This initiative is driven by the fact that in recent years, Systemic risk, Third-party risk and ICT concentration risk have been put to test more and more, and we see increasing number of disruptions, in a wide range of businesses and with very diverse range of impact for not only businesses, but their customers as well.
Resilience in a business context may be an emerging term, but it really brings together the following pillars:
Depending on the use case, all may apply or only selected domains. A typical service offering would start with a review and update of existing plan. Then a scenario-based testing and exercising is planned. Resilience training and awareness are conducted to reinforce and clarify goals and outcomes. The cycle concludes with an advisory to establish or continuously mature a function, a result-driven decision.
