Continuity and Resilience: Lessons from 2023 into 2024
Geopolitical and other uncertainties are escalating third-party risks for all sectors. More robust and integrated stress and scenario testing become essential.
Friday, February 2, 2024
By Steve Richardson
Continuity and resilience practitioners were faced with numerous challenges throughout 2023 due to the ever-evolving threat landscape. The World Economic Forum cited the cost-of-living crisis, geoeconomic confrontation and natural disasters, and extreme weather events as the top three short-term risks that organizations faced that year – but those were just the tip of the iceberg.
As global disruptions are likely to increase in scale and scope in 2024, organizations need to strengthen their risk management programs and resilience posture to remain operational, no matter what.
2023 saw a major shift in the geopolitical landscape, with the ongoing war in Ukraine and newly sparked conflict in the Middle East. Increased political tensions – coupled with a wave of banking failures earlier in the year – left no industry unscathed.
Organizations are now expected to rise to the occasion and bolster their risk, continuity, resilience, and regulatory compliance efforts or face potential disruptions that could severely damage the financial and reputational well-being of their business.
Geopolitical Tensions Lead to Supply-Chain Disruptions
Organizations must understand how the risk landscape has changed to better prepare for 2024 – and this starts with reflecting on lessons learned from 2023.
Fusion’s Steve Richardson: Protecting against financial and reputational damage.
The war in Ukraine and heightened tensions with Russia have led to supply-chain disruptions that have forced Western organizations to deploy contingency planning to ensure full operationality and continued delivery of critical products and services. Scarcities of critical raw materials have grown, owing to the Ukraine conflict. Ukraine’s top exports of agricultural products (46%) and manufactured goods (42%) have been impacted due to ongoing conflict, leaving organizations in the dark about how to make up for the shortages.
Supply-chain disruptions have forced organizations to consider alternative shipping routes and sources for their suppliers, sometimes moving four or five tiers down the chain to avoid disruption. The importance of rigorous supplier and vendor management had renewed focus in 2023. Some organizations have had to consider moving operations out of certain geographic regions to mitigate the impact of geopolitical events.
We expect that these ripple effects will continue across supply chains in 2024. Organizations must prepare for this to ensure continuity of core business services as well as the safety and security of their personnel, regardless of location. Additional warning signs of tension in Southeast Asia have potential to cause disruption in 2024 – especially in the large trade/manufacturing centers that much of the world relies on.
More Rigorous Stress Testing Will Be Key
Multi-tier business continuity and disaster recovery planning should be the cornerstone of every organization in 2024. Organizations must get a head start to strengthen their resilience posture before disaster strikes. This should include supplier diversification, and spreading manufacturing production capacity and operations to avoid concentration risk.
The failures and subsequent fallout of Silicon Valley Bank and Signature Bank in early 2023 resulted, as expected, in a more scrutinized global regulatory landscape for financial services firms. But less-regulated organizations should take heed too. Failure to recognize and manage risks could result in disruptions or disasters that could undermine the foundations of the business.
Stress testing will increase in importance for organizations across verticals as boards and customers prioritize resilient operations. Stress testing visualizes pain points that can cripple an organization when disruptions occur.
Over the coming year, we will see more non-regulated industries undertake vigorous stress testing to better understand operational weak points and deploy adequate resources to strengthen their resilience posture.
Cyber Threats Continue to Evolve
In 2024, we can expect to see direct cyberattacks on organizations, cyber threats on widely used third-party suppliers to access critical customer data, and an uptick in new cybersecurity regulations.
Cyberattacks over the past year, including the ICBC ransomware attack and the MOVEit attacks, have demonstrated the cascading effect that these incidents can have across an organization’s supplier ecosystem – and how quickly financial and reputational damage can follow.
Organizations will have to bolster scenario testing efforts to account for increased and ever-evolving cyber threats. Assume that any event that can cause disruption will cause disruption – no matter how unthinkable this previously was.
Scenario testing will be a crucial aspect of organizational strategies, not only to ensure that dynamic and agile business continuity plans are in place in the case of disruption, but also to display to regulators and customers that the organization has its ducks in a row and can ensure the continued delivery of critical products and services regardless of potential disruptions.
Increased Focus on Vendor Relationships
Vendors have become increasingly important to the delivery of core products and services, and we expect that this trend will continue in 2024. With so many critical operations tied to vendors, organizations must increase their focus on third-party risk management to ensure effective business continuity planning.
Organizations must examine their vendor relationships with a fine-toothed comb from start to finish. They need to put a special focus on the onboarding process in particular, to fully recognize what risks they are assuming. They also must have a better understanding of “unknown risks” by fully understanding how vendors are governing their own risks.
More robust and integrated stress and scenario testing is imperative to understanding and managing third-party risks within an organization. Organizations must know how business units respond to potential disruptions with a critical vendor. In 2024, it will be important to have a 360-degree view of their vendor ecosystem to maintain a strong resilience posture and to show regulators and customers that they can deliver core products and services during times of uncertainty.
Dynamic and Agile Response to Disruption
The new year opened on a complicated risk landscape. We must look to fortify our organizations against all potential disruptions.
True business continuity and operational resilience requires a full organizational effort that looks to shift the culture from being reactive, to one of proactive risk management and continuity for all employees. We must all act as risk managers and should look to organizational leadership to lead the charge to create dynamic and agile frameworks that help practitioners address the increasingly complex risk environment.
Steve Richardson is chief resilience innovation officer of Fusion Risk Management. He was promoted into this newly created position in 2024 after having most recently served as senior vice president of strategic engagement.