While the COVID-19 pandemic is far from over, enterprises are looking beyond the current crisis with the hope of pandemic-proofing their supply chains and operations to build resiliency. But that view is too limited to build true resiliency. The next global business disruption crisis might be a pandemic, but it might also be something entirely different or so novel it's never been considered. Today's resilient enterprises need to embrace a mindset shift to view risk through a much wider lens.
In daily life as an individual, you rely on others – from neighbors to police to lawyers and judges to armed forces – for protection against threats of all kinds. At the same time, you also bear responsibility: the more careless or inclined toward risk you are, the less secure you become.
In a recent interview for a technical blog, I mentioned that I heard keynote speaker former U.S. Attorney General John Ashcroft (at the 2016 Securities Industry and Financial Markets Association’s (SIFMA) Internal Auditors Society conference) reference that organizations should prepare to adopt what he called “anticipatory compliance.” This concept involves outsourcers being able to demonstrate that they are actively anticipating, studying and acting on perceived threats (cyber and otherwise) both internally and with their outsourced business partners.
Cyber-attacks have topped the list of biggest threats to business for the second year in a row, followed closely by data threats and an unexpected IT/telecoms outage – according to the fifth annual Horizon Scan Report published by the Business Continuity Institute (BCI) in association with BSI (British Standards Institution).