Skip to main content

Toward True Organisational Resilience

Deloitte's Global Resilience Report

October 2022

Introduction

 

The survey findings indicate that most organisations need to broaden out from their predominant focus on operational resilience, and build resilience more equitably across other 'capitals' (Financial, Reputation, People and Environmental) to build true organisational resilience. This entails broadening practices and capabilities related to resilience while retaining and enhancing those that currently serve the organisation and its stakeholders well. The survey findings also point to steps leaders can take to transform their approaches to resilience.

Organisations across sectors and geographies now operate in an environment of constant change and unpredictable risks. The breadth and potential severity of that change and those risks are new.

Therefore, traditional approaches to resilience—thinking of it as “bouncing back,” mistaking it for crisis management, or delegating it to siloed functions—need to be expanded as quickly as possible.

Yet the fundamental goal of resilience remains the same—to enable the organisation to serve the needs and meet the expectations of its stakeholders regardless of condition. This stands among the primary responsibilities of senior executives and the board. Given the risks that organisations now face, an approach that generates end-to-end organisational resilience has become essential.

In this report we convey the views that our survey respondents provided on the status and future direction of resilience, together with our point of view on the results and on the need for true organisational resilience, expanding from just operational resilience.

We also offer our definition of resilience: 

Organisational resilience is the capability of an organisation to be prepared for disruption and to adapt and thrive in a changing environment. It isn't purely defensive in orientation. It is also progressive, building the capacity for agility, adaptation, learning, and regeneration to ensure that organisations are able to deal with more complex and severe events and be fit for the future.

Adapted from definitions included in BS 65000:2022 Organisational Resilience. Code of Practice, 31 August 2022 and Resilience Reimagined: A practical guide for organisations, 2021 Deloitte LLP and Cranfield University.

This differs from thinking of resilience as positioning the organisation to recover from risks and resume its former shape. It encompasses capabilities needed to identify, anticipate, and respond to the opportunities for growth that disruption always presents. It aims to develop an organisation that can evolve rapidly and adapt repeatedly to new conditions.

Our view encompasses capabilities within and apart from risk functions. Therefore, we surveyed not only leaders of risk functions but also those leading non-risk functions; where useful, we present the data for each set of respondents.

The survey findings chart a path toward organisational resilience developed and maintained through more integrated approaches to achieve this strategic objective. These approaches recognise the role and value of resilience in each function and along every dimension (see opposite, 'The five capitals of organisational resilience'). These approaches also engage every function, consider geopolitical risks, work effectively with regulators, leverage digital capabilities, and position the organisation to thrive not only despite business conditions but because of them.

The five capitals of organisational resilience

 

Organisational resilience encompasses resilience along five capitals—human, social, built, financial, and natural—that comprise the ecosystem in which organisations operate.*

 

The five capitals of organisational resilience are:

People resilience relates to the way in which organisations support their own people. It is also about fostering creativity and engineering growth by instilling personal resilience and instituting the right cultural norms, conduct, and behaviours.

Reputational resilience is about being responsive to external perceptions, scrutinising self-limiting behaviours, building brand capital and reserves, and maintaining a foundation of trust and dependability.

Operational resilience refers to the way an organisation uses its non-financial resources to withstand, absorb, recover from, adapt to, or regenerate from the impacts caused by shocks and stresses affecting its products and services, data, technology, cyber security, facilities, and supply and demand.

Financial resilience describes the ability of an organisation to withstand events that impact its liquidity, income, or assets. These events may include routine or severe but plausible shocks and stresses.

Environmental resilience refers to the way in which an organisation works to achieve homeostasis with the natural world, making strategic choices that are both good for the environment and sustainable for the organisation.

A deficiency in any single one of the five capitals can put the organisation in jeopardy and even bring it down. Organisational resilience therefore consists of robust capabilities in each of these five domains. While the emphasis on a given capital will differ across industries and companies, superior capabilities in one domain will not make up for deficiencies in another. Therefore, each organisation needs an individualised way of addressing and balancing investments in each domain.

*Resilience Reimagined: A practical guide for organisations, 2021 Deloitte LLP and Cranfield University.

Executive Summary

 

Until recently, organisations around the world could rely on certain domestic and global institutions and conditions to remain stable over traditional investment and planning horizons. That no longer holds true.

The following are the key findings of our 2022 Global Resilience Survey:

In most organisations, resilience capabilities remain siloed in ways that potentially hamper organisational resilience. Yet the prevailing business environment and the interrelatedness of risks demand robust resilience at the organisational level. That points to the need for a more holistic approach which expands beyond operational or financial resilience. However, well over half of respondents indicate that resilience sits within the risk function (or a specific risk function, such as operational risk). While risk functions play an irreplaceable role in resilience, the need to address a broader range of threats to the value and viability of the organisation calls for a new approach. In addition, organisations remain heavily focused on operational resilience at a time when they need to expand resilience capabilities.

When resilience sits in the risk function and specialised risk or crisis management functions, it may fail to focus broadly enough. It may also receive insufficient senior leadership attention. This can be remedied by elevating resilience to a strategic, enterprise-wide issue to be continually addressed by senior executives and the board. Placing organisational resilience on senior executive and board agendas fosters the attention—and funding—that it now warrants. In addition, a strong majority of organisations favour having a chief resilience officer, which could accomplish this goal.

Until recently, organisations around the world could rely on certain domestic and global institutions and conditions to remain stable over traditional investment and planning horizons. That no longer holds true, even as those horizons have shortened. This instability resembles tectonic shifts which at best generate deep uncertainty and at worst destroy large and complex structures. While no single private, or even public, entity can address these threats, each organisation must plan for them. This means that organisational leaders should acknowledge that geopolitical forces such as income inequality, political opportunism, nationalism, and degradation of institutions threaten economic and cultural structures that have long been taken for granted, and that those realities should be factored into strategies, plans, and capabilities related to resilience. Geopolitical threats also support the decision to elevate resilience as a strategic priority.

Regulators have proven that they can play an essential role in resilience, particularly during crises that impact financial and economic systems, industry segments, or the public. Executives recognise and respect that role. Moreover, they welcome regulators playing an even greater role in resilience going forward and can be expected to do so across a broader range of industries. Yet certain caveats regarding over-reliance on regulators are in order. For example, regulators tend to look backward and aim to avoid or mitigate crises that resemble the last one. Organisations need to be more forward-looking and proactive, while continually engaging with regulators.

ESG encompasses many issues, each of which can differ significantly for a given organisation. Regarding environmental resilience, organisations must both defend and enhance value in the face of environmental changes. From the social perspective, they must understand and monitor their reputations, stakeholders’ expectations, and the impact of social change on their business. In terms of governance, organisations often need more robust board practices, governance mechanisms, and education of the board and its committees to achieve organisational resilience. The broad nature of ESG may partly explain why less than one-fifth of organisations cite the ESG function as having an active role in resilience. That said, they understand the role of social responsibility in their organisation and plan to hire talent in this area.

Trust in an organisation, as reflected in its reputation in general and among specific stakeholder groups, stands among its most valuable forms of capital. Reputation impacts brand equity, customer loyalty, investor sentiment, and value. If reputational capital is not proactively managed, it can be rapidly destroyed. So, executives need to consider the reputational impact of potential risks and build corresponding capabilities. Relative to operational, financial, and cyber resilience, organisations lag in this area. Although reputational risks usually stem from operational, financial, cyber, geopolitical, and ESG risks, reputation itself must be proactively managed, with appropriate investments in monitoring and communication capabilities. Those specific capabilities enable measurement of stakeholders’ current perceptions and, critically, the constantly shifting expectations stakeholders place on organisations.

In addition to siloed functions and structural and leadership issues, organisations seeking greater resilience face a shortage of talent as well as competing investment demands. When properly selected and deployed, digital technologies can enable enterprise-wide capabilities that support organisational resilience despite talent shortages and cost pressures. Digital technologies have a proven record of cost-effectively performing activities such as risk monitoring, data analytics, and risk reporting, thus freeing up talent and funding for tasks requiring human intelligence and intervention. Digital tools can also bridge silos and enhance communications and visibility into processes. Organisational resilience is further supported by advances in scenario modelling, situational awareness, and digital twins. (The latter being virtual representations, entities or processes used to gauge the impact of risks on those entities or processes.)

The three most cited barriers to achieving greater resilience were scarcity of talent (59 percent), closely followed by competing strategic priorities and lack of organisational understanding of resilience (tied at 57 percent). Lack of funding came next at 44 percent. While lack of talent involves the challenges of hiring and retaining people in a highly competitive marketplace, it can be mitigated through rotational and cross-training programmes, alternative talent models (such as co-sourcing and managed services), and, as noted, digital technologies. Strategic priorities and lack of organisational understanding of resilience can be addressed through senior leadership initiatives and increased funding of resilience plans, programmes, and capabilities.

Connect with us

 

To discuss the Resilience Report findings and learn more about how we can help, please connect with us.

Contact us

Did you find this useful?

Thanks for your feedback

If you would like to help improve Deloitte.com further, please complete a 3-minute survey