Download PDF

May 2021

Customer Resilience – an outside-in perspective?

How taking a look at your business from a different perspective can pay dividends when dealing with the unexpected.

Categories Managed Security, Business Consulting, Cyber Resilience

John Airey

Head of Advisory Services

How many times have you heard people in business talk about being resilient through the creation of ‘appropriate’ business continuity plans or disaster recovery processes?

Historically, we've always looked at resilience models from the inside out; how quickly we're able to ‘bounce back’ from unexpected events and keep operating as a business in the usual way; but this perspective doesn’t make your business fully resilient. What makes a business resilient is its ability to think about things from the customers’ perspective. Properly thought out resilience models enable businesses to get back on their feet quickly by recognising that everything we do starts with the customer and what they need. 

The idea of customer resilience forces us to look at our operations in a different way. When things go wrong, we need to put the customer at the forefront of our thinking and recognise that business as usual is about more than physical resilience of buildings or operational processes. 

It’s about identifying the critical customer functions and working together 

When major events happen that could ultimately lead to recovery plans being called into play, what is important is the experience we deliver to customers. In these situations, the priority is not how efficiently and effectively we can get all aspects of our business back up and running, but how we maintain the service our customers expect and ensure our people can operate in a safe environment. For example, if customers need access to their accounts online, what is important to them is how swiftly we can get them back online to view and interact with their information. 

Scenario planning for the events that are likely to happen  

A lot of traditional resilience models focus preparation on external events, like natural disasters and weather-related impacts to physical buildings; and of course, those are important areas to include.  What are less understood and often overlooked are other events that threaten to disrupt everyday business operations and the customer experience. Natural disasters rarely feature in the top five most concerning threats. More than ever, customer data and corporate intelligence are vulnerable to external disruption. The top threats moving forward are a cyber-attack or data breach (with around a third of UK businesses reporting a disruption in the last twelve months), followed by system outages. Having correct cyber security in place is crucial to reducing the risk of any key threats.

The role of scenario planning is crucial for any business; it gets you to think about all the possible risks which could disrupt customers, and fosters discussion on how best to allocate resources to lessen the impact of these disruptions should they occur. Well-executed scenario planning exposes events that could happen and improves understanding of the possibility and likelihood of those events colliding with business strategy and customer experience. 

This gets us thinking longer term and develops our ability to scan the horizon for external events that might be an emerging problem for our business and customers. 

Key things to think about when developing a resilience model

  1. Start with the customer – identify what is critical to them not the business. 
  2. Don’t operate in silos; think about your end-to-end customer processes rather than your business operations as separate functions. 
  3. Get your business areas to work collaboratively rather than on disparate resilience models. 
  4. Think of the events that could impact your business and customer experience; not just ‘right now’ but longer term, and use risk-based approaches to assess their impact and likelihood. 
  5. Plan for these events happening and test your responses regularly.   

If we get our resilience model right, it acts as an enabler; helping us to understand and respond to our customer needs and do that in a safer environment. This makes sure that our business does not merely survive longer term but becomes more resilient and flourishes, and ultimately delivers a better experience for our customers. 

Once we've defined our key customer resilience needs, it becomes much easier to develop what our model and framework needs to look like. The way we do this is to look at all areas of our business that need to work together to deliver those objectives. Most business resilience models look at disparate functions within operations and develop a siloed approach to recovery; there may be a different resilience and recovery model for each key business area, ultimately leading to problems not just for the customer, but for the enterprise in general. 

Where should you focus your efforts? 

So, think about what is critical; what are the functions that we should concentrate on, and where are the areas that can afford to bend before they break? Strong resilience planning relies on identifying essential activities and prioritising those which are critical in times of distress.   Understanding who in the business is important to deliver those customer critical functions is also vital. In most organisations, when disaster strikes the people who take control are key. They invoke the plans and make informed decisions; but the people who deliver critical customer functions are really the most important. In these times, the parts of your business that do not perform critical functions can be deployed elsewhere. So think about using your resources more effectively and identifying functions that are not essential when business is significantly disrupted. 

Essentially, we should look at the end-to-end process so that business functions that touch a critical service for the customer can work effectively together, through one cross-departmental resilience plan, rather than several disparate ones.