climate change. Rising sea-levels, extended heat waves and droughts, rain deluge and coastal storm surge portend a future marked by extreme weather events that are more frequent and destructive.
Compounding the effects of these disruptions is the hyper-connected nature of our world, as illustrated by the explosive growth of the Internet-of-Things (IoT) where there may be as many as 30 billion connected devices by 2020. While connections often bring benefits, they also create dependencies and interdependencies. That translates into a greater risk of cascading failures when disruptive events occur. What used to be local shocks are increasingly likely to have far-reaching and costly consequences.
Thriving in the face of disasters translates into companies building a culture of resilience and applying it
At the firm level, supply chains and customer bases have become more expansive and complex. Companies also depend on local and regional infrastructure systems for transport, energy, water, and telecommunications that are outside their direct control. These systems, in turn, have become increasingly stressed by the combined forces of age, increased demand, and under investment in maintenance and modernization. Additionally, critical infrastructures such as the electric power grid remain highly vulnerable to cyber-attacks. This translates into a heightened business continuity risk.
There is much we can and should be doing to mitigate the destruction that disasters reap.
Communities, companies, and countries need to focus on building resilience as a way to not just survive, but to thrive in the face of a future promising plenty of turbulence.
This reality should not be a source of angst and despair for it turns out that the discipline and dynamism that comes from embedding resilience across a business enterprise results in firms that perform better on blue-sky days. Additionally, there is a real pay-off when disasters strike. A corporation will be rewarded with greater market share when it is able to better withstand and recover more nimbly than their competitors from a disruptive event. Customers will gravitate to companies that are reliable—and will abandon those who are not.
Back in 2005, MIT’s Yossi Sheffi’s seminal book, the Resilient Enterprise, made a compelling business case for companies investing in resilience. He documented the benefits that companies accrue each day by taking enterprise-wide steps to lowering their vulnerability to disruptive events. Yet most firms still view risk management, physical security, cyber security, and business continuity as ancillary activities to be handled by their chief security officer and chief information security officer. Too often the C-Suite views these operations as cost centers to be contained instead of as indispensable capabilities to be leveraged.
Thriving in the face of disasters translates into companies, from the CEO on down, building a culture of resilience and applying it not just within corporate operations, but also to upstream suppliers they work with and the products and projects they deliver. The overarching objective should be not just assuring continuity of function, but to position the firm to capitalize on opportunities arising from disruptive events.
The stepping off point is to identify and work through scenarios that compromise the things that make a company tick internally and prosper externally. These scenarios should be informed by after-actions of real-world experiences. Additionally, since experience is not always the best guide, it is important to engage in “what-if” exercises. These involve mapping out what is critical to the firm and tasking teams to imagine what would happen if those things that are critical are disrupted. They then must devise contingencies for coping and think through how crisis may become an opportunity to bounce back better and stronger. The key is to involve “all hands” in contingency planning and exercises. Companies will see multiple benefits from the resulting focus on mission and the strengthened team work that arises from investing in these efforts.
Companies also need to make sure that they look outside their gates and map their dependencies on the local community and regional systems. It is futile to become an island of resilience in a sea of fragility. If the power is out, cell towers are not operating, transportation systems are knocked down, schools are closed, and employee homes are literally under water, a firm’s operations are going to be significantly impacted. It is important that corporations reach out to their local officials and emergency managers and gain visibility on where there are unfulfilled resilience needs and identify ways in which they might assist in filling them. Everyone wins when a community is able to recover quickly from a disaster.
At the end of the day, investing in resilience must be understood as both anact of prudence and as elemental to maintaining competitiveness in the 21st Century. To some extent, it is roughly analogous to the evolution that led companies to embrace Six Sigma strategies. Up through the early 1980s, quality control had been relegated to a separate quality department and was widely viewed as a cost center. Japanese manufacturers recognized that quality was key to both improving customer satisfaction and lowering costs. Importantly, improving quality required a commitment from the entire organization, especially from top-level management. So too with embedding resilience within business practices at the enterprise, community, and product/project levels.
The stakes for meeting the resilience imperative could not be higher. In order to continue to support open societies and open economies, citizens must believe that the risks associated with living in our turbulent times can be effectively managed. Public officials, industry leaders, and the academic community all must work together to develop the tools, applications, and solutions that advance resilience and ensure that they are widely adopted.