The Event Impact Management Report is designed to provide a summary of the wealth of data collected from our 10th edition of this study assessment. This report highlights how different crises impact organizations from organizational losses, downtime, impact on the employees as well as financial losses. We’ve also included an assessment of how organizations prepare for crisis management and use lessons learned to advance their resilience management strategies. Here is an executive summary of this year's report and some key findings we wanted to share with you.
Gaps in Pre-Planning – Being prepared is key and while 67% of organizations indicated they were either “extremely prepared” or “prepared” for events, the data told a different story.
· Organizations are least prepared for a disgruntled employee (37%), supply chain disruption (38%), or workplace violence (38%), while only about half of organizations address supply chain disruption (54%) or workplace violence (48%) in the scope of their program.
· 33% of all organizations use a standard definition of ‘Crisis’ to ensure the appropriate level of response and management. Additionally, only 24% of all organizations document all areas of executive risk acceptance and perform annual reviews.
· Using a mobile phone was the top method (86%) to communicate throughout an event, but only 64% noted that their plans are accessible in a mobile format.
· The top challenges noted for corporate-level crisis management teams are: 1) Agreement on the level of transparency in crisis communications, 2) clarity on when a crisis management team is notified and activated, and 3) inability to focus on the strategic ‘what’ to do versus devolving into the operational ‘how’ to do it.
Top Events & Crisis Impact Ratings – This year we took a different approach to assess not only the top recent events impacting organizations, but we also assigned a crisis impact rating based on the frequency, full activation rating, advance warning, impact on employees, geographic scope, percent of critical systems impacted, business resumption period, and the estimated financial losses. The full details are included within the report, but here are the most notable insights.
· Fortunately, the effect of COVID-19 eased in 2022, but organizations continued to work through the lingering challenges. Pandemic/disease received the highest crisis impact rating (10) in each of the following categories: employee impact, geographical scope, critical systems impacted, and business resumption timeframe.
· Cyber attack received the 2nd highest crisis impact rating with a score of 8 in the following: full activation, least advanced warning, employee impact, critical systems impacted, and business resumption timeframe.
· Although supply chain crises were the 9th most common event to recently hit organizations, their impact definitely registered in the last year with a rating of 10 for frequency and estimated financial losses and a score of 9 for geographical scope.
A Correlation Between Program Maturity & Financial Loss – In assessing the respondents who noted $5M+ in estimated losses for an individual event, we noticed a marked immaturity with less tenured programs.
· 14% noted “very immature” (reactive – chaotic/ad hoc) programs compared to 8% of all respondents indicating a $5M+ in estimated financial losses for an individual event.
· A majority of programs have been in existence for less than 4 years: Pandemic Planning (57%), Business Continuity (43%), Crisis Management (43%), Disaster Recovery/IT Service Continuity (43%), and Supply Chain Resilience (33%).
· 57% do not have plans accessible in a mobile format compared to 33% of all respondents.
Cyber & Technology are a Top Focus for Program Enhancement Strategies but is it Enough – It shouldn’t come as a surprise that cyber and technology investments are top of mind. Cyber attacks not only received the 2nd highest crisis impact rating score (behind pandemic/disease), but it is a very real threat that companies are grappling with to keep up with the ever-changing threats. Couple a potential cyber attack with archaic systems and applications that desperately need updating, and it becomes a scenario of not “if” but “when” something will happen.
Being truly “resilient”; however, involves a holistic approach. Organizations are balancing technology advancements in addition to elevating their organizational resilience management posture by integrating with other risk disciplines, driving program metrics, and increasing governance. But let’s look behind the proverbial curtain. Resilience management encompasses seeking out every potential organizational vulnerability. The data also highlighted that a very small pool of respondents expects to improve the program response strategies for liquidity issues (6%) and credit issues (4%). Now one can quickly assume that this is likely under a financial risk officer, but at the same time, respondents also noted that they were “prepared”/”extremely prepared” for a financial market disruption (78%). This leads us back to crisis management pre-planning and how vital every aspect is.
How can this report benefit your program and organization? This report is a broad analysis of a segment of the data, illustrating how the Resilience Management profession is viewed and what we can learn from these study results. Although this is simply a baseline of the trends in our industry we hope you leverage this report to present data findings to your executive management to increase the visibility and commitment of your program. Enclosed you will find a great deal of data, though it is impossible to display everything, which is why customized dashboard reporting specific to your organization is essential to obtain a clear understanding of other “similar” organizations. A feature of the customized dashboards is providing a detailed analysis specific to your industry or by organizational revenues, which not only allows you to benchmark your own program specific to your demographics but also its an opportunity to create a roadmap for your program based on effective peer-based models and supporting data. Our customized dashboards will be made available to professionals who confidentially participated in the 10th Edition Event Impact Management Study.
Since 2001, we’ve been conducting data research to increase the understanding of the analytical underpinnings of our profession. As we continue our efforts to advance the knowledge, insights, and value our business provides to the maturity of our profession, we know that to that end, the understanding of how to increase resiliency and better understand how the profession is evolving is of key importance. Thank you to all who responded to this survey, our advisory board, and to Witt O’Brien’s team for their efforts in developing this valuable report. We hope you enjoy this report, and we are available to discuss customized versions to meet your needs
Cheyene is a global leader with over 20 years dedicated expertise specializing in the business continuity profession. She founded BC Management, Inc. in 2000 and joined Witt O’Brien’s in 2022 as a Managing Director, Talent Management & Research Analytics. Within Witt O’Brien’s (an Ambipar company) she is responsible for overseeing staffing strategies and data research analytics for global clients in addition to providing career assessments and coaching expertise. She previously served on the board for the Association of Continuity Professionals (ACP) of Los Angeles and Orange County in addition to the National Board for the ACP. Currently, she is an active professional on the Editorial Advisory Board for Continuity Insights and the DRJ Mentor Advisory Board. Cheyene was also the recipient of the inaugural ACP Hall of Fame award in 2006 and in 2010 she was awarded an Honorary MBCI by the Business Continuity Institute (BCI).