"Resilience" is defined as “An organization’s capacity to anticipate disruptions, adapt to events, and create lasting value."
The concept of resilience is rapidly advancing as a practical response to the needs of an organization, enterprise or government to effectively address the combined issues of security, preparedness, risk, and survivability. Resilience is an organization’s capacity to maintain its functions and structure in the face of internal or external change or threat.
To further clarify the definition, one can look to the conditions that speak to resilience as within the following set of statements:
a) Being resilient is a proactive and determined attitude to remain a thriving enterprise (country, region, organization or company) despite the anticipated and unanticipated challenges that will emerge; b) Resilience moves beyond a defensive security and protection posture and applies the entity’s inherent strength to withstand crisis and deflect attacks of any nature; c) Resilience is the empowerment of being aware of your situation, your risks, vulnerabilities and current capabilities to deal with them, and being able to make informed tactical and strategic decisions; and, d) Resilience is an objectively measurable competitive differentiator (i.e., more secure, increased stakeholder and shareholder value).
It is logical to expect that an organization that realizes the benefits of the above definition of resilience will have a high likelihood of maintaining a successful and thriving enterprise.
Resilience can also be defined as “the positive ability of a system or company to adapt itself to the consequences of a catastrophic failure caused by power outage, a fire, a bomb or similar” event or as "the ability of a [system] to cope with change".
Disruption seems to be everywhere these days – industries collapsing, storm surges shutting down major urban centers, financial markets imploding, and more. Preventing these calamities would be everyone’s first choice, of course.
In recent years the term has been used to describe a burgeoning movement among entities such as businesses, communities and governments to improve their ability to respond to and quickly recover from catastrophic events such as natural disasters and terrorist attacks. The concept is gaining credence among public and private sector leaders who argue that resilience should be given equal weight to preventing terrorist attacks in U.S. homeland security policy.
One of the earliest uses of the term in this context was by Council on Foreign Relations Senior Fellow Stephen Flynn in the book America the Vulnerable: How Our Government is Failing to Protect Us from Terrorism. Dr. Flynn argued that America’s critical infrastructure – including bridges, tunnels, electrical grids, ports, chemical plants, and water systems – represents a key potential target to terrorists because a strike that impaired the infrastructure could severely disrupt important social and economic activity in the country. Making U.S. infrastructure more resilient was a key recommendation. With some 90% of U.S. critical infrastructure in private hands, such an emphasis will require strong public-private cooperation.
- 1 The Importance of Organizational Resilience
- 2 Business Continuity and Competitiveness
- 3 Growing Support in Washington, D.C.
- 4 The Resilience of an Enterprise - Competitive Advantage
- 5 Making Resilience Reality
- 6 Measuring Resilience
- 7 Resilience as an Acquired Skill
- 8 Organizational Resilience Management Standard
- 9 External links
- 10 References
The Importance of Organizational Resilience
Global turbulence is expected. Competition, instability and uncertainty are constants in a changing world. Organizations face an unprecedented and growing number of potential disruptions to the status quo and the best laid strategic plans. As history repeats itself, prominent organizations will fail unless modern risk management and governance models incorporate scalable resilience metrics.
To survive and prosper in this new environment of heightened uncertainty and change, organizations must move past traditional risk and governance models and focus instead on resilience. Resilience applies at all levels: national, regional, organizational and corporate. At the national level, major infrastructure concerns and societal institutions must be robust enough, and unencumbered by legal and regulatory constraints, to serve the national good in normal operations, in crisis, and in recovery. At the regional levels, specific infrastructure assets come together in highly interdependent ways to serve local constituents and be a part of a national infrastructure. At the organizational and corporate level (which owns or operates the vast majority of our critical infrastructure assets), individual companies and operating units must ensure their business operations and service delivery capacities remain able to perform their primary business functions.
Business Continuity and Competitiveness
MIT Professor Yossi Sheffi extended the resilience concept to business continuity initiatives in his 2005 book The Resilient Enterprise. Dr. Sheffi analyzed how disruptions can adversely affect the operations of corporations and how investments in resilience can give a business a competitive advantage over entities not prepared for various contingencies. Business organizations such as the Council on Competitiveness have embraced resilience and have tied economic competitiveness to security. The Reform Institute has highlighted the need to enhance the resilience of the supply chain and electrical grid against disruptions that could cripple the U.S. economy. Many corporations are adopting resilience and business continuity initiatives and sharing best practices.
Many experts and leaders see resilience as a vital component to a comprehensive homeland security strategy. Hurricane Katrina demonstrated that not all catastrophic events can be prevented and a focus on response and recovery is needed.
Growing Support in Washington, D.C.
Prominent members in the United States Congress are embracing resilience. The Chairman of the Homeland Security Committee of the U.S. House of Representatives, Bennie Thompson (D-MS) declared May 2008 “Resilience Month” as the committee and its subcommittees held a series of hearings to examine the issue. President Obama and the Department of Homeland Security have also made resilience an integral component of homeland security policy.
The Quadrennial Homeland Security Review, released by the Department of Homeland Security in February 2010, made resilience a prominent theme and one of the core missions of the U.S. homeland security enterprise.
The Resilience of an Enterprise - Competitive Advantage
Business and government enterprises that are able to quickly adapt to or seize competitive advantage from sudden and/or significant changes in their environments, with minimal interruption to their enterprise missions and manageable impact to their market value, can be described as resilient. An organization’s resilience, properly understood, has critical implications for its competitive posture, profitability and shareholder value. This belief is shared by leading management and information technology consultancies such as Deloitte and IBM, big data companies like Google and Splunk, and national governments including the U.S. Department of Homeland Security and the UK Cabinet Office of Resilience.
Over the past several years, business, academic and government leaders have become aware that certain organizations respond better to disruptions than other, often similarly situated, organizations. For example, in a September 2003 Harvard Business Review article titled, “The Quest for Resilience ,” Gary Hamel and Liisa Välikangis  stated that “momentum is not the force it once was” in ensuring an organization’s success. They noted the emergence of several disruptive trends -- including technological discontinuities, regulatory upheavals, geopolitical shocks, industry deverticalization and disintermediation, abrupt shifts in consumer tastes, and hordes of nontraditional competitors -- that require companies to become resilient to remain successful. The authors concluded that “strategic resilience is not about responding to a one-time crisis. It’s not about rebounding from a setback. It’s about continuously anticipating and adjusting to deep, secular trends that can permanently impair the earning power of a core business. It’s about having the capacity to change before the case for change becomes desperately obvious.”
Resilience also has important implications for governance processes and systems. In a 2004 white paper by Booz Allen Hamilton and Weil, Gotschal and Manges LLP, titled, “Redefining the Corporate Governance Agenda ,”  the authors wrote that “enterprise resilience marries risk assessment, information reporting, and governance processes with strategic and business planning to create an enterprise-wide early warning capability that is embedded in the business of the company.” They explained that “Enterprise Resilience is predicated on an expanded view of risk—one that focuses on value, and therefore encompasses not only traditional risks (e.g., financial, natural hazards, physical security, legal, compliance) but also risks relating to earnings drivers (e.g., innovation, channel relationships, intellectual property) and company culture.”
Over the past decade, governments worldwide have also become increasingly focused on protecting their facilities, technologies, networks, personnel and other mission-critical assets from attack or misappropriation. The risk of cyber-terrorism and other threats to critical infrastructure are of particular concern. On March 31, 2011, the President issued Presidential Policy Directive Eight (PPD-8)  that directed the Secretary of the Department of Homeland Security to develop a national preparedness system with the objective of strengthening the security and resilience of the United States through systematic preparation for the threats that pose the greatest risk to the security of the Nation, including acts of terrorism, cyber attacks, pandemics, and catastrophic natural disasters. The directive defined resilience as “the ability to adapt to changing conditions and withstand and rapidly recover from disruption due to emergencies.”
Resilience & Security Security, whether applied to physical, financial, personnel, cyber information or any other asset, entails the measures to protect against danger or loss with emphasis on being protected from dangers that originate from outside. A significant breach in security could certainly impair an organizations ability to exist, and thus is a critical concept underlying the organization’s capacity to be resilient. Resilience is proactive in positioning the company to survive and thrive given known and unknown challenges. Security, as generally practiced, provides specific protection against identified or projected circumstances.
Resilience & Protection Protection is often associated with the set of actions to harden assets to withstand identified contingencies, mitigate the damage, or make them an unattractive target. The focus is to maintain the assets’ core function and ward off harm. Typically, protection performance objectives are stated as an absolute capability against varying levels of threat (category II or greater hurricane, defined types of breaches, specific acts). Organizations plan for protection against specific threats or categories of threats. Resilience approaches the issue from a standpoint of taking reasonable protective actions, but having alternative capabilities as needed or the ability to withstand the disruption.
Resilience & Crisis Management Crisis management generally refers to the set of actions and capabilities in place to effectively respond to and contain a situation. The situation can vary from natural, man-made, or environmental challenges, whether internally or externally generated. Most consider crisis management to largely consist of actions that go into play when the crisis occurs and subside after it is considered “over”. There are plans and preparations, but the actions are not often dealt with as part of normal operations. Resilience depends on effective crisis management, but would encourage more prominent treatment of crisis management capabilities throughout the company’s operation than is often the case.
Resilience & Preparedness Preparedness consists of the plans of actions for when the disaster or crisis strikes. Preparedness efforts are very specific sets of tactical actions (evacuation plans, sheltering plans, rehearsals, stockpiles, etc.) that the company and individuals will take to mitigate the effects of predicted disasters/crises. Resilience requires prudent and serious attention to preparations for known likely disasters, particularly those that are highly likely (e.g., hurricanes in Florida). Resiliency would address preparedness as a specific emergency management business function; but more importantly, as being impacted by numerous functions across the organization. These may include human resources, strategic planning, financial management, information technology, and risk management.
Resilience & Risk Management Risk management consists of formal processes to identify threats and vulnerabilities to the company, and the mitigation approaches it will employ. Risk management is highly sophisticated and the results have application in managing the business, insurance coverage, and in attracting investors. The risk management profession is moving toward a more proactive and return on investment focus, but the traditional focus has been defensive in nature. Identifying and managing risks, particularly operational risks, is arguably the most important factor in achieving resilience; however, it is one of many factors. Resiliency has a healthy consideration of posturing for future opportunities. That is not a traditional consideration in risk management.
Making Resilience Reality
More scholarship is turning towards examining how to achieve resilience. Some have identified the four facets of resilience as preparedness, protection, response and recovery. Other countries, such as the United Kingdom and Australia, are adopting the resilience concept. In the United Kingdom, resilience is implemented locally by the Local Resilience Forum.
As part of the Canterbury University Resilient Organisations programme, ResOrgs have developed a tool for benchmarking the Resilience of Organisations.
Resilience as an Acquired Skill
In Organizational Studies, resilience is often referred to as the maintenance of positive adjustment under challenging conditions. Here, resilience emerges as the response to specific interruptions of the normal. Sutcliffe and Vogus  argue that resilience should rather be viewed from a developmental perspective, as an ability that develops over time from continually handling risks. Resilience, then, is "the continuing ability to use internal and external resources successfully to resolve new issues". Thus, "resilience is the capacity to rebound from adversity strengthened and more resourceful".
Organizational Resilience Management Standard
ASIS International have developed and published the definitive Organizational Resilience Management Standard SPC.1-2009. Approved by ANSI and adopted by the Department of Homeland Security under the PS-Prep program, this comprehensive American Standard provides a practical basis for implementation of important preparedness objectives supported by ASIS ORMS software.
- Community and Regional Resilience Initiative
- UK Resilience
- The Infrastructure Security Partnership
- Resilient Futures
- Institute for Resilient Infrastructure (UK)
- CERT Resiliency Management
- Resilient Organisations
- Resilience. Wiktionary.
- Wieland, A. & Wallenburg, C.M. (2013): The influence of relational competencies on supply chain resilience: a relational view. International Journal of Physical Distribution & Logistics Management. Vol. 43, No. 4, pp. 300-320.
- Testimony of Robert W. Kelly before the House Subcommittee on Border, Maritime and Global Counterterrorism. Reform Institute. May 7, 2008.
- Flynn, Stephen (June 2004), America the Vulnerable: How Our Government is Failing to Protect Us from Terrorism, HarperCollins
- Sheffi, Yossi (October 2005), The Resilient Enterprise: Overcoming Vulnerability for Competitive Enterprise, MIT Press
- Transform. The Resilient Economy. Integrating Competitiveness and Security. Council on Competitiveness. July 2007.
- Chain of Perils: Hardening the Global Supply Chain and Strengthening America's Resilience. Reform Institute. March 2008.
- The Smart Alternative: Securing and Strengthening Our Nation's Vulnerable Electric Grid. Reform Institute. June 2008.
- Building A Resilient Nation: Enhancing Security, Ensuring a Strong Economy. Reform Institute. October 2008.
- Katherine McIntire Peters. Government Urged to Focus on Resilience in Homeland Security. Government Executive. October 1, 2008
- James Jay Carafano. Risk and Resiliency: Developing the Right Homeland Security Public Policies for the Post-Bush Era. Testimony Before the Subcommittee on Transportation Security and Infrastructure Protection. Committee on Homeland Security. United States House of Representatives. June 24, 2008.
- 'Resilience' Blooming Into Its Own. Homeland Security Watch. May 1, 2008.
- Committee Leaders Pleased With Month of Hearings on Resiliency. CQ Homeland Security. May 23, 2008.
- Homeland Security. whitehouse.gov. Retrieved 2009-04-05.
- One Team, One Mission, Securing Our Homeland. U.S. Department of Homeland Security Strategic Plan. Fiscal Years 2008-2013. U.S. Department of Homeland Security. September 2008.
- Top Ten Challenges Facing the Next Secretary of Homeland Security. Homeland Security Advisory Council. September 2008.
- Quadrennial Homeland Security Review Report: A Strategic Framework for a Secure Homeland. U.S. Dept. of Homeland Security. February 2010.
- Building A Resilient Nation: Enhancing Security, Ensuring a Strong Economy report. Reform Institute. October 2008.
- Resilient Nation. Demos. April 2009.
- Improving Disaster Resilience. Australian Government. May 12, 2009.
- Resilient Organisations. March 22, 2011.
- Organizing for Resilience Sutcliffe, K. M., & Vogus, T. J. (2003). In K. S. Cameron, J. E. Dutton & R. E. Quinn (Eds.), Positive Organizational Scholarship: Foundations of a New Discipline (pp. 94-110). San Francisco: Berett-Koehler Publishers
Roads to Resilience: Building dynamic approaches to risk to achieve future success by Keith Goffin and Paul Hopkin. Published by Airmic (2014). ISBN 978-0-9928275-0-2 http://www.airmic.com/jresearch/roads-resilience-free-executive-summary-download
For further reading see Daniel R. Curtis, 'Pre-industrial societies and strategies for the exploitation of resources. A theoretical framework for understanding why some settlements are resilient and some settlements are vulnerable to crisis', http://www.academia.edu/1932627/Pre-industrial_societies_and_strategies_for_the_exploitation_of_resources._A_theoretical_framework_for_understanding_why_some_settlements_are_resilient_and_some_settlements_are_vulnerable_to_crisis