The outages resulting from the CrodStrike bug this July leave us with three important lessons, in logical sequence:
1. In today’s world, every interaction is digital or supported by digital systems. Every business relies on increasingly complex digital infrastructures – most of them hybrid, distributed, and internet-centric.
2. Digital Resilience must be a priority for every business. The risks of failures and their potential impact to the business have escalated. Every organization must aspire for Internet Resilience.
3. It is time for organizations to appoint a Chief Resilience Officer.
What is a Chief Resilience Officer?
A chief resilience officer (CRO) is a senior executive who oversees the resilience of an organization’s digital infrastructure, operations and services. A CRO ensures that the organization can withstand and recover from disruptions, such as cyberattacks, software failures, network outages or natural disasters. A CRO also fosters a culture of resilience within the organization, where employees are trained and empowered to act effectively in crisis situations.
Why Do You Need a CRO?
The digital landscape is becoming more complex, interconnected and dynamic, creating new opportunities and challenges for organizations. However, it also exposes them to greater risks of failures and their potential impact. The recent CrowdStrike outage, which affected critical sectors like healthcare, banking and travel, is a stark reminder of the fragility and vulnerability of the digital ecosystem.
The outage was caused by a routine software update that went wrong, highlighting a critical gap in their testing and validation processes. The incident resulted in massive financial losses, reputational damage and possibly even loss of lives.
If you are a Chief Digital Officer, or CTO, you are responsible for driving digital transformation and innovation in your organization. You need to ensure that your digital initiatives are aligned with your business goals, customer needs and market trends. However, you also need to ensure that your digital initiatives are resilient, secure and reliable. You need to balance the trade-offs between speed, agility and stability. You need to anticipate and mitigate the risks of disruptions and prepare your organization to respond and recover quickly. You need a CRO to help you achieve these objectives.
According to a recent study by Forrester Research, 39% of online retailers surveyed are losing between $500,000 – $999,999 every single month due to internet disruptions.
What is Internet Resilience and why is it so difficult to achieve?
Internet Resilience can be defined as the capacity to ensure availability, performance, reachability, and reliability of the Internet Stack despite adverse conditions.
It does not mean the Internet will always be perfect or downtime is a thing of the past. There will always be interruptions of service, but Internet Resilience means you can quickly bounce back and minimize impact.
The Internet is vulnerable to leaks, hijacks and mistakes, which can lead to security, performance, availability and reachability risks. Protocols built on the basis of trust can be manipulated. The Internet was not built for the scale it operates on today, nor to meet the needs of its modern operations. The original designers of the internet never envisioned a world in which global business was reliant on it. It simply wasn’t designed for today’s level of scale, volume and complexity.
What are the Benefits of Having a CRO?
A CRO can help you and your organization in several ways, such as:
- Establishing rigorous testing protocols and maintaining a culture of continuous improvement, preventing similar incidents from occurring in the future.
- Implementing standards and advanced monitoring and alert systems, providing early warnings of potential issues, allowing for rapid response and mitigation.
- Integrating these tools into a comprehensive incident management framework, ensuring that the organization is always prepared to address problems swiftly and effectively.
- Maintaining open lines of communication with clients, stakeholders and the public, especially during crises, building trust and demonstrating the company’s commitment to accountability and resolution.
- Fostering a culture of resilience within the organization, where everyone is ready to act effectively when problems arise.
How to Appoint a CRO?
The role of the CRO is comparable to that of the chief information security officer (CISO), which became crucial in the late 1990s and early 2000s due to escalating cyberthreats. Just as the CISO is essential for managing security risks, the CRO is vital for managing the broader spectrum of resilience risks in today’s digital world.
To appoint a CRO, you need to consider the following factors:
- The CRO should have a strong background and expertise in digital technologies, systems and processes, as well as risk management, business continuity and crisis management.
- The CRO should have a strategic vision and a holistic view of the organization’s digital landscape, as well as the ability to communicate effectively with different stakeholders and audiences.
- The CRO should have the authority and resources to implement resilience measures and policies across the organization, as well as the support and collaboration of other senior executives and teams.
- The CRO should report directly to the CEO or the board of directors, ensuring that resilience is a top priority and a core value of the organization.
The time for a CRO is now, and the benefits are clear: Improved preparedness, swift recovery and a stronger, more resilient organization. By appointing a CRO, you can ensure that your organization can thrive in the digital era, delivering value and innovation to your customers and stakeholders.