Plagued by cyber-attacks and skills shortages whilst dealing with the fallouts of political turmoil, many businesses have underestimated threats from a resilience perspective – as well as over estimating their own recovery capability.
As Oscar Wilde famously said, ‘experience is simply the name we give our mistakes.’ So how can business ensure that errors of the past, this invaluable ‘experience’ gained, render something positive? Going forward, they will need to guarantee that all lessons learned trigger the necessary risk management and operational changes. Truly resilient organisations will be those able to withstand and thrive in these adverse conditions.
In a time when predicting what’s around the corner is nigh on impossible, what should organisations’ considerations be? How can they create a more resilient enterprise? Here I examine some key learnings, and look at how to navigate three big hurdles that lie ahead:
Brexit will continue to cause turbulence in 2018, impacting factors such as recruitment, financial market stability and trading. However, while Brexit will not come without it’s challenges, herein lies an opportunity.
This year represents a chance for firms to review and boost their recovery capabilities to have the best shot at navigating the risky waters ahead. Full resilience across their people, processes and technologies, and the capability to not only maintain ‘business as usual’ in the face of turbulence, but thrive, should be the ultimate goal.
Business should regularly review and test systems to ensure they have the agility to deliver on emerging market demands and Brexit-related volatility. Whether running production or recovery environments, resilience across all aspects of the business as Brexit unfolds is vital. This identifies vulnerabilities; enabling strategies for optimum resilience to be put in place, to manage risk positively should the worst happen.
2. Cybersecurity and data protection
With ransomware attacks growing at a yearly rate of 350 per cent, and more apps moving to the cloud than ever, it’s imperative that security and recovery moves further up the agenda this year. However, our research reveals that a seemingly inadequate 10% of IT budget is currently being spent on security provisions. Cyber threats continue to evolve, and defenses will need to be a central component of any digital and business strategy.
We know that security spending is in the Top 5 of CIOs priorities,  but as 2018 develops, what they need to do is weigh up how much risk they are prepared to take versus the spend that will be required. Certainly, businesses will need to be equipped to tackle threats from a security defense point of view. But if the worst happens, what next? To minimise damage to finances, stakeholder and staff relationships, and global reputation, businesses will also need to be fully prepared from a recovery and crisis communications point of view to temper the aftermath.
We often see businesses scale up their recovery requirements at time of testing. This suggests either that plans were inadequate, their environment has changed or what a successful recovery looked like was not what the board expected. Businesses should be specific about what outcome they are trying to achieve. Is it tick-over mode whilst the business pulls itself together or is it resilience, so you carry on strong following an attack?
As the May deadline fast approaches, GDPR will also be a driver for improvement to data security. It will require businesses to hire data protection officers, and have a solid crisis management team in place to take care of customer relationship management. Laying the groundwork now by mapping your company data, and ensuring full visibility of what information is stored where at all times, is vital.
3. The skills crisis
The skills shortage is growing in IT for many reasons; Brexit, the departure of older generations from IT workforce, and rapidly changing technologies have all played their part in widening the skills gap.
We expect that cybersecurity skills will continue to be highly sought after this year. Security tools are crucial, but more often than not it is staff themselves who constitute a weak security link for organisations. Meanwhile, as companies scale out on SaaS, PaaS and IaaS, core infrastructure management roles will diminish in numbers. Businesses will need to focus on addressing the lack of staff given up-to-date training onto managing, monitoring, updating and maintaining the security aspect of modern IT infrastructure.
As their adoption becomes more commonplace, new technologies such as AI, machine learning and coding will mean skills in those areas are increasingly in demand; training in such areas needs to rise up the education agenda for young people. We expect that more generally the most valuable skills to benefit students’ career prospects will be problem solving, innovation & strategy development, design & technology (D&T) and financial management.
While training up the younger generations is important, businesses will also need to ensure they have the right skills and knowledge at boardroom level; rather than those who possess legacy skills alone and a lack comprehensive digital awareness.
With natural disasters, terrorist attacks, the fallouts of Brexit and GDPR no longer possibilities but inevitabilities, businesses must be equipped for the ever-growing range of threats on the horizon. Making the necessary preparations and investments to manage the risk scenarios that could hinder their strategic business and IT programmes will put them leaps and bounds ahead of the competition.
 Cisco, 2017 annual cybersecurity report
 Gartner, 2018 CIO Agenda