Deutschland
India
Lietuva
United Kingdom
Search
Search
Search
Welcome to the Q4 2022 edition of Weather the Disruption, a quarterly newsletter intended to highlight the importance of Business Resiliency in today’s world. Our goal is to provide global regulatory updates, industry trends, best practices, and threats with the potential to impact our clients and sector. In this edition, we identify risks related to labor volatility and data management. Additionally, we observe efforts toward a new international standardization and continued action toward codification of business resiliency rules and regulations.
Labor volatility, data protection, and increased global business risks are major issues faced by companies as they enter the new year. Opportunities exist to get ahead of each of these challenges to maintain a strong, resilient business.
Labor Volatility and a Shifting Workforce Strategy
High employee turnover in 2022 was evidenced by patterns of burnout, voluntary resignations, and increased compensation demands, resulting in costly talent acquisition efforts to drive growth. Recent cost-cutting amidst tight margins and an uncertain economic outlook is shifting such patterns, with high-profile layoffs in the tech and financial services sectors.
It is predicted that by 2025, labor volatility will cause 40% of organizations to report a material business loss. A responsive shift in workforce strategy from talent acquisition to talent retention can strengthen workforce and operating resilience.
Data Retention and Protection
As data production and consumption accelerates exponentially, business is challenged with the retention and protection of data to comply with regulations and industry standards. Such challenges present opportunity, as data-savvy organizations are 11% quicker to remediate security incidents than those lacking a solid data foundation.
Anticipating Global Business Risks Facing Organizations
Business stability will continue to be tested in 2023, with rising operational cost, poor economic conditions, and the continued effects of conflict in Ukraine. Functional agility is key to navigating uncertainty, and thus guidelines, policies, and procedures should function as living documents to maintain responsive adaptability.
There have been major regulatory changes surrounding Business Resiliency of late, with more expected. Notable changes include:
Amendments to Cybersecurity Rules at NYDFS
In November 2022, the NYDFS (New York State Department of Financial Services) released its second draft of proposed amendments to its Part 500 Cybersecurity Rules. This amendment requires training on incident response plans, security vulnerability monitoring, annual internal and external systems penetration testing, and business continuity and disaster recovery plan to proactively incorporate Operational Resilience into ongoing business functions.
European Council Adopts DORA Act
The Digital Operational Resilience Act (DORA) sets uniform EU requirements for the security of network and information systems of organizations in the financial sector and critical third parties. In the months following DORA’s formal adoption in November 2022, EU member states will codify aspects of this Act into law. Further, relevant European Supervisory Authorities will develop technical standards for financial services institutions, and member states’ respective regulatory bodies will begin compliance oversight and enforcement action.
Here are recent notable events that have disrupted the industry this quarter:
Recent Data Breaches
Hackers have exposed cybersecurity system weaknesses by breaching companies, including Uber, Twitter, and Microsoft. In December 2022, an attack on a third-party vendor caused data to be stolen from Uber that included personally identifiable information of 77,000 Uber employees.
Ransomware Attacks in 2022
In 2022, 21% of global organizations were victims of a ransomware attack, of which 43% experienced a significant impact on their business operations. The proliferation of sophisticated cybercriminals calls for proactive and preventive cyber resilience implementation combined with existing detective tools and processes.
Here are considerations for developing and enhancing a Business Resiliency program in 2023:
Best Practices in Operational Resilience
Business leaders are recognizing the benefits of integrating operational resilience into business strategy. The Global Resilience Federation’s Business Resilience Council published the Operational Resilience Framework in alignment with National Institute of Standards and Technology and International Standards Organization standards to facilitate critical service continuity for customers and stakeholders.
Operational Resilience adoption and integration is multifaceted—according to the Business Continuity Institute, a decision-maker should orient focus on framework implementation, risk management, business continuity planning, and outsourcing.
Firms not only have to navigate a changing risk environment, but also an evolving social environment. As firms respond to environmental and social change, they must also align their resiliency programs accordingly.
Emissions—Countries Set Goals, Companies Take Action
A majority of the world’s carbon emissions come from just a few countries. To date, 70 countries, including China, the United States and the European Union have set a net-zero target, with pledges covering about 76% of global domestic emissions. The international corporate community’s embrace of net-zero commitments has strong potential to reduce carbon emissions, combat climate change, and ease the risk of natural disasters. Investing in reducing carbon emissions can have long-term effects to reduce potential weather-related disruption events.
Jan-Willem Bode, Partner and Sustainability Lead at Guidehouse, opines: “Companies that have set science-based targets must move beyond pledging to action, and that requires developing a meaningful plan…reaching net-zero requires sustained supplier engagement in order to contribute to GHG reductions, leading to more resilient supply chains as well.”
Firms have to vigilantly manage cyber risks and security and resiliency, especially with the labor volatility in the market to protect valuable company assets:
Labor Volatility and Resulting Cybersecurity Risk
Layoffs and workforce turnover introduce unique threats to organizations’ cybersecurity. Companies often have robust external system barriers. Combatting potential internal threats by current and former employees is equally important to risk reduction. According to research from Ponemon Institute, insider threat incidents have risen 44% over the past two years.
Cybersecurity Resiliency
The Cisco Security Outcomes Report, Volume 3: Achieving Security Resilience revealed that 96% of executives consider security resilience crucial, yet less than 40% are confident their organization would fare well during a cybersecurity event.
Guidehouse is a global consultancy providing advisory, digital, and managed services to the commercial and public sectors. Purpose-built to serve the national security, financial services, healthcare, energy, and infrastructure industries, the firm collaborates with leaders to outwit complexity and achieve transformational changes that meaningfully shape the future.