The Resiliency Management Report is designed to provide a summary of the wealth of data collected from our 14th edition of this study assessment. In addition, this report highlights the most significant trends from over 10 years of researching resilience management initiatives and we’ve included program maturity insights and tips throughout the report to help you in elevating your program. Here is an executive summary of this year’s report and some key insights we wanted to share with you.
Alignment to Risk Management – The visibility and commitment to resilience management strategies are significantly influenced by the department owner and program sponsor. Our data spanning from 2009 indicates a consistent trend moving away from IT, with a consolidation of risk and resilience disciplines under Risk Management. While this report delves deeper into organizational reporting structures, it's crucial to highlight that the industry sector also plays a substantial role in determining the program's positioning.
Over the period from 2009 to 2024, the ownership of the IT department has seen a decline, dropping from 27% to 9%. In contrast, Risk Management has experienced an increase, rising from 11% to 23% during the same timeframe.
Among department owners, Risk Management secured the highest approval rating at 84%. This indicates that a significant majority of organizations agreed or strongly agreed that the program was well-positioned for maximum effectiveness and visibility. On the other hand, IT received the lowest approval rating, standing at 13%.
Just like the shift observed in department ownership, there has been a notable transition in program sponsorship from IT to Risk Management over the past decade. This gap has widened further since 2022, with an additional 8% of respondents identifying their program sponsor as the Chief Risk Officer (CRO).
Furthermore, the Chief Risk Officer (CRO) and Chief Operating Officer (COO) secured the most favorable approval ratings, with 65% and 66% of respondents expressing that their program sponsor was either involved or very involved in the program. Conversely, respondents indicating the Chief Information Officer (CIO)/Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) appeared to be less satisfied, with 45% and 20% stating their sponsors' involvement levels as involved or very involved.
An Increased Focus on Assessments, Audits, and Exercises – Conducting assessments, audits, and exercises for a resilience management program is crucial for identifying vulnerabilities, promoting continuous improvement, optimizing resource allocation, and instilling stakeholder confidence. Fortunately, this year's data reveals several positive advancements in these areas.
A growing proportion of organizations are now conducting a yearly Business Impact Analysis (BIA), reaching 72%, compared to 51% in 2022. Furthermore, there is an enhanced level of participation from a Business Continuity/Resilience Management Steering Committee in the evaluation and endorsement of BIA results, showing an increase from 19% in 2022 to 38%.
More than ever before organizations are auditing their programs on an annual basis (both internal and external) compared to 2022. Internal audits increased from 37% to 44% while external audits increased from 23% to 35%.
An increasing percent of organizations (82% - up from 71% from 2022) are exercising their business continuity/resiliency program.
An Increase in Program Investment Strategies – The most notable of the data findings, though, is the theme of increased investment in staff, budget, and third-party providers, which can significantly enhance resilience management by providing the necessary resources, expertise, and collaboration.
A record-breaking 39% of organizations expect to recruit new staff in the upcoming year. This marks a substantial rise from the 14% reported in 2018 and the 25% recorded in 2021. Furthermore, the percentage of organizations responding "no" to hiring has continued its gradual decline, reaching 30%, the lowest ever documented.
30% of organizations reported having a budget exceeding $1 million, reflecting a 5% rise from the figures recorded in 2022 and a 9% increase compared to the data from 2021.
Presently, 28% of organizations are utilizing the services of Big 4 consulting firms, marking a 14% increase from the previous year (2022). Additionally, 40% of organizations have reported engaging in other consulting services, indicating a 9% growth compared to the figures in 2022.
31% of organizations are employing a third-party provider to conduct audits on their program, reflecting a 9% increase from the statistics recorded in 2022.
Currently, 20% of organizations are outsourcing the administration of their Business Continuity Management (BCM) software systems, indicating a 9% increase from the figures reported in 2022.
How can your program and organization benefit from this report? This comprehensive analysis delves into a segment of the data, offering insights into how the resilience management profession is perceived and what lessons we can draw from the study results. While this report serves as a foundational overview of industry trends, we encourage you to utilize it as a tool for presenting data findings to your executive management, thereby enhancing the visibility and commitment of your program. The report contains a wealth of data, although not exhaustive. Hence, a customized dashboard tailored to your organization is indispensable for gaining a clear understanding, especially in comparison to other "similar" organizations. The customized dashboards feature a detailed analysis specific to your industry or organizational revenues. This not only enables you to benchmark your program within your demographic but also provides an opportunity to create a roadmap based on effective peer-based models and supporting data. Our customized dashboards were made available to professionals who confidentially participated in the 14th Edition Trends Study.
Since 2001, our commitment to data research has aimed to deepen the understanding of the analytical foundations of our profession. As we persist in advancing knowledge, insights, and the value our business brings to the maturity of our profession, we recognize that comprehending how to enhance resiliency and gaining insights into the evolving nature of the profession is crucial. We extend our appreciation to all survey participants, our advisory board, and the dedicated team at Witt O’Brien for their efforts in producing this valuable report. We trust that you find this report valuable, and we are available to discuss customized versions tailored to meet your specific needs.