Top 10 things you need to know about resilience

Extreme weather, terrorism, war, organized crime and cyber-attacks are just some of the potentially catastrophic threats faced by governments, communities and businesses alike. These threats endanger the physical and economic ecosystems on which we rely. To allow society and the global economy to thrive, organizations must understand and manage the consequences of these events. This means building resilience: the capacity to respond to and absorb shocks and stresses, and recover as quickly as possible.

The threat vectors we face today are overlapping, thereby creating a cascade of consequences that can endanger the lives of citizens and employees, an organization’s assets and its ability add societal or commercial value. They are systemic and affect the very fabric of our organizations and communities.

Physical threats can emanate from criminal or terrorist activity, but also include natural phenomena such as floods, landslides, wildfires and earthquakes. Societal threats emerge from activities and circumstances that break down the bonds between community groups, such as gang-related crime and violent extremism.

The impact of cyber-attacks and virtual threats is now being witnessed all too frequently, ranging from data theft and invasion of privacy to denial of service and holding firms hostage through ransomware. Sustained attacks on brands and malevolent messaging though social media campaigns can reduce confidence in an organization and destroy its credibility and value.

When these vectors coincide, the impact can be catastrophic. However, sensible planning and preparation, coupled with adaptive response and recovery management, can help organizations bounce back quickly, with minimal loss and disruption.

Here are 10 things to consider to prepare to bounce back when—not if—things go wrong.

1| Resilience safeguards the realization of your strategy

The first rule of business is to stay in business. Resilience facilitates business strategy, informs decision-making and enables the realization of long-term vision.

2| Truly resilient organizations thrive in crisis situations

Resilient organizations stand tall in a crisis and leverage the learning opportunity to strengthen capabilities moving forward. They are flexible, robust and adaptable.

3| Everyone has a seat at the resilience table

Resilience planning is a leadership responsibility that cannot be delegated to support staff. While a select few need to be held accountable, everyone needs to own the organizational risk and participate in protection, detection, response and recovery efforts.

4| Resilience cannot be purchased, but it can be built

Resilience is the product of thoughtful analysis and careful planning that should be based on bespoke analysis of the threat vectors associated with the organization and the potential impact these threats have on its operational goals.

5| Resilience plans are living documents Resilience is a state of mind embedded in the

organizational culture. As conditions change, the resilience plan must evolve to meet new challenges. Organizations must avoid complacency.

6| Murphy was right: what can go wrong will go wrong

Nothing is failsafe. It is no longer a matter of if, but when, a threat will arise. In a time when the future seems more uncertain than ever, preparation has a power all of its own. Resilience is built through constant adaptation. Plan, train, rehearse, learn. Repeat.

7| Traditional risk forecasts are insufficient

Business leaders can no longer rely solely on historical analysis to predict future threats. Advanced data analytics are driving more accurate and comprehensive threat and vulnerability assessments. Dynamic threat analysis and predictive modelling facilitates proactive and adaptive planning and response.

8| The value of operations far exceeds the value of physical assets

Technology has significantly increased functional integration and the ways organizations generate value. Organizations must understand the cascading consequences that incidents present and the functional interdependencies between their internal and external stakeholders.

9| Resilience is a competitive advantage Clients and stakeholders cannot wait for you to recover.

Minimizing interruption to normal operations through effective resilience maintains client satisfaction and strengthens loyalty.

10| Collaboration and integration strengthen resilience

Organizations that develop a collaborative approach based on the integration of stakeholder needs are better able to align their priorities in times of crisis. Engaging a broader stakeholder base drives better insights and decision-making. Better decisions drive better results, delivering cumulative benefits that extend across the operational ecosystem.

About EYEY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com.

For more information about our organization, please visit ey.com/ca.

© 2016 Ernst & Young LLP. All Rights Reserved. A member firm of Ernst & Young Global Limited.

1904440 ED NoneThis publication contains information in summary form, current as of the date of publication, and is intended for general guidance only. It should not be regarded as comprehensive or a substitute for professional advice. Before taking any particular course of action, contact Ernst & Young or another professional advisor to discuss these matters in the context of your particular circumstances. We accept no responsibility for any loss or damage occasioned by your reliance on information contained in this publication.

ey.com/ca

EY | Assurance | Tax | Transactions | Advisory

ContactsGlenn Reierson Canadian Resilience and Security Leader 403 831 9030 glenn.reierson@ca.ey.com

Bill KesselsCanadian Risk Leader604 648-3830 bill.kessels@ca.ey.com

Barbara KieleyCanadian Government and Public Sector IT Advisory Leader613 598 4414barbara.l.kieley@ca.ey.com

Derek DobsonCanadian National Defence, Security and Resilience Leader613 598 4842derek.dobson@ca.ey.com

Abhay RamanCanadian Cyber Leader416 943 5308abhay.raman@ca.ey.com

Corporate Values

Executive Leadership

Middle M

anagement

Employees

Performance

Evaluation

Risk Appetite

Controls

Data quality

Security

Risk

Rep

ortin

g

Com

mun

icat

ions

Met

rics

and

KPIs

Less

ons

Lear

ned

Risk

s

Syste

ms

Data

Archite

cture

Data

Manag

emen

t

Stand

ards

VisionPrioritiesExpectationsObjectivesGoals

Code of Ethics

Culture

Behaviours

Attitudes

Current StateAssessmentFuture State

Roadmap

Training Knowled

ge

shari

ng

Quality

Assuran

ce

Roles a

nd

Respon

sibilit

ies

Delega

tions

of

Authori

ty

Board

of Gov

ernan

ce

Rehearsals

Processes

Procedures

Policies

Protecting people, assets and valueGovernments at all levels, community organizations, the private sector, professional organizations, educational institutions and citizens are responsible for contributing to the creation of a resilient society. Through collaboration and engagement, we can better identify, prepare for, plan, anticipate, respond and react to threats and difficult experiences. Together, we can recover, rebuild and learn from difficult experiences to strengthen our resolve for the next inevitable threat. Is your organization ready? EY Protects© offers a unique comprehensive resilience offering in the market. The first step is a diagnostic of the operating context. This assessment method provides a high-level understanding of an organization’s threat environment and its level of preparedness. Results will produce a picture of the current state, highlighting resilience gaps to be addressed and a roadmap that outlines activities and the associated timeline to reach the desired future state.Leveraging lessons learned from EY’s depth of global and cross-industry experience, EY Protects© provides advisory and multidisciplinary services to deliver a wide range of services to address client needs.