Corporate Resiliency is a Choice

There have been a number of articles recently about the discovery of a brain chemical, BDNF, in mice that may impact the ability to deal with stress and their resiliency. The discovery, if proven in humans, could begin to explain why some people bounce back from setbacks and others do not. It can be physiological and largely out of the control of the person. The good news is that it possibly could be treated.

Fortunately, the situation is not the case for large organizations, and especially corporations. Corporations can choose to be resilient and to what extent they will be resilient.  A corporation can plan for resilience, it can staff with the right types of people, it can put in place processes necessary for resiliency, and it can monitor and adjust. Resiliency is a choice. It is an empowering choice that corporate boards and leadership should make. And best of all, it is a choice the corporation owns.

Corporations can also choose to be secure, protected, prepared, and to manage their risks. But in each of these areas, the ultimate success of that choice depends on the someone else's actions. The corporation will attempt to be secure/protected/prepared against those eventualities it anticipates and for how it anticipates they will occur. But a change by those intending to do harm or interference with control mechanisms, could easily mean the company is suddenly not secure/protected/prepared. Instead of being empowered, the company is beholden to or at the mercy of someone else. To a large extent, this is not the case in a resiliency paradigm.

Resiliency should not be focused on a large collection of point threats and vulnerabilities. Rather, it should be based on the existence of processes and capabilities that ensure the corporation is able to survive and thrive, regardless of the disruption. The existence and performance of these processes and capabilities are the things that should keep corporate executives awake at night...not whether they are prepared for a specific vulnerability or threat. They should make the choice to be resilient.

Darryl Moody
Resilient Corporation

Interesting Resilience Definition from Disaster Management Perspective

In a blog posted on 1 October 2007, A Fuel Gauge for Resilience, Dr. Maurice A. Ramirez provides the following definition of resilience:

The concept of avoiding disaster and catastrophe relates directly to the ability to maintain sufficient resilience that needs never exceed resources and that needs never exceed the ability to respond. Physical, emotional, relationship and spiritual resilience are well known as the four categories in which resources are mapped to ensure survival through adversity in business and in life.

I find the notion of resilience being the state in which needs never exceeds resources and that needs never exceed the ability to respond to be an interesting one.  It certainly could be an end state that individuals and organizations strive to achieve. 

The first part of that statement seems to be the easiest (but not easy) to achieve:  balancing needs and resources.  Businesses and individuals are constantly faced with either increasing resources to meet their needs or reducing the needs to live within the available resources.  The challenge comes when either the needs are not fully known or are underestimated, or if the resources expected to be there are not or are overestimated.  Thus operating in a balanced state of resource needs/availability would logically seem to indicate a level of resilience.

The second part seems to be a bit more of a challenge:  ensuring needs never exceed the ability to respond [to a disaster or crisis].  The underlying assumption is that the individual or business truly understands what is needed to respond to anticipated and unanticipated eventualities.  This is true in normal daily bumps and problems, but disaster and catastrophic events are another story.  But achieving this state of balance between needs and the ability to respond to those needs also logically seems to indicate a level of resilience.

I interpret Dr. Ramirez's definition of resilience to encompass a consideration of balance.  If my interpretation is consistent with what he intended, I agree with that notion.   The next step then is to assess and measure the needs, resources, and ability to respond.  Then one can determine how in or out of balance they are, and thus how resilient the individual or organization is at that point in time.

Darryl Moody
Resilient Corporation

Resiliency as a Competitiveness Issue

In January 2007, the U.S. Department of Commerce Under Secretary for Technology gave a speech entitled "Enterprise Resiliency Drives Competitiveness" .   In his remarks, Under Secretary Robert Cresanti supports resiliency as a concept central to achieving business competitiveness at the micro and macro levels.  He outlines how his organization within the department can participate, facilitate and encourage the adoption of resiliency paradigms within the private sector.   I believe the Department of Commerce is taking the correct approach in encouraging private sector leadership and action, while recognizing the appropriate roles to be played by the government sector.

Darryl Moody
Resilient Corporation

Resilient Victim?

I hope this post does not come across as too off-the-wall, but I suppose one of the uses of blogs to air those types of thoughts and ideas.

I was thinking about terminology and the term "resilience" (and resilient/resiliency) and the term "victim". I was wondering where to use them together in describing a person or an institution. I did a Google search for the two terms and did find a number of instances. However, the pairing and use of the two terms does not seem comfortable to me. It is not due to their dictionary meanings, but I think to my sense of what they imply and embody.

To me, a victim has been successfully attacked, assaulted, violated, hurt and harmed. The degree of harm may vary from mild to severe/catastrophic, but the act or event that caused it was successful. Resiliency is bouncing back and that may entail deflecting the harm, absorbing and mitigating it, or turning it into an advantageous situation. Metaphorically, the arrow pierces the victim and bounces off the resilient party.

I see the phrase "resilient victim" used and just strikes me as odd...that they would either have to be one or the other. If the person were strong or resourceful enough to continually repel the attacks or the effects of the attack, then I need a name for them other than "victim". They are a resilient target, for sure, but they haven't succumbed to victimhood.

Clearly anyone can be a victim. A successful act of violence or a natural catastrophic event can create victims in a hurry. Thus I don't want to imply that being a victim is always a choice or signals something lacking. Not always. But people, and to a greater extent institutions, have a choice in how resilient they choose to be.

Darryl Moody
Resilient Corporation

A Resilient Target is an Unattractive Target

In discussing resiliency and the benefits of being more resilient, I have used the line "A resilient target is an unattractive target." I believe that to be largely true although there are some people, computer hackers for example, who do search for the toughest targets to attack. But for the slightly less daring, it seems to me their goal would be maximum damage at minimum effort.

I have tried to find references on military bombing target selection doctrine, but I have been unsuccessful. But I would daresay that of a long list of criteria for choosing a target for attack (threat, damage to enemy, force protection, enemy disruption, etc.) the target being highly resilient would generally not move it to the top of the priority list. Why waste a bomb if the target will either not be destroyed, significantly disrupted, or recover to pre-attack capability real soon?

So, I submit that a resilient business is likewise an unattractive target to intentional harmful acts. This holds true for the IT systems, physical facilities, the supply chain, the workforce, company reputation, fiduciary systems, and core business processes. Individuals or groups intending harm will more than likely select "weaker" targets and pass up the stronger more resilient target.

The same idea holds true for geographic regions from communities, citites, regions, and the country. Being weak and less-than-resilient invites a calamitous result to an intentional harmful act. Obviously, it is also not helpful with respect to natural events. To quote Lois Clark McCoy, leader of the National Institute for Urban Search and Rescue, "Mother Nature is the number one terrorist." The context of the comment was to encoutage adequate attention to natural disaster recovery. Lois is a nature lover!

So, just because an entity is an unattractive target does not mean that it won't become an actual target. But, the very nature of being resilient means the entity will deflect, absorb, mitigate the impacts, and quickly recover from the attack. Since we can't be 100% secure, 100% prepared, or 100% protected, we darn well should be resiient.

Darryl Moody
Resilient Corporation

Resiliency and Thriveability

I heard a term that I believe should be a wonderful entry in the resiliency lexicon -- Thriveability. I heard it on Larry Glover's site www.wildresiliency.com. Since then, I have been researching the term online and have become dangerously familiar with the various meanings and approaches taken to it. They vary from approaches of positive psychology of how people continue to grow and learn even in diversity, to approaches to describe next evolution in dealing with the ecologies, or approaches to elevate individuals and communities past mere surviving. I will explore it more and am very interested in the readers perspectives. The term is not pervasive in the United States and I only found less than 2,000 hits in a Google search.

My world is focused on business resiliency. I very much apprectiate the part of the resiliency discpline that deals with communities, regions, the ecology, and the universe. I think the concept of Thriveability has some great explanatory value in describing what we mean with resiliency whichever level of resiliency or area upon which we are focused. This term will make it into many one-liners for me, such as:

"Business Continuity Planning, risk management, and security are about survivability...where resiliency is really about thriveability!"

Adding to that statement will be: "You can't thrive if you can't survive, so BCP, risk management, security and such are critically important."

I apologize in advance to the members of the Thriveability community if I am hijacking the term for a narrower meaning than was intended or has been customary. But I think we can make it even more visible going forward.

Darryl Moody
Resilient Corporation

Resiliency from the Medical Perspective

I happened on a very well written article by Joseph C. Napoli, MD of Resiliency LLC that is well worth reading and absorbing.  Dr. Napoli article is entitled "Resiliency, Resilience, Resilient: A Paradigm Shift?" and can be found on their website at Resiliency, Resilience, Resilient: A Paradigm Shift?. 

Dr. Napoli's approaches resiliency from the medical and psychiatry fields.  His historical and background references on resiliency are insightful and enlightening and makes a strong case for the rise of the resiliency paradigm.  He also does a brilliant job of defining resiliency and the various forms of the term.

I particularly like the point he makes at the end of the article

"  I think a new meaning is evolving for resiliency and resilience. In some contexts the words are being used to mean the strength to resist being impacted by an adverse event rather than either the “capacity to rebound” or “act of rebounding” from adversity. Therefore, resiliency and resilience appear to be assuming the meaning of fortitude, that is, “the strength or firmness of mind that enables a person to encounter danger with coolness and courage or to bear pain or adversity without despondency” as defined in the Webster’s Third New International Dictionary. If so, we are coming full circle with science accepting a religious moral virtue – fortitude – as written in the Bible’s Book of Wisdom"

Although the focus of Dr. Napoli's article is on the individual, there is a lot of wisdom that can be applied to the organization and to understanding it's level of resiliency.

Darryl Moody
Resilient Corporation

Resiliency and Strength

"This is a decent and honorable country--and resilient, too.  We've been through a lot together.  We've met challenges and faced dangers, and we know that more lie ahead.  Yet we can go forward with confidence--because the State of our Union is strong, our cause in the world is right, and tonight that cause goes on.  God bless."

With those words, President George W. Bush concluded his State of the Union address on January 29, 2007. My reaction to the words, particularly the inclusion of "resilient", was a surge of a feeling strength and resolution. No one should invite unnecessary danger and risk, but the phrase "Bring it on!" certainly came to mind. Why? One reason is that I think resiliency is such an empowering mindest. It is to say that I have done my best in being prepared and ready for the dangers and obstacles, but accept that I have not prepared for all eventualities. But regardless, I am in a strong position to bounce back. You simply can not fatally hurt me.

Businesses must run on much more than raw emotion and a sense of strength and preparedness. It must take the actions that back up the sense of strength. Businesses and public sector organizations in the U.S. should ask themselves where they stand in making the President's statement true today and into the future. Our businesses and the collective business communities and infrastructures should strive for a high level of resiliency and strength. The stronger and more resilient, the more secure and resistant to attack.

I believe a resilient target is an unattractive target.

Darryl Moody

Resilient Corporation

Emotional Reaction to the Word "Resilient"

As I have dealt with the concepts and notion around resiliency, particularly as applied to business, I am struck by the different emotional response it engenders. I am comparing it to words and concepts like secured, prepared, and protected. Each of the latter terms are themselves good and necessary things to be. Who would not want to be any of them, personally or as a company? But they each make me think of the eventuality first: secured from what? prepared for what? protected against what?

On the other hand, the term "resilient" makes me think of the first person, be it the individual or the company. It really places the focus in the right place and on what you can control--yourself or your company. In this way, resiliency is an empowering paradigm and mindset.

It also puts in your face that you have choices to make in being resilient, at least as a business. They are not always easy choices as it may entail balancing priorities, but that is a constant challenge in business.

Darryl Moody

Resilient Corporation

Resiliency Should be Comprehensive

Resiliency should be considered as a comprehensive paradigm.

As I've talked with many people about resiliency, I find one of the most common aspects of the conversation being a fairly narrow view of what resiliency means. Most often, this view is presented as an enhanced view of their subject matter expertise or the world in which they work. In other words, their domain on steroids.  For example, and in general:

• The risk management community members I've spoken with see resiliency as a strategic risk management paradigm and often one that can be adequately addressed by a robust Enterprise Risk Management implementation or other high powered risk assessment and management methods.
• The IT community members see resiliency in the context of the protection and recoverability of information management assets/capabilities.
• The preparedness and crisis management communities see resiliency as being able to bounce back quickly because you didn't take too hard of a punch to start with--because you were appropriately hardened and prepared.
• The supply chain communities see the great value in being disruption=proof either through redundancy and flexiblility, and the more of those you are, the more resilient you are likely to be.
• The human capital community sees the discussion of resiliency encompassing the ability of the people being individually and collectively able to cope, flexibly respond, and return to normalcy.

The good news from my perspective is that eveyone is right. However, we would all need to admit that in most companies five separate people or groups would be dispatched to deal with the five areas I cite above. Would they speak to each other and coordinate? Probably not. Would they generate resulting recommendations that balanced overall corporate benefit at the potential "cost" to their particular function/responsibility? I doubt it. Not at least without some overarching framework and common goals that drive them to this balancing. That is one reason I advocate resiliency as a business management paradigm.

Resiliency considerations should start with the premise of what should the organization do to be a surviving and thriving entity, even in the face of major change or crisis. Having the most redundant and secure supply chain helps. As does virtually assured information management capacities. Top-notch plans and procedures for a disaster or crisis is of unquestioned benefit (as long as you've anticipated the type of disaster/crisis). But I suggest that maximizing performance and capabilities in all areas important to resiliency is pretty unattainable to the vast majority of organizations, and it is wise to seek an overall bigger resiliency bang for the buck. This is what a comprehensive resiliency paradigm does.

Darryl Moody