What caught so many off guard in this crisis was not only how ill-prepared we were for the pandemic, but how fragile corporate balance sheets, supply chains and operational capacity were. Perhaps the biggest oddity is that it was all in plain sight and built by design.
Sometime in the near future, as we descend from the peak of the outbreak, we will approach a fork in the road where political and business leaders will grapple with the pace at which to re-open the economy as they balance the risk of a resurgence in the outbreak with the cost of keeping the economy shutdown. This begins to beg the question, what world and economic reality are we going to return to and are likely already operating in?
Mohamed El-Erian (fmr. PIMCO CEO) shared yesterday that he believes we will see a major shift in economic motifs over the next decade that are already taking shape.
He discussed the shift from the last decade as defined by an efficient economy, where consumers craved everything on-demand and corporations optimized for sourcing, capacity and growth to a resilient economy – where we value a provider’s ability to withstand shocks and maintain a level of quality and efficacy in different environments. Language that the financial industry has digested over the last decade and appears to be holding up reasonably well.
In a resilient economy, investors, businesses and consumers won’t only weigh the speed and cost of a good or service, but will weigh other factors when selecting a product or partner, such as the strength of their financial position, the redundancy in their supply chain, trust in their digital infrastructure or health of their workforce. In other words, safety and security will have a whole new meaning and weighting in decision making up and down the food chain.
As Cyber professionals, balancing the digital agility of the business with cyber exposure and resilience is something we are accustomed to. While every organization is different, the ability for leaders to make conscious decisions about where their organizations sits on the spectrum will be increasingly important in this new reality. A few areas that are likely to get new levels of scrutiny and stress testing in an anti-fragile era are quickly emerging. These include —
Strength of Corporate Balance Sheets — Can they withstand a crisis? will the company be here tomorrow? What are the hidden risks beneath the surface? Do they have financial optionality? Where are they investing free cash flow?
Supply Chain Diversification — What happens if a node goes offline, can they meet demand? How do we know their goods are safe? We will most certainly see diversification away from China.
Workforce Distribution and Redundancy — Are teams distributed? Do they have redundancy for key operations? Are there central points of failure? Are they able to maintain and attest to a healthy workforce?
Digital Trust and Agility — How flexible and agile are they? Can they quickly adapt to new working environments? How trustworthy and reliable are their systems? Can they scale capacity without adding lots of permanent cost?
From a cyber perspective, resilience is a word we use often in our vocabulary. We talk about redundancy, distribution, segmentation, simulations, fail safes and so-on everyday.
CISOs will likely get elevated in the organization as digital infrastructure becomes more paramount to critical operations, as will all other corporate risk managers.
In the short term, one thing cyber professionals can do is use our learnings to help peers advocate for the appropriate balance between efficiency and resiliency. Over the longer term, the more enduring opportunity as an industry is to help shape the narrative of this new reality by widening the aperture of the resilience discussion into an enterprise wide approach to building a less fragile future.