By Jonathan Shiery, Hoan Wagner
Welcome to the Q2 2023 edition of Weather the Disruption, a quarterly newsletter intended to highlight the importance of business resiliency in today’s world. Our goal is to provide global regulatory updates, industry trends, best practices, and detect threats with potential to impact our clients and sector. In this edition, we discuss how AI can aid resilience, the implementation of resiliency strategies, and the impact of environmental changes.
As AI continues to grow rapidly, one of its commonly discussed use cases is its application in improving business resilience:
Resilience AI — The goal of Resilience AI is to create systems to combat unprecedented scenarios1 to avoid both minor and catastrophic system failures. AI can improve business resiliency by maintaining functionality during situations such as hardware failures, cyberattacks, and environmental changes. AI improves current resiliency methods by improving efficiency and automation to reduce the need for manual labor.
AI in Business Resiliency Framework — The fast growth of AI will push firms to implement AI as part of their business continuity framework2. Incorporating AI in business resiliency frameworks can reduce repetitive tasks and promote consistency, creating more efficient processes. While AI can be extremely beneficial, it will be necessary to ensure a balance between automation and the level of human involvement to prevent algorithm bias, unintended consequences, programming errors, reputational aspects, and more.
AI and Predictive Analysis — AI can provide predictive analysis using algorithms and machine-learning capabilities to process large amounts of data. Modern predictive analysis tools shift data analytics from a small team of data scientists exploring hypothesis, to tools that can be used by both data analytics experts and regular business users3 in day-to-day business. In light of ongoing economic uncertainty, having tools to adapt quickly allows organizations to remain resilient. Incorporating AI into predictive analysis can help organizations navigate the pace of change and respond quickly.
There have been major regulatory changes surrounding Business Resiliency of late:
Cyber Resilience Act Proposal — The EU proposed the Cyber Resilience Act (CRA)4 with a goal to increase Europe’s defense against cyberattacks. Some of the proposed legislation comes with concerns, including the implications of penalizing open-source developers who receive monetary compensation. Concerned stakeholders argue that this legislation threatens the operation of any organizations that provides open-source codes to the public, if those organizations receive even just a bit of financial compensation.
Collaborative Digital Regulation Country Reviews — Tech development regulators increasingly want to assure the development of digital infrastructure securely reaches people everywhere. New Collaborative Digital Regulation Country Reviews5 for Brazil, Colombia, Egypt, and Kenya were published during The International Telecommunication Union’s Global Symposium for Regulators (GSR-23).
Prudential Regulation Authority Business Plan 2023-24 — The UK Prudential Regulation Authority (PRA) recently published Prudential Regulation Authority Business Plan 2023/246 with their plans to regulate operational resilience for 2023-24. This plan will further enforce regulation previously published to achieve timely implementation with a consistent approach. The PRA will continue monitoring threats to firms’ resiliency, firms' ability to manage cyberthreats, and firms’ execution of large and complex IT change programs.
Recent notable events that have disrupted the industry this quarter include:
Wildfire Impacts — The recent wildfires in Canada have left devastating impacts throughout North America, causing businesses to reduce operations, close offices, and delay normal business processes. Preparing for wildfires with continuity plans, mitigations strategies, and adequate communication systems7 can prevent major disruption in an organization's operation.
Suncor Breach — Suncor Energy experienced an unauthorized breach to its IT department8. The breach halted debit and credit processing at Petro-Canada gas stations across the country, causing numerous customer complaints and damage to the company's reputation. As a result, Suncor is replacing employee computers with new computers in efforts to prevent future breaches.
Ransomware Attacks — A Russian ransomware group recently began exposing flaws in the file transfer software9 MOVEit. Multiple government agencies and universities were breached in this global hacking spree and experts believe other groups may have access to software code to attack as a result.
Here are considerations for business resiliency program structuring and enhancements to make in 2023:
Preparing to Implement Regulations — With the EU’s Digital Operational Resilience Act and other regulations, resiliency is being prioritized more than ever10, giving executives the opportunity to lead transformative changes by investing in operational resilience. Organizations should focus on prioritizing critical business services, mapping their assets and vulnerabilities, and fostering integration and interoperability. Utilizing regulatory guidance to enhance their programs and create robust frameworks is key to remaining resilient.
Prepare for Increased Ransomware Attacks — Businesses should expect and prepare for potential challenges such as ransomware attacks11 that can cause financial and reputational damage. Combating ransomware attacks with cybersecurity strategies, backup systems, and adequate employee training is essential to remain resilient and recover quickly from unexpected attacks.
Increase Organizational Resilience — As business continues to evolve, so should the methods of resilience12. Adapting new technologies, implementing process automation, increased agility, and continuous improvement of competencies and skills for leaders all contribute to organizational resilience. Continuing to stay up to date with the latest trends reduces risk and allows organizations to stay competitive.
Firms not only have to navigate a changing risk environment, but also a changing social environment. As firms adapt to implement environmental and social change, they must also align their resiliency programs accordingly.
Restoring Nature — Many experts argue that restoring nature is not only good for the environment, it’s also good for business. By integrating nature into business13 strategies and operations, companies can adapt to the changing climate, minimize risk, and ensure long-term sustainability.
Renewable Energy — During the Net Zero Summit in 2022, the speakers emphasized the need to address climate change14, and saw integration of renewable energy with collaboration as the key factors in achieving it. Integrating supportive policies that pursue a net-zero emissions future can lead to environmental sustainability and economic prosperity.
Firms must manage cyber risks, security, and resiliency as technology continues to improve and threats evolve:
Cybersecurity AI — Businesses are utilizing AI to combat cyberattacks. They see AI increasing process efficiency, reducing operational costs, and resolving issues related to scaling. While AI can provide businesses with more automation by analyzing vast amounts of data in real time to find threats, it requires human expertise to be most efficient. Creating a framework to follow and measure success is imperative to the success of implementing AI into cybersecurity.
Zero Trust Model — The Cybersecurity and Infrastructure Security Agency published Zero Trust Maturity Model Version 216 to assist agencies to implement zero-trust strategies. Zero trust is an approach where access to data, networks, and infrastructure is kept to what is minimally required and the legitimacy of that access must be continuously verified.
This article is co-authored by Chris Chen with contributions from Devinne Cook and Melany Farinango.
Complexity demands a trusted guide with the unique expertise and cross-sector versatility to deliver unwavering success. We work with organizations across regulated commercial and public sectors to catalyze transformation and pioneer new directions for the future.