What to include in your IT resilience plan for 2024

Read our guidelines on how to stay in[ctrl] and create a strong IT resilience plan.

What is IT resilience?

It may have caught many businesses off-guard, but COVID-19 was also an accelerator for IT resilience, crisis management and wider business resilience.

IT resilience is the ability to protect data and apps from just about any type of issue. It pivots on systems and infrastructure being able to withstand disruptions and continue to function effectively.

On the other hand, business resilience is an enterprise-wide concept encompassing crisis management and business continuity in the face of unexpected events like natural disasters or cyber-attacks.

During the pandemic IT teams became overstretched, which led to competing priorities.

For example, there was a perceived conflict between prioritising IT service continuity and maintenance work and aspects of cyber security such as patching software due to budget constraints.

Couple this with the fact that hardware and software products are increasingly subject to successful cyberattacks and you can see why IT resilience is so important to get right.

In fact, according to The European Cyber Resilience Act (CRA) global cybercrime cost €5.5 trillion in 2021 due to increasing IT breaches during COVID.

According to the European Commission: “The pandemic has served as a catalyst for the accelerating digitalisation of Europe and the world.”

Post-COVID, this new fast-paced and decentralised environment requires better IT resilience planning and risk management than ever.

Arvind Govindarajan, a Partner at McKinsey’s Risk and Resilience Practice observes:

“In the longer term, businesses will learn that resilience is a capability they need to master, not an alarm button they hit after the fire has started.”

Why is IT resilience so important?

There are many potential risks to navigate.

These include data loss, cyber-attacks, malware infiltration, network and internet disruptions, hardware or software failure, fire, and natural disasters.

In 2017, for example, a global cyber-attack known as ‘WannaCry’ affected more than 230,000 Windows PCs in 150 countries in one day.

The ransomware crypto worm targeted businesses running the Microsoft Windows operating system across the globe, by encrypting data and demanding ransom payments in Bitcoin.

A different kind of problem arose in 2021 as investors swarmed to brokerage platforms to trade shares of GameStop after a sharp increase in their value.

Arun Gundurao, director at Mckinsey & Company, explains: “Amid the frenzy, millions of customers were unable to access their account information and make trades, as many of the brokerage platforms suddenly failed.” He adds:

“These situations underscore the need for organisations to address IT resilience – a company’s ability to handle a technical disruption.”

And it looks like many of you are prioritising this for 2024.

In the ‘New Normal survey – 2021/22’ conducted by Brother, more than half of IT decision makers said that safeguarding their business against external threats was among their top challenges for the coming year.

This stresses the importance of being IT resilient as it keeps businesses moving forwards and can accelerate transformation by proactively seeing and adapting to changes to prevent disruption. It can also help prepare against external threats beyond your control.

According to IDC research, 29% of ITDMs are still concerned by complications due to Covid variants restrictions. While other concerns include the rising cost of IT equipment (49%), supply chain disruptions (34%), political tensions (31%), staffing (23%) and the increased potential for recession (29%).

So, how can this be applied to these concerns?

How can businesses improve IT resilience?

There are many ways to improve IT resilience.

Things like bolstering security features from external threats, investing in the right technology, and mitigating cybersecurity risk to your print technology.

But short-term thinking is not advised.

IT resilience should be a long-term strategic piece of work as a collective senior leadership team to consider priorities, budgets, and wider business resilience planning and risk management.

Basil Fuchs, CIO of Brother International Europe explains: “It’s a shared responsibility. As IT professionals we are very closely aligned with corporate risk management and the continuity of the business because we are enabling so many processes.”

He also advises that businesses should work with their outsourcing partners to strengthen IT resilience:

“The outsourcing partner and IT partners are specialists in that area. Our task, as internal IT, is to orchestrate the resilience and the planning across all these partners to ensure that they're all aligned and at the same level.”

Find out more about his approach to IT resilience here.

What does a good IT resilience plan include?

• Investment in the right technology
• A willingness to adapt your tech stack
• Constant monitoring of emerging technologies and tools
• Running business-wide resilience initiatives
• Testing your people as well as your hardware/software

Many successful IT leaders are already implementing these points into their resilience plans for 2024.

As you will see, building resilience doesn’t necessarily mean staying still and protecting what you have. In fact, one of the first considerations on the list is ‘are we investing in the right technology’?

It is also important to invest and adapt your tech stack for the best outcome. For example, many IT leaders will monitor emerging technologies and vendor offerings for new measurement tools, as well as financial tools for managing IT estates and insight into supply chains.

Elsewhere, we see experts running resiliency initiatives across their business to ensure key infrastructure can keep running, even in worst-case scenarios.

Describing the approach at Brother International Europe, Basil said:

“Each year we carry out disaster recovery and check that the backup works. We also check that the systems can be restarted or moved to a different location should there be a bigger disaster.”

This traditional approach covers risk recovery and is key to any good IT resilience plan.

It is also common for global firms to run tabletop exercises to assess operational resilience.

Josh Frulinger of CSO defines these as ‘less than a full-scale simulation but an opportunity to see how your organisation and staff react under pressure.”

Consider a hybrid approach here and review your technology investment alongside these planned tabletop scenarios.

This allows you to evaluate technology in the context of how well it works for your employees during a ‘crisis’. Or you may discover that extra training is needed to get the best out of systems.

Afterall human error dramatically increases risk with things like phishing attacks on the rise.

Gonçalo Caseiro, Chair of INCM, explains:

“This is not about managing one crisis. It’s about being prepared for anything and being able to adapt to any disruption to your business.”

Looking for further insight? Here are 5 key steps to building a strong IT resilience plan.