Optimising for organisational resilience can require a massive shift, with changes across people, processes and technology. This is according to Leif Kremkow, solution sales executive for security and risk at ServiceNow, who was addressing a webinar on organisational resilience last week.
Kremkow noted that organisational resilience had become a top priority during the pandemic, and that organisations now needed to build and optimise organisational resilience to ensure they could adapt to a changing landscape, and deal with competitive pressures, expanding regulations, privacy risks and data loss, cyber attacks, supply chain disruption, economic volatility, political unrest and climate change impacts.
He said that for most organisations, designing the future state of risk and security operations to ensure organisational resilience would entail transformation journeys that would happen over years.
In order to build organisational resilience, he said: “Organisations need to create the right culture, choose an adaptable and agile technology, and implement thoughtful processes.”
“It starts with culture: creating a risk- and security-aware culture with a common language and common values where every employee shares responsibility for managing risk and resilience,” he said. “It’s not enough for an employee to say they have complied, they need to feel part of something and have a common understanding of the risks shared across the organisation.”
He said it was important to have executive sponsorship and a C-suite that valued feedback. Something as simple as employees feeling empowered to raise an alert about a health and safety violation, and see it acted on, supported a risk-aware culture and broader resilience, he said.
“Include vendors in your strategy, or the potential for breaches, disruption and brand damage lurk right below the surface. Your vendor ecosystem is part of your brand and needs to be included in the organisational resilience strategy,” Kremkow said.
On the technology stack supporting organisational resilience, Kremkow said: “Don’t confuse a solution with an outcome. The outcome you want is organisational resilience, but some infrastructure layers and solutions are better suited to support this than others.”
He outlined how ServiceNow seamlessly connects IT, security and risk on one platform, federating information along the entire value chain of the organisation, and overlaying this with an integrated risk management layer and security layer, with automated workflows. ServiceNow outcomes included a 50% reduction in triage time, 60% faster vulnerability prioritisation, a 40% reduction in failed audit penalty payments and a 39% reduction in the cost of responding to app issues.
Noting that optimised risk management and resilience must involve all employees across all departments, he said: “You need to ensure that your technology supports all your users, creating a singular focus on the employee experience with familiar interfaces, simplified reporting and data sharing and an exceptional consumerised experience.”
Organisations also needed to implement thoughtful processes, he said.
“For organisations on the journey to optimised organisational resilience, the next steps should be to hire the right talent, reimagine or consumerise user experiences, create cross-functional workflow automation and automate issue management. Organisations should also optimise and secure their cloud environments, use scenario planning and operational resilience to prepare for the unexpected, and use data analytics and AI to make better decisions,” he said.
Share