Case Studies

From risk to resilience

by Mark Rowe

Traditional enterprise risk management models based on analysis of historical trends are no longer valid in isolation, and agile adaptation to changes in a new enterprise resilient management model is now required for organizational survival and success. This has been accelerated by the covid-19 pandemic, which has shown that there are systemic risks which do not lend themselves to quantitative risk analysis.

That is the conclusion of a white paper, entitled Transitioning from Risk to Resilience, edited and published by Resilience First, with contributions from the consultancy McKinsey & Company and report sponsors, the software firm Fusion Risk Management.

In a world where the threats are endless but the resources to prevent them are not, the most resilient organisations will thrive during uncertain times and gain a competitive advantage, as we have seen during the pandemic. The response must be a shift to a more dynamic, virtuous cycle of enterprise resilience management rather than the usual enterprise risk management, the report says.

Lord Toby Harris, Chairman, National Preparedness Commission, and Member of Advisory Board of Resilience First, said: “When one uses quantitative measures like probability based on past trends to represent a volatile and unpredictable world then it is perhaps unsurprising that calculations go awry. Covid-19 has shown that there are systemic risks that do not readily lend themselves to quantitative risk analysis.”

“This white paper tries to look afresh at what is needed in a revised risk management framework. It starts with the premise that consequences or impacts are more important than causes or probabilities. If one accepts this assertion, it is possible to recommend a framework that has more qualitative components which focus on the softer skills.”

“Soft skills embrace notions of leadership, culture, trust, adaptiveness and agility. Imbued with these qualities, risk management becomes more a managerial facilitator rather than an engineering tool. In fact, it becomes a facilitator for resilience management over and above risk management.”

Robert Hall, Executive Director, Resilience First, pictured, said: “No crystal ball could have foretold the immense impact events such as the election of President Trump, the referendum on Brexit and Covid-19 have had on the local, national and global scenes. They have shown the complexity and interconnectedness of our world. We can expect more unprecedented challenges – climate change being perhaps the greatest – and without 20/20 vision then the best we can do is plan for the worst and hope for the best.”

“Risk and resilience are opposite sides of the same coin. Risk is an interpretation of a vulnerability to, and the likelihood of, a specific danger that focuses on preservation and restoration – to avoid, retain, transfer, or mitigate the risk that may follow. Resilience, on the other hand, is more a behavioural and structural response to, or consequence of, a changed set of circumstances that assumes recovery of the status quo ante will not be possible – adaptation to the change follows.”

“The traditional approach to risk management has been shown wanting in the face of the challenges: we have been caught short in preparing for those challenges. The linear approach no longer meets the demands of systemic or significant dangers which can be both volatile and ambiguous. This white paper proposes a shift to a more dynamic, virtuous cycle of enterprise resilience management rather than the usual enterprise risk management.”

And Bob Sibik, Co-Founder and Senior Vice President, Fusion Risk Management, said: “Over the past four decades we have witnessed the evolution and convergence of risk management, crisis and event management, incident response, disaster recovery and business continuity. Finally, we have experienced the first global event that has affected organizations in a multitude of ways, disrupting supply chains, displacing workers from the workplace, disabling the workforce and straining access to information systems.

“The pandemic has exposed many of the problems with current risk management practices. It has also accelerated the need to transform our risk management practices that enable decisions on enterprise resilience, outage tolerances, risk appetites and the appropriate levels of investment in prevention and preparedness.”

“There will be competitive advantage for those organizations that are resilient. In a world where the threats are endless but the resources to prevent them are not, the most resilient organizations will thrive during uncertain times, as we have seen during the Covid-19 pandemic.”

More reading

The 40-page report is available to Resilience First members. Visit

Related News


Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing