"As Risk professionals, we can't just have one point of view and one trajectory"
Ahead of teissR3 | Resilience, Response and Recovery Online Summit 2020, Sarah Armstrong Smith, Chief Security Adviser, Microsoft, talks to Jeremy Swinfen Green about the "new normal" for Risk and Resilience professionals and how a lot of companies don't think big enough or wide enough in resilience planning.
teissR3, taking place 15th - 24th September 2020, is the leading event focusing on how you improve your organisation’s cyber resiliency and adopt best-practice in incident response and crisis management in a post-COVID-19 world. Register your place by clicking here.
After the pandemic, what does the new normal for risk and resilience professionals like yourself look like?
Yeah, I think I start with sort of saying this concept of new normal, is what is normal? I think it's relative to lots of different companies and lots of different people. But I think one thing we have seen for sure is how bigger incidents can affect people on a global scale.
So I think that's one thing, is I think a lot of companies really do focus on their own company, their own sector, and they don't think big enough. They don't think wide enough. And a lot of the time when we think about resilience planning, they kind of assume short term.
So the incident might only last a couple of hours, couple of days. And then you got to kind of think, well, what happens over months? I mean, we might go for years in terms of the ongoing impact of this incident.
But I think there's a couple of things, which I think are almost guaranteed. One is the pace of change, the level of digital transformation and acceleration in some areas, and also the changes in some of the working practises AND some of our norms.
I mean, it wasn't that long ago really that we were talking about death of the high street.. But what I find quite interesting is something that this pandemic has taught us is how dependent we are on local communities. So actually, are we going to see a reversal of that type of thinking? So we're not all going to go online.
Actually, we're going to have this hybrid model. And I think that's where it's really interesting, actually. And I think as risk professionals, we can't just have one point of view, one trajectory. We've almost got to have multiple different strategies and be able to pivot in any one direction, as whether that's in response to a major incident or just in a response to changes in norms and their social values and those type of things.