Rebuilding for a New Better
The Dublin Work Travel Convene Coalition, March 2021
Smart business leaders are future-focused, and it was evident in our coalition roundtable discussions that leaders are thinking about the post-pandemic business environment. Ireland is an open economy with a strong track record of attracting Foreign Direct Investment (FDI), and there was consensus that continuing with this strategy is critical. Equally important is the strength and growth potential of Ireland’s indigenous businesses. The priority areas that emerged on the topic of strengthening business resilience that were addressed during the roundtable discussion are set out below:
As we first faced the ferocity of the COVID-19 storm, business leaders were operating in a very frenetic environment, and it was difficult to take a longer-term approach to decisions as the environment required quick responses to obstacles that the lockdown restrictions imposed.
In the early stages of the pandemic business leaders were faced with limited information as it was unclear what the progression and spread of the virus would be, what a lockdown would accomplish and how soon normality could resume.
Leaders learned to make business decisions quickly with the information available to them as they only had one choice, and that was to mobilise quickly to limit disruption to their operations.
Learning lessons from past crises is important as those organisations who remain focussed on future growth and the big bets are the organisations who succeed in the longer term.
The crisis management situation forced senior management teams, previously focused on developing opportunities for future growth, to pivot to business continuity. A mindset change took place and now organisations recognise how to be better positioned for future challenges; while dealing with crisis and change, leaders need to remain focused on long-term sustainable growth underpinned by strong governance and a comprehensive risk strategy.
Organisations reacted and responded to function remotely. As we move into the Recover and Reshape phases, business leaders are formulating a new pathway to long-term strategic success with the virus as a backdrop.
The pandemic has presented organisations with a unique opportunity to develop plans to address other challenges, including the rapid acceleration of digital transformation, sustainability and climate change. While devising strategies for the new normal, we have the chance to build a new better and plan for a more sustainable future.
The current pandemic has certainly changed the overall risk landscape for organisations, and this has been confirmed by many of the Coalition members. Going forward organisations will need to review their overall risk appetite and amend their risk registers more frequently to reflect how risks change during the different waves and stages of the pandemic and ultimately reflect on the impact on operations.
In recently published Aon research, Reprioritising Risk & Resilience for a Post-COVID-19 Future, one of the key findings was that in the future business leaders must reprioritise risk - broadening their perspective of what risks their operations could face. Elevating risk managers to a strategic role in the organisation will be central to achieving this.
Organisations are now more than ever faced with a myriad of known and as yet unknown risks driven by external events or inadequate internal processes, that have the ability to cause significant disruption to their business. Companies cannot stop such events but can ensure they are prepared and in a position to mitigate such risks when they arise.
The pandemic has encouraged many organisations to re-examine both their risk and insurance strategies and recognise the need for a dynamic approach to risk. Of particular interest today is whether insurance programmes will adequately respond to losses associated with the pandemic, specifically business interruption, employers’ liability, public liability, and cyber risks. In the majority of cases, what is covered and how that cover applies is clearly defined. However, organisations should consider seeking advice and clarification from their insurance intermediary and/or insurer(s).
37.5% of respondents had not identified the risk management resources available in policies and had not reviewed insurer recommended risk improvement actions or reprioritised them according to cost and resource availability.
Return To Work Assessments Survey
Over the last few months organisations have successfully implemented risk mitigation initiatives including maintaining key facilities and services to ensure that there is no inadvertent breach of policy conditions. This process has provided the bandwidth for leaders to identify new risk areas that have emerged since the outbreak of the pandemic and put processes in place to ensure they can be addressed going forward.
With remote working now becoming a more permanent feature and Government introducing a National Remote Working Strategy this will need to be considered in future risk and work design strategies. Working remotely either on a temporary or long-term basis means that organisations now have a responsibility to provide safe working environments which are outside of their direct control. Coalition members considered the responsibility they had in creating a safe remote working environment for their workforces while also supporting overall health and wellbeing of employees. In a similar vein the Coalition discussed the need to protect corporate information and the increased cyber risks remote working presented to their organisations.
Although many businesses had sought to adopt technology within the organisation in advance of the pandemic, the response to COVID-19 has resulted in the rapid acceleration in digital transformation with firms relying on digital solutions to connect with key stakeholders including suppliers, customers and employees.
Access to technology increased across organisations so that every employee could perform their role remotely. Some members of staff had to be rapidly redeployed in different functions required by the new setup. These far-reaching changes have brought new thinking to the long-term future of work and how teams operating remotely or in the office can effectively collaborate and innovate.
The overnight switch to remote working meant that operational processes have changed, and most IT infrastructure models have had to transform, which may have resulted in additional security and reliability risks. Many organisations were unaware of these risks and the vulnerabilities within the organisation, but the pandemic has helped to highlight these issues.
Aon’s Cyber Security teams have observed a significant increase in attempted malicious third-party attacks on IT systems since moving to remote working, which has been confirmed by some of the Coalition participants:
50% of respondents answered Yes or Work in Progress when asked if their IT infrastructure model changed with the move to remote working.
50% of respondents said that operational processes had been altered due to a change from their original risk appetite and controls.
Return To Work Assessments Survey
Comprehensive security risk assessments to evaluate vulnerabilities and determine defence measures and readiness to respond will help improve an organisation’s cyber resilience.
Every employee, from the CEO to the new hire, is vulnerable to a cyber breach. Attackers’ methods are always evolving in order to target and tailor scams to specific victims. Unfortunately, many breaches result from a lack of employee awareness of the IT security risks that their actions online, on social media, at work and at home can cause.
Frequent employee training is vital to highlight and, where required, change online behaviours. Providing education on everything from password security, data protection, cyber-attacks, data encryption and how to report an incident, to name but a few, is worthwhile. A cyber breach could interrupt business operations, supply chains, products, and beyond. Best practice advice is to consider methods to mitigate the risks and potential financial impact of a cyber incident.
Risks, such as cyber attacks, will become more apparent as companies work in virtual environments and rely heavily on digital infrastructure. The actions organisations take during the recover stage can help define an effective response to both the current pandemic crisis and future shocks1.
1 Aon’s Reprioritising Risk & Resilience for a Post-COVID-19 Future Report