• Steve Schlarman

Operational Resiliency: Where do you start?


If 2020 didn’t heighten organizations’ awareness of the importance of resiliency, I am not sure what would. The disruptions experienced in 2020 highlight the need for resiliency to be baked into business operations. Technology has clearly demonstrated its value in keeping organizations resilient in the face of change and ahead of the competition. Nearly 75% of respondents in RSA’s Digital Risk Survey expect their digital initiatives to accelerate due to the disruptions and shifts we saw this year. Unsurprisingly, 75% of respondents in that same survey stated their organization’s risk profile will expand over the next two years. Invariably, the conversation at the top of your organization to innovate, optimize or expand your business quickly shifts to discussing risk. And resiliency is right in the heart of that discussion.


For Chief Risk Officers or Chief Information Security Officers, resiliency is no stranger. Resiliency is a big part of managing risk. 2020 spurred the full spectrum of risks that are on the radar of the CRO office ranging from massive market shifts to supply chain interruptions to disruptions in business operations. We also know full well how IT and security events can lead to disruption. If the teams that focus on continuity, recovery and crises are not plugged into your security and risk management strategies, it is time to cross the bridge.


Resiliency efforts must follow the changing landscape of your operational risks, prioritizing efforts on the right parts of your business. Continuity and recovery processes also must be aligned with your IT and security risk strategy. Leveraging information across IT and security and continuity/recovery plans to prioritize activities can cut to the chase when it comes to knowing what systems are important to the business. For the teams that focus on resiliency, plugging into what the risk and security groups are doing can make resiliency efforts better – and cheaper. Plus, sharing data can create insight into the bigger picture of IT and operational risk.


Archer customers are no exception. They understand how these functions flow into each other. 70% of our customers who own enterprise and operational risk management use cases also own our business resiliency solution. In addition, the combination of IT and security risk management use cases and business continuity and disaster recovery use cases are evident. An IT and Security Risk Management customer is 2.4 times more likely to own resiliency use cases.


The synergy between operational risk, IT risk and resiliency programs is self-evident. IT and security events can lead to many different types of disruptions and crises. CISOs are often times also responsible for continuity or disaster recovery. In addition, the intersection of resiliency efforts and risk processes can assist the multiple teams to understand business impacts, criticality of business operations and control effectiveness. If you are looking for a place to start on improving operational resiliency, start at the crossroads of your risk, security and continuity/recovery programs.


Building operational resiliency has become a priority for organizations across industries in recent months. Read our short briefing on five key principles for building an operational resiliency program designed to help your organization maintain critical processes and minimize any negative financial impact from crisis events.