Business vulnerability: 4 lessons learned from the COVID-19 pandemic

Jun 16, 2021
Cybersecurity consulting Digital evolution Risk vulnerability Cybersecurity

As society begins to recover from COVID-19 pandemic, organizations are reflecting on tough lessons learned about business vulnerability. But most importantly, companies should consider how those lessons can be applied to their risk strategies so that they are more prepared for future disruptions.

The pandemic upended plans, strategies and business models. One lasting outcome is learning how critical it is to have a strong grasp of business vulnerabilities that, if left unchecked, could cause harm. By keeping a pulse on possible future disruptions, organizations can be better prepared to withstand challenges to their business.

Here are four key lessons from the pandemic that are prompting organizations to assess for vulnerabilities more thoroughly.

Business vulnerability lesson No. 1

Cybersecurity strategies and governance must cover distributed work environments just like other environments.

Though some businesses are beginning to return to the office, many have realized that hybrid or even fully remote policies work well for their organizations. So even though the pandemic may be ending, concerns about remote work security are not.

When employees or contractors are logging in to work apps on various devices and from home, coffeehouses, or airports, it introduces new risks by stretching the workplace through access points that are potentially more vulnerable. According to the RSM 2021 MMBI Cybersecurity Report, more than two-thirds of survey respondents (67%) said that their businesses experienced attacks as an indirect result of the COVID-19 pandemic. The most common indirect attack was exploiting vulnerabilities from employees working remotely.

In addition, hybrid and remote work could make internal fraud easier. Internal audit practices should be adjusted within your business vulnerability assessments to align with these new threats.

Ask yourself: Is it time to review your hybrid and remote work environments to ensure strong security and governance?

Business vulnerability lesson No. 2

Global supply chains are more vulnerable than they used to be.

Prior to the pandemic, it was common to use single sourcing for economies of scale and cost control. However, single sourcing became a weakness due to supply shortages. Now, organizations are re-evaluating suppliers to reduce costs and improve resiliency, as well as considering dual sourcing.

Organizations also are reviewing where inventories are kept and how much safety stock they have. Should inventory be moved closer to the point of consumption? Prevailing practices such as just-in-time delivery have caused shortages and stock-outs, so businesses are adjusting this model as they evaluate how effective their overall supply chain strategy is.

Ask yourself: What are our business vulnerabilities related to supply chain partners and are there other third-party risks to consider?

More than two-thirds of survey respondents said that their businesses experienced attacks as an indirect result of the COVID-19 pandemic.

Business vulnerability lesson No. 3

Agility and flexibility are no longer nice-to-haves, but must-haves.

In 2020, organizations had to shift quickly in many areas, from remote service delivery to enabling work-at-home to dealing with plummeting or escalating demand. Being agile and flexible proved to be an advantage. Agile organizations could quickly adjust their product or service portfolio and avoid productivity lag due to changing workplace circumstances.

As the Suez Canal blockage and the Texas freeze taught us in 2021, the unfortunate reality is that unexpected events will continue to occur. Strong, scalable governance practices are foundational to agility and flexibility because they can align to change without weakening.

Ask yourself: Are your business processes streamlined and well-controlled so that they can be adjusted for change without breaking or becoming non-compliant?

Business vulnerability lesson No. 4

Disaster-recovery plans for all types of risks need to be actionable—not just about compliance.

For many organizations, especially in financial services, pandemic-response plans were in place. However, many plans were too compliance-oriented and didn’t have the actionable steps needed to support preserving business health during a pandemic.

For example, some pandemic-response plans were wrong about workforce challenges. They focused more on operating with a large portion of the workforce not being able to work, rather than how to enable people to do their jobs remotely.

Ask yourself: Do your disaster-recovery plans include actionable steps that will help you preserve the health of your business?

Complete your business vulnerability assessments

If businesses have learned anything in 2020 and 2021, it’s that being prepared for unexpected disruptions is a crucial part of business planning. Assessing your business risks allows you to uncover areas of weakness that can be strengthened with firm action plans and operational improvements, so that when the next weather event, geopolitical crisis, or supply chain interruption happens, your business health doesn’t suffer.

While these assessments can seem overwhelming, businesses do not have to carry them out alone. By finding a partner with experience in these types of risk assessments, as well as various industry and business types, they can ensure their assessments will result in best-practice actions that will preserve business’s health should unexpected circumstances arise.

Learn more about our risk advisory services and how RSM can help you assess your risk to understand where your business vulnerabilities are.