Business continuity professionals take on greater resilience roles: BCI
Businesses are taking a more strategic approach to continuity and resilience, making them better able to manage the range of threats to their operations, according to the latest report from the Business Continuity Institute (BCI).
“The more strategic view lends itself to taking a more proactive approach, as opposed to what could be viewed as a more reactive operational approach historically,” says John Verdi, senior director of professional services at Riskonnect, which sponsored the BCI report.
Verdi says new operational resilience regulations are driving this shift, but adds: “It is our experience that organisations are also simply realising that they can no longer afford to remain reactive, the stakes are just too high.”
In a survey of almost 250 business continuity professionals, with more than half located in Europe, the BCI finds some organisations are distinguishing between traditional business continuity and resilience. Four out of ten organisations in the BCI’s survey differentiate between the two. Organisations in Africa and Asia are most likely to make the distinction and organisations in North American least likely.
Many business continuity professionals now carry new resilience-orientated job titles and expanded job descriptions, the report says.
“A year of heightened political activity due to the number of elections, continuing global conflicts, worsening extreme weather events and global software outages, has seen resilience propelled to the fore in many organisations,” the BCI says.
The report also tracks “shorter and more defined reporting lines to the c-suite”, Verdi says. This is in line with the more strategic view of business continuity and resilience, he adds. However, less than a quarter of survey respondents say their board has a resilience representative at board level.
Changes to operational risk regulations are on the way in 2025 for Australasia, the European Union and the UK, the reports notes.
Rachael Elliott, knowledge strategist at the BCI, says 2024 so far has challenged resilience professionals with both known and unknown disruptions. “One of the defining moments of the year was the CrowdStrike outage in July 2024, which has been unproudly hailed as ‘the biggest outage ever’,” she says.
The report notes that such outages or attacks on third parties have become part of the remit for resilience professionals.
“Blaming a third-party supplier is no longer an acceptable excuse for an outage, given the rigorous checks and supplier management programmes organisations should be implementing for critical suppliers (as in the case of the McDonald’s systems outage in March),” the report says.
“With misinformation now having the potential for significant reputational and financial harm, organisations are now having to take extra steps to ensure they are protected from this contemporary risk,” the report adds.
Elliott says the risk landscape is varied and the global nature of crises means that many organisations are “faced with resilience challenges that they have not witnessed throughout their corporate history”.
“Many business continuity professionals continue to see the scope of their roles widened. Merely ensuring an organisation can keep operationally active in the event of a disruption is no longer enough,” she says.