Being Disrupted Doesn’t Have to be Disruptive

By |2019-07-30T00:30:06+00:00July 30th, 2019|0 Comments

There is a lot of hype about the rapid pace of change in technology, and whether you are a ‘disrupter’ such as Uber, Netflix and Amazon, or the ‘disrupted’ such as Nokia, Blackberry and Kodak. The latter being organizations that failed to react quickly enough to changes in market conditions and consumer demands and ultimately paid the price.

The same goes for cyber-attacks or ICT outages – it is a case of when, not if – there is complacency that it is inevitable and there is not a lot you can do about it. You will either be disrupted and fail, or be the disruptor and succeed.

This is not simply about reacting to changes in technology and innovation, but anticipating and reacting to societal changes and global threats that are happening on a once unprecedented scale.

Evidence shows that the way in which a major change or incident is handled is often more important than the incident itself. A major incident on one side of the world can cause far-reaching economic and societal impact on the other side of the world, augmented by the actions of the media and affected communities. The mishandling of an incident can cause share prices to plummet and a reputation damaged beyond repair.

Expect the Unexpected

Each year multitudes of analysts and advisors deliver their predictions on global threats. These are consistent themes and warnings of what is on the horizon, often with the power to cause massive disruption on a scale that can shake financial markets and economies, sending governments into turmoil or recession.

The 2019 World Economic Forum Global Risk Report highlights that global risks are either economic, environmental, geopolitical, societal or technological. The highest probability threats are environmental (extreme weather, climate-change mitigation or natural disasters) or technological (data-fraud or theft and cyber-attacks). Whereas the highest impact is geopolitical (weapons of mass destruction).

Megatrends aren’t that mega – rising/aging populations, climate change, energy crisis, technology advancements, wealth distribution and poverty, rising crime, mass migration, trade conflicts – are things that have been talked about for many years and will continue to feature high on the risk agenda.

Even ‘black swan events’ – a metaphor, so called because it deviates beyond what is expected, is difficult to predict and has large scale consequence – is actually not that unexpected. Historical black swan events point to the rise of the internet and crash as well as the 911 terrorist attack on the World Trade Centre.

Hindsight is a powerful tool, and history shows that we should not only expect the unexpected, but chances are that history will also repeat itself.

Nothing really seems that far-fetched or inconceivable anymore. What was originally confined to the science fiction aisle is quickly becoming tomorrow’s reality. Consider the following hypothetical scenarios:

  • Zombie Apocalypse’ – when considered against flu pandemics, Ebola outbreaks, mutated strains of viruses, radiation and biological warfare. Such events can cause widespread human deaths, impaired cognitive abilities and genetic defects. Despite Chernobyl being 30 years ago, it will still be another 20,000 years before it is fit for human habitation.
  • Alien Invasionalthough many scientists agree that it is highly likely that intelligent life exists on other planets; we need to look a little closer to home. We are already creating intelligent ‘life’. We build titanium skeletons, print human organs, cover it with synthetic skin and create artificial intelligence with the ability to learn, make decisions and react to emotions. How long before they are classified as sentient-beings with the same rights and freedoms as their biological counterparts?

Consider that anything and everything is plausible, with the potential to cause mass disruption and impact.

Digital Disruption

Inventions and innovations are generally improvements on what proceeded it. Advances in technology are enabling this to occur on an exponential scale, with greater speed. Whilst many advancements are often hailed as being for the greater-good of humanity, with each positive change there is a potential negative impact. Automating repetitive and mundane processes can lead to job losses in certain sectors. Convenience is often associated with apathy and intolerance. Digital connections over real connections can lead to indifference as people lose the ability to form relationships.

Technology is profoundly changing lives and societal norms. Whether it is for better or for worse, it is the cornerstone of an advanced society and shows no signs of slowing down. Soon it will be virtually impossible to buy goods and services without a digital footprint, especially with each new generation that passes.

The sheer volume of connected devices introduces multiple vulnerabilities from a security and privacy perspective, which further exasperates the technological risks. Research into internet organized crime conducted by EUROPOL highlights that ‘critical infrastructure’, which is essential for the maintenance of vital societal functions, health, safety, security, economic or social well-being of its people are high value targets for organized crime, fraud and attack, as data is bought and sold on darknet markets.

Any disruption, destruction or compromise of critical infrastructure would have a significant negative impact both within the country affected and within a wider geographical context, which could result in their inability to maintain vital functions.

Given that technology alone can cause large-scale disruption, it would be assumed that reacting to changing market conditions, consumer demands and taking advantage of advancements in innovation would be part of the strategic business model of most organizations.

The reality is however, that organizations are often too slow to act or to slow to implement the necessary changes. For larger organizations in particular, transformation programs can take years to implement and can quickly become out of date, as technology has already moved on. It is often difficult for organizations to think beyond the here and now, or make the required cultural shift.

Societal Disruption

Often disruptions are thrust upon us such as major incidents. The impact of an incident one side of the world can cause a ripple effect on the opposite other side of the world as the media, markets and consumers react simultaneously.

Even in the aftermath of major disasters, formal investigations and public enquiries often reveal that the warning signs were there. So many missed opportunities to prevent or reduce the probability of a disruption.

Despite this, most companies will argue that they have risk, business continuity (BC), disaster recovery (DR) and cybersecurity and these disciplines have been in place for many years. Why then, when a disruptive event occurs, are they still so disrupted?

The irony is that they will not invoke their BC and DR plans in a major incident; they will not pull the plug on a failing project; and they will not change their strategy because to do so would be too disruptive to the business.

As Strategy [6] argues: ‘Often it is the fear of disruption that can be more damaging than the actual disruption. People tend to overestimate the power of a threat and underestimate the time they have to respond’.

They are not equipped to handle disruptive events and still seem surprised when such events occur, even though they have been predicted and talked about for many years. This leads to a false sense of security, it is not working and a change in approach is required.

Breaking Down the Norms

When broken down to its core components, each organization is fundamentally the same. Whether it is a large-multinational or a SME, most organizations will have a vision and a set of core values. At the heart of which is typically the desire to be a responsible business, to change the lives of people for the better, and to make a positive impact on society and the environment. If that truly is the vision of each company, than it is time to embody that vision for the greater good.

If everyone and everything is digitally connected, organizations must collaborate and work in partnership to reduce the probability and impact of a major disruption by being part of the collective solution.

A change in mind-set and culture is required. This includes removing the notion that ‘it will never happen to me’, ‘it is not my problem’ or ‘it is not my sector’ mentality. Events have shown that no organization or community is immune to disruption.

From Disrupted to Disrupter

If we consider that economic, environmental, geopolitical, societal or technological threats will continue to evolve on a global scale. That we should ‘expect the unexpected’ and that ‘anything is plausible’, then we need to consider how we navigate and manage the changing landscape.

It is no longer sufficient to consider the threats that may occur over the next 12 months, but how they will continue to evolve over the next 3-5 years. Threats need to be reviewed continuously to establish if the response and mitigation is still valid, especially since what is acceptable today, may not be tomorrow. This includes changes in legislation as well as changes in cultural norms and values.

This requires resilience in the face of adversity. Resilience is about not being afraid to take a leap, not being afraid to fail, to bounce back and repeat. A resilient organization provides longevity, stability and viability and engenders market trust. They see opportunities where others only see risk.

Enabling resilience and seizing opportunities requires multiple strategies not just one. The ability to horizon scan and gather multiple sources of intelligence will be key, as will be the ability to pivot and change trajectory, potentially in multiple directions. Organizations require a microscope to understand the here and now, as well as a telescope to pre-empt and decipher the future. This needs to be done in a controlled manner that enables the organization to carefully consider each outcome, rather than a knee-jerk reaction to a sudden change or major incident.

As McKinsey highlights: ‘Companies must be open to radical reinvention to find new, significant, and sustainable sources of revenue. Incremental adjustments or building something new outside of the core business can provide real benefits and, in many cases, are a crucial first step for a digital transformation.’

Organizations must be willing and able to disrupt themselves. This means thinking of things that may seem inconceivable now.

It is not enough for an organization to be resilient whilst all others are failing. The resilience of an organization must also consider the resilience of the communities it serves and have a deep appreciation of the complexities of the supply chain.

To be most effective, organizations need to work in partnership based on shared values and vision. This should be based on trust and transparency with the agility to react to major incidents and changes in market conditions as quickly and efficiently as possible, utilizing shared risk for mutual benefit. The ability to share resources and information will be vital, and enables each organization to be less vulnerable to a disruption.

Fostering Innovation

Resilience should not inhibit innovation and the adoption of emerging technology as it is key to ensuring a competitive market.

PWC states that ‘continual experimentation and ongoing course correction are at the core of disruptors’ success — even when they’re ahead of the game. The underlying theme is to create an immersive, seamless, brand-defining experience for consumers across all channels, one that will keep them coming back. For loyal customers, this means more innovative and customized offerings and not just simply relying on the brand.

Rapidly embracing new and emerging technology will be a differentiator in a digital and competitive market. Advances in technology has the power to shift realities. For example, Quantum computing will provide the ability to model different scenarios and outcomes with tremendous speed and dexterity.

Smaller organizations may lack the resource or capability to leverage emerging technology and hence larger institutions can enable start-ups, small and medium-size organizations by operating a support-network, particularly in the areas of technology innovation to enable them to become resilient.

Embracing a ‘Culture of Resilience and Security’

Technology only plays one part in making an organization resilient. There is just as much risk in the people, policies and processes as there is in the underlying technology.

As noted, threats to the resilience of an organization can be caused by a myriad of factors, whether internal or external, malicious or accidental. People are, in the majority of cases, a key component to these threats. People have historically be seen as the ‘weakest link’ when considering security and resilience strategies. To address this requires a culture where the organization is resilient by design and security is consciously enabled and embedded at all levels of the organization.

Often in the case of malicious attack, criminals will use a myriad of ways to gain access or infiltrate the organization and this can include bypassing technology and going straight to the source: the people. Organizations need to empower and enable people to become the strongest link so that they can become resilient themselves.

Organizations must therefore consider how to react and recover to a range of scenarios to enable it to achieve its objectives, and to communicate as effectively and decisively as possible.

This is a mindset endorsed by the UK Financial Conduct Authority and Bank of England. They argue that ‘financial intuitions and markets must consider the resilience of the entire business service, as risks have grown more complex and intense. A resilient financial system is one that can absorb shocks not contribute to them, and can adapt and recover when things goes wrong’.

Confidence in the financial economy enables people to buy goods, borrow money and transact. Resilient business services therefore support financial stability

To move from disrupted to disrupter, organizations need to be less reactive and more proactive. Rather than turning away from the biggest threat to cause a disruption, it should be tackled head on, using simulations to stress test the response and to build confidence. This is about refining and building the strategies to find out what works and to eliminate the assumptions.


High profile global risks such as extreme weather, cyber-attacks, data breaches, terrorism, organized crime and fluctuating economies, may lead to weakened markets and supply chains. Boards cannot afford to be complacent and need to take deliberate and decisive action.

Most research tends to focus on the impact of digital disruption, but organizations need to consider the wider economical, environmental and societal risks and opportunities as part of a long-term adaptive strategy. This requires a commitment to providing a positive social impact for current and future generations to enable prosperity.

As Benjamin Disraeli (UK Prime Minister, 1868 & 1874-80) once said: ‘prepare for the worst, but hope for the best’. That adage is as true today as it was 150 years ago.

Organizations must place a greater emphasis on the wider systemic impact of global changes and events as part of a sustainable risk and resilience capability that engenders trust and pushes the boundaries.

Being disrupted doesn’t have to be disruptive!

Recommend0 recommendationsPublished in Enterprise Resilience

About the Author:

Sarah has over 20 years’ experience in business continuity, crisis management and cybersecurity, which enables her to take a holistic and strategic view of enterprise risk. She has helped many organisation across the public and private sector understand the threats and opportunities associated with security and operational resilience. In 2018, Sarah was voted one of the ‘Top 50 Most Influential Women in Cyber Security’ and was 2019 finalist for ‘Women in IT: Business Role Model of the Year’. Sarah is a Member of the International Association of Privacy Professionals, British Computer Society and Business Continuity Institute.

Leave A Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.