Organizational Resilience: How Companies Can Navigate Security Threats — and Even Grow Stronger as a Result

It’s impossible to prepare for every single security threat facing your business. You can identify all the potential dangers that you’ve seen before —- petty crime, fire, natural disaster, fraud — and build detailed, fully resourced response plans for each one. But there’s always the possibility that a “black swan” disaster is waiting in one of your blind spots. And we all have blind spots. 

Fortunately, your team isn’t helpless. The key is to develop organizational resilience. While you can’t prepare for every eventuality, it’s possible to develop culture, systems and policies that let your organization respond to and even grow as a result of these unexpected shocks to your system, whether you’re struggling with a rise in shoplifting, credit card scams or something even worse. 

The good news is that you don’t have to do it alone. Your security contractor should be able to offer expert advice on developing and employing resilience as a strategy.  

What is organizational resilience?

Organizational resilience is the ability to encounter some type of disruption, large or small, and emerge from it stronger. After the last few years — with a global pandemic, war in Ukraine, massive supply chain disruptions, and political and social unrest — a growing number of companies have expressed interest in this strategy. After living through so many unexpected events, they’re looking for a way to be ready for any possible challenge.

Not only does organizational resilience make it easier for organizations to respond to crises, it can also deliver real benefits for your company. Resilient companies are more likely to adopt new (and smarter) policies and make investments that ultimately pay off in big ways, such as stronger financial returns. 

During the 2008 economic crisis, McKinsey & Co. found that 10% of publicly traded companies in its research base — what McKinsey called “resilients” —  were able to grow their EBITDA by 10% before the crisis hit its lowest point in 2009, while similar businesses had lost 15%.

And research from the BCG Henderson Institute shows that 30% of a company’s total shareholder return occurred during the 11% of quarters when a crisis occurred. Meaning that, if a company responded well during a challenge, it could generate almost three times the results of work done in a less chaotic period.

When it comes to security matters, organizational resilience can also increase your ability to prevent worst-case scenarios, such as the loss of life or the business shutting down for weeks.  

How to develop organizational resilience

Researchers have spent years researching the best practices for encouraging resilience. Here are some of the most common and effective.

You can’t prepare for everything, but prepare for what you can

Resilient organizations take the time to identify the most likely security and safety threats and develop playbooks for either preventing or responding to those events, whether that’s a significant weather event, an armed encounter, a run of burglaries or some other concern. Those playbooks — which should be regularly updated — typically cover:

  • Incident response: How to respond to the event as it’s happening 
  • Crisis communications: Who needs to be contacted and how to reach out to them, along with systems that can function in the event of widespread outages
  • Business continuity: How to bring critical functions back online as rapidly as possible, which could continue plans for backup locations, temporary outsourcing, alternative suppliers and more.

Your security contractor could be an important contributor to the development of these plans, whether the contractor helps identify potential threats or recommends best practices for specific use cases.

Many security firms can also pick up critical emergency functions that your team might not typically staff for, like serving as a liaison with police and the press.

While all departments will contribute to preparations, IT should be an essential part of your preparations. That includes devoting the necessary sources to prevent or limit technology-related risks such as ransomware, data breaches and other losses. IT should also invest in tools that allow the organization get up and running again after an emergency, such as backup data storage and remote-working devices and apps. 

Again, check with your security contractor. They may have a technology division that can suggest potential tools, implement them for you or — if your team oversees its own solution — run penetration tests to ensure everything is working correctly.  

Smart, speedy decisions

Let’s say that your business operates in a region where earthquakes almost never occur — and then suddenly, a major quake strikes. Because it’s so uncommon, you don’t have a playbook to govern your response. What should you do?

During a crisis, it’s important for organizations to make good decisions quickly. To do that, you must clarify who has the responsibility for making different kinds of choices. Otherwise, it can lead to delays as the team tries to get input from every single decision-maker. 

(Note that we said good decisions, not perfect decisions. In a crisis, a good decision made quickly is usually more useful than a perfect decision next week.)

According to McKinsey & Co., resilient organizations take time in advance to spell out what types of decisions should be made at each level of the organization. That way, the C-suite can weigh in on decisions that should be made at that level, while others that are lower in the chain of command have the flexibility to respond to other questions.  

Consider bringing your security contractor into these discussions, too. They may have detailed expertise in challenges that your team hasn’t experienced before. 

Meetings are for problem-solving

To make the most of their time, some resilient organizations use their meetings to discuss problems and develop solutions — and only do those two things. That means no presentations. 

All the relevant information is sent along in advance, and it’s the responsibility of the attendees to review that information before the meeting. That way, the meetings can be laser-focused on creative problem-solving. 

Empowered teams

One way to get more done during crisis? Assign a small team with representatives from different key departments or functions to tackle the problem, and then give them room to work without specifying exactly how to solve the problem. There’s less bureaucracy, but crucial viewpoints are still represented in the decision-making process. And because the solution isn’t prescribed, you give the team freedom to find an out-of-box way forward.

Of course, there’s more to it than just setting up a team. They need to have a clear idea of what needs to occur, as well as limits on what they can’t or shouldn’t do. There also needs to be accountability to hold those teams responsible for their efforts.

Accountability and psychological safety 

Part of resilience means learning from challenges, so smart organizations have systems in place to conduct postmortems and similar reviews of their responses, so they can identify what worked (and should be repeated) and what didn’t (so it can be avoided). 

At the same time, resilient organizations also make a habit of psychological safety – making it possible for employees to speak up, take reasonable risks and even fail without being penalized. Without that grace, team members will be much less likely to bring forward new ideas and make valuable but unexpected contributions. 

Adaptable leadership

Resilient leaders not only manage a crisis, they find a way to learn from the experience and teach their teams to grow from it, McKinsey found. Part of that involves using “challenging leadership” — that is, they challenge their teams to find new ways to solve problems and achieve goals.

Talent and culture

Ultimately, resilient organizations are made up of resilient people who are motivated by the organization’s purpose and feel empowered to take action when necessary. It’s possible to recruit and hire for those characteristics, but it’s more important to create a culture where they’re encouraged and reinforced on a daily basis. That way, when an emergency occurs, your team instinctively knows how to react.

In a hot job market, turnover can be a threat, too, so in resilient organizations, the HR function will identify potential skill gaps, especially in the most crucial roles, and find ways to keep the employee pipeline full. That might mean adjusting job requirements to accept applicants that don’t have a traditional degree or experience, or adapting the hiring process to accelerate offers and help the organization compete against other businesses that are looking for new hires. 

Resilient organizations also invest in the ongoing development and education of their people, identifying their potential and helping them develop those strengths so they can be put to greater use. That investment can also help the organization improve its retention of key personnel. 

The bottom line on organizational resilience

In a world that feels more unsettled than ever, it’s critical for businesses to develop and practice resilience, so they not only survive new challenges, but come back stronger as a result. 

Emergency preparation is a big part of that, but smart leaders also teach best practices — like empowered teams, psychological safety and agile decision-making — that allow their teams to learn from the experience. By making the correct investments in policies, people, planning and equipment, you can turn even the toughest challenge into a way forward.

Sign up!

For industry-leading guides and analysis sign up for our blog below.

  • This field is for validation purposes and should be left unchanged.

Latest News

A group of people walking outside to represent how Community Policing Strategies can bring communities closer

Community Policing Strategies: Building Trust and Safety

By Chesley Brown | June 11, 2024

Written by: James Hart It’s always important to remember: Private security officers aren’t police, and police aren’t security officers. The two roles are both important, but they have fundamental differences. “Security officers can’t be everywhere,…

Read More
Securing Infrastructure - A view from under a bridge looking out towards the shipping yard.

Securing Infrastructure: How to Prepare for Disruptions to Critical Services and Systems in Your Business

By Chesley Brown | June 6, 2024

Written by: James Hart Infrastructure is one of the great blessings of the modern age. Flip a switch, turn on a faucet, launch a browser window, and you can generally assume the giant invisible systems…

Read More
Two women browsing at a shopping center: Security Challenges in Shopping Centers

Security Challenges in Shopping Centers — and How to Overcome Them 

By Chesley Brown | May 28, 2024

Written by: James Hart  Overcoming the Biggest Security Challenges in Shopping Centers The retail business has never been for the faint of heart. In recent years, however, security problems have made it even more challenging…

Read More
Securing Office Buildings - The façade of a A office tower - best practices for commercial building security

Securing Office Buildings: Best Practices for Property Managers Seeking a Safer, More Secure Environment

By Chesley Brown | May 21, 2024

Written by: James Hart As competition for tenants remains high, property managers must not overlook the importance of effectively securing their office buildings, according to experts from Chesley Brown International, the security consulting and risk…

Read More
Picture of a man (Director Ray Strobel) wearing a suit standing in front of a Chesley Brown Flag.

Introducing Ray Strobel: Director of the Waterfront

By Chesley Brown | April 10, 2024

We’re thrilled to announce the promotion of Ray Strobel to the role of Public Safety Director at the Waterfront in Pittsburgh’s Steel Valley! Ray brings with him a wealth of experience and a unique perspective from his extensive background in law enforcement and service to our country. We sat down with Ray for a fun interview to get to know him better and learn about his journey with Chesley Brown and beyond.

Read More
The 7 Step Guide for Building Business Continuity Plans that Work