On June 10 the IDC Digital Leadership Community, comprising CIOs from across Europe, came together to discuss enterprise resiliency and what it means for technology leaders.
The “new normal” is a phrase that we’re hearing a lot about lately. The COVID-19 pandemic has changed things to such an extent that, as IDC’s Marc Dowd pointed out, there is now a variety of “new normals” within the business environment.
One of these is resiliency, a word that has taken on new relevance in the post-COVID world — even though it’s not always clearly defined.
A speaker asked a simple question. “What does resiliency mean?” One of the key elements is to reduce vulnerability to the actions of criminals involved in cybercrime. The speaker went on to talk about concerted cyberattacks on public amenities in Spain — the sort of attacks that will have a wide-ranging effect on the general public.
He said his organisation had put together a plan, based on its own set of security rules, but he could still not be a hundred percent confident that it would be enough to provide true resiliency.
The conversation moved to a recent trend of introducing extra resiliency into supply chains as a result of the pandemic. Companies have been used to operating a lean, just-in-time process, but to introduce additional resiliency they have been bringing in extra stock. This was also noticeable during the Brexit process as uncertainty around the availability of goods increased during the fractious political process. In 2021 the Suez Canal blockage also introduced unexpected delays.
However, as one participant noted, the technological trend is in the other direction. Closer integration with suppliers and customers, reducing lead times for raw materials and delivery times to customers, has been the focus in recent times. This, as he pointed out, is great from a “lean” perspective, but increases the fragility of ecosystems if not managed carefully.
So, the real question is: how can CIOs be better prepared to deal with the unexpected? It’s a thorny question and one that fits into a management concept known as VUCA (volatility, uncertainty, complexity and ambiguity). In other words, building a variety of scenarios so that it’s possible to evaluate all the options. The group discussed this as a method for explaining the need for resilient thinking in their own organisations.
A lot of the talk, naturally, was around the role of the CIO. There was agreement that the CIO should be a leader in all of these discussions, but according to one speaker, it should go further. He said there needed to be a wider debate on the matter. “It strikes me that building resiliency needs to become a multiteam sport engaging internal and external teams,” he said. There’s another issue too, one very relevant in this era. “In a world of cloud services, thinking of resiliency in an internal way is very limited,” he said.
There are plenty of challenges ahead — there always are when dealing with uncertainties — and CIOs will have their work cut out to handle the unexpected.
There are some signs of optimism, however. The introduction of GDPR has, according to the consensus in the group, improved openness. It may not have stopped cyberattacks but there is a sense that fewer things are hidden and more organisations are happy to talk about their experience with cybercrime. One speaker said being more open with customers is how we’re going to do things in the future, while another said that open standards across sectors can change the way we’re working by making us more collectively supportive and not just interdependent.
A final word from a CIO in the group was a plea for organisations not to forget the need for sensemaking — the use and understanding of qualitative data as well as quantitative data when modelling resiliency in organisations. Social interactions and collective experience are at least as important as data and connectivity in planning for and recovering from unexpected events.
There are always going to be “black swans” that challenge the resiliency of an infrastructure, but if CIOs can fight for budget, lay down some ground rules and work with business colleagues and partners, some of the worst effects can be avoided.