Resilience professionals have been claiming for years that they should get more and better representation at top management level. If we think of resilience as organizational resilience, in line with the definitions coming from ISO standards, then we are referring to a set of existing disciplines, such as business continuity management, risk management, and information security, that work together for the good of the organization. While this collaborative effort is often welcome in principle, it is also quite different in practice. Because of the way different resilience functions have developed through the years, resources, budget, and visibility are uneven across different teams. There is also a governance issue, as different teams may have different objectives even though they are working together.
For instance, cyber and information security have grown increasingly popular in recent years, and they tend to receive quite a lot of attention. . Risk professionals also tend to enjoy visibility through a chief risk officer (CRO), while corporate security does so through a chief security officer (CSO). Occasionally, business continuity might fall on either of these two – CSO or CRO.
Regardless of this struggle for visibility, the main point is that even when there is some representation at the highest levels of the organization, it rarely occurs in a coordinated manner, with proper channels for information-sharing and collaboration. Therefore, now more than ever organizations should embrace the role of the Chief Resilience Officer (a broader type of CRO). This is a professional figure that is still new and does not have a clear shape or form, as different organizations hold a different view of resilience, according to the nature of their business and their levels of expertise. It is also important to stress that resilience should be a goal and not a discipline per se, which is built through a collaborative effort among different disciplines.
Even a brief search on the web or social media such as LinkedIn will reveal how the role of Chief Resilience Officers changes according to where they operate. For instance, there are several practitioners that undertook this position as part of the Rockefeller Foundation’s programme, which in 2013 began supporting the creation of these professional figures in 100 cities around the world. These Chief Resilience Officers focus on disaster risk reduction, operating within the public sector and having strong ties to urban planning. They often work closely with the units responsible for sustainability and the impact of global warming and excessive emissions.
Differently, those Chief Resilience Officers that work for private firms have a different take on their duties and priorities. Sometimes these can also appear as “Head of operational resilience” or “Head of organizational resilience” and they have a greater focus on risk management, business continuity, and corporate security. However, the focus of a Chief Resilience Officer depends on their background. It is often the case that someone is not simply hired for the role; differently, they usually are an “upgrade” of an already existing figure. For instance, a corporate security manager could become “Head of security and resilience”, or a risk manager “Head of risk and resilience”.
As stated previously, the naming varies across different roles, but many organizations are starting to have a strategic figure that takes care of resilience and talks directly to top management. This is not unformed and does not follow a precise standard, but it does exist.
Well, in light of the past three years, it would be shocking to see the opposite, and executives are realising that performance during a crisis matters just as much as during peace times, or perhaps even more. A study from the Boston Consulting Group of over 1,800 firms from 1995 to 2020 showed that the total shareholder return during crises amounted to 30% of the returns in the long term. In other words, just as lack of preparedness can be fatal during a crisis, excelling through it can immensely increase value.
Moving forward, it is hard to see exactly at what pace Chief Resilience Officers can become the norm, if they will at all. As in many developments in the resilience industry, different organizations, sectors, and markets will move at different speeds, depending on necessity, resources, and culture. But it might be a mistake not to take advantage of the power of the term “resilience”, which has now become rather mainstream and could help build the case for better preparedness. This would also follow the trend of emerging regulations, such as the Operational Resilience Policy issued by the United Kingdom Financial Conduct Authority or the Digital Operational Resilience Act from the European Union. The discipline of organizational resilience – or should we say the number of disciplines – will always be different and more technical compared to public imagery, but we might be doing ourselves a disservice by losing the momentum created by the buzzword.
Author: Gianluca Riglietti.
If you like this article, you might enjoy reading this one.