Disaster Recovery Journal Spring 2024

The time to strengthen an organization’s defenses is today. Ask yourself this: does everyone in your organization act as a risk manager? Are you prepared to shift your culture from reactive to proactive risk management and business continuity? “

ning in order to remain operational and continue delivering their core prod ucts and services. Lack of access to primary sup pliers of raw materials, fuel, and more has forced many organizations to turn to alternative ship ping routes and vendors across their value chain, sometimes moving four or five tiers down the chain to avoid disruption. Robust supplier and third party risk management saw a renewed focus in 2023, as some organi zations had to consider moving operations out of some geographic regions to mitigate the impact of geopolitical events. These ripple effects will continue across supply chains in 2024; therefore, organizations

scape for financial services firms. Less-regulated organizations should take heed, too. Failure to rec ognize and manage risks could result in disruptions or disasters that might undermine the business’s foundations. In 2024, stress testing will become a priority across verticals as boards and customers prioritize resilient operations. Stress testing allows an organi zation to see pain points which can ultimately fail when disruptions occur. Over the next year, more non-regulated industries will undertake vigorous stress testing to better understand their opera tional vulnerabilities and proactively mitigate risks. Cyberattacks enter a new era

Third-party relationships under scrutiny In 2024, organizations must increase their focus on third-party risk manage ment to ensure effective business continu ity planning as the reliance on third parties to deliver core products and services con tinues to grow. Organizations must closely examine their third-party relationships, from understanding what risks they are assuming during the onboarding process and throughout the entire lifecycle as well as fully understanding how third parties are governing their own risks. More robust and integrated stress and scenario testing are vital to understanding and managing third-party risks within any organization. Stress and scenario testing also helps organizations identify how the business unit responds to potential disrup tions with a critical third party. In 2024, it will be necessary for organizations to have a holistic view of their third-party ecosys tem to maintain a strong resilience posture and show regulators and customers they can deliver core products and services during times of uncertainty. Preparing for success in 2024 For 2024, the new year already seems to be a complicated risk landscape. The time to strengthen an organization’s defenses is today. Ask yourself this: does everyone in your organization act as a risk manager? Are you prepared to shift your culture from reactive to proactive risk manage ment and business continuity? True business continuity and opera tional resilience require support from across the organization – from all employ ees – and requires enforcing a culture of resilience built from the top down. By having a true culture of resilience, organi zations will be best positioned for upcom ing events in 2024. v

must prepare now to bolster their risk man agement, business continuity, and opera tional resilience programs and ensure the safety and security of their personnel glob ally. On top of supply chain disruptions, we are also seeing additional warning signs of tension in Southeast Asia, which have the potential to cause disruption in 2024, particularly in the large trade and manufacturing centers on which much of the world relies. Due to the ever-changing risk environ ment, multi-tier business continuity and disaster recovery planning should be the cornerstone of every organization in 2024. Organizations must get a head start to strengthen their resilience posture before disaster strikes, including supplier diversi fication and spreading manufacturing pro duction capacity and operations to avoid concentration risk. Stress test to reduce disruptions and their impacts The failures of Silicon Valley Bank and Signature Bank in early 2023 have led to a more scrutinized global regulatory land

In 2024, we can expect direct cyberat tacks on organizations, cyber threats on widely used third-party suppliers in order to access critical customer data, and an uptick in new cybersecurity regulations. Cyberattacks from the past year, includ ing the ICBC ransomware attack and the MOVEit cyberattack, have demonstrated the cascading effect these attacks can have across an organization’s supplier ecosys tem – and how quickly financial and repu tational damage can follow. Organizations must bolster their scenario-testing efforts to account for increased and ever-evolving cyber threats. Assume any event which can cause disrup tion will cause disruption, no matter how unthinkable this was previously. Scenario testing will be a crucial aspect of organi zational strategies. This ensures dynamic and agile business continuity plans are in place, shows regulators and customers the organization has its ducks in a row, and ensures the continued delivery of its critical products and services regardless of potential disruptions. “

Steve Richardson is chief resilience inno vation officer at Fusion Risk Management. He has more than 15 years of experience in the risk and resilience industry and is an original architect of the Fusion Framework®

System™. Through leadership roles in sales, services, and product management, combined with his focus on customer success, Richardson brings diverse skills and experience to Fusion’s customer community.

32 DISASTER RECOVERY JOURNAL | SPRING 2024