Tr e n d s R e p o r t : G l o b a l R i s k a n d R e s i l i e n c e

8th Annual DRI International Global Risk

and Resilience Trends Report
Executive Summary
The DRI International Global Risk and Resilience specializations form the key disciplines of resilience
Trends Report is now in its eighth year and continues management, although they have close ties to risk
to provide a global view of resilience trends. Written management and information security.
by the DRI Future Vision Committee (FVC), it gives an The 2022 Resilience Index below shows the current
independent analysis of current and emerging risks top 10 resilience issues as defined by the survey
as perceived by professionals directly involved in respondents.
managing resilience. The FVC consists of international
A serious longer-term strategic issue came to light as
thought leaders and experts in all aspects of
part of this survey: the threat to data security posed
resilience management. The key input is the annual
by the advancement in quantum computing and the
survey of certified resilience professionals which
possible vulnerability of the global financial system.
provides much of the base data for the conclusions.
There was also increasing concern about the
DRI International is a major source of knowledge
ability of many organizations to embed a corporate
and expert opinion for a range of national and
resilience culture and supporting policies into their
global media outlets. This report provides a core
business models. This issue was global, equally
part of DRI’s knowledge management and external
concerning in North America and Europe as it was in
messaging. Many large corporations, governments,
Asia and Africa.
and academic institutions use the report to enhance
the insight of their professional communities. This year, there is also a special section on supply
chain disruption. It looks at why and where supply
The main contributions are from business continuity,
chains are failing as well as how organizations are
disaster recovery, crisis management, and
responding to this challenging situation and what
emergency management professionals. These four
professionals expect to see change in the future.

1
 Tr e n d s R e p o r t : G l o b a l R i s k a n d R e s i l i e n c e

The 2022 Resilience Index below shows the current top 10 resilience issues as defined
by the survey respondents.

1. Cyber events 2. IT disruptions 3. Financial conditions 4. Human resource 5. Misuse of data

issues

6. Infectious diseases 7. Natural disasters 8. Supply chain issues 9. Increased regulation 10. Major incidents
to facilities

2022 Overview
As expected, the emphasis on COVID-19 in this rationing seem very likely in many European countries
survey has reduced considerably from the high point – a situation that would have appeared unthinkable
of the previous two years. Although the pandemic even a year ago.
lingers, resilience management attention has shifted A more predictable outcome is the impact on global
from infectious diseases back to the more perennial supply chains caused by the aftermath of COVID-19
field of technology risk. lockdowns and the initial pandemic recovery
In the 2021 report, concerns about gas shortages period. Government cash subsidies, provided to
and increasing commodity prices leading to higher support individuals and businesses during the
inflation were flagged as growing threats. It was lockdowns, fueled a large increase in global demand.
noted that central Europe imported most of its Manufacturing was badly impacted by lockdowns,
oil and gas from Russia. At that time, Russia was leading to a whole range of production interruptions
artificially restricting the levels of supply in a political and material shortages. The combined effect of
dispute with Germany over ratification of a new gas increased demand and restricted supply capability
pipeline. If this foreshadowed the chaos resulting has caused a severe supply chain crisis globally. This
from Russia’s invasion of Ukraine, it was not obvious is covered further in PART 2.
– the delay appeared to be a high-stakes political The recovery has now slowed, and most Western
and commercial dispute. We know differently now. economies are likely to fall into a technical recession
Although countries, like Germany, that are excessively (defined as two consecutive quarters of GDP decline)
dependent upon Russia for oil and gas supplies during Q4/22 and Q1/23. Experts disagree as to
are scrambling for alternatives, there is probably no whether this will be a long, deep recession or a
short-term solution that will work for the upcoming relatively short correction. In the United States, for
winter. Natural gas shortages and energy usage example, some aspects of the economy are still

2
 Tr e n d s R e p o r t : G l o b a l R i s k a n d R e s i l i e n c e

relatively robust with normal consumer spending future, another key technology challenge has been
levels and high demand for labor continuing. However, identified as the risk posed by the development
this might change quickly if the Federal Reserve of quantum computers. Vastly improved speed of
continues to increase interest rates further. This complex problem solving might lead to cryptology
changing and unpredictable situation is very clearly keys being broken, risking all electronic data and
illustrated in our survey which, for the first time ever, making the entire financial system vulnerable.
shows financial conditions as one of the three overall Despite having the full attention of the world’s media,
major worries for the next year. At the more detailed the impact of climate change on business has only
analysis level, this fear of financial upheaval is risen slightly and continues to struggle for emphasis
common across most regions and industrial sectors. among more immediate problems. In the U.S. it is
It is the top concern in Africa. only rated as the number 11 issue in the list and,
The previous report quoted expert predictions even in Europe, it is only number eight. In Asia it has
for inflation in 2022. The FVC expressed some slid further, ranking fourth from last place and beating
reservations about these numbers but felt it necessary only civil disturbances, labor unrest and terrorism in
to state them. The consensus at that time was that either likelihood or impact. Clearly, the world has a
average inflation during 2022 would peak at 6.3% in long way to go to turn a zero-carbon aspiration into a
the US and 4.9 in Germany. It was also expected that meaningful reality.
it would fall quite rapidly during 2022 to 2.8 in the US Natural disasters do not have the prominence among
and 2.0 in Germany. This view was supported by the resilience professionals that we found in earlier
Federal Reserve stating that “we should see inflation surveys, but in most regions, they are still a serious
moving down by the second or third quarter.” In concern. Widescale flooding and intense heat are
hindsight, this was an optimistic scenario as excessive the two most important natural disaster concerns
money supply used to support locked down economies for resilience professionals – almost certainly a
at a time of very low productivity (until at least Q4/20) consequence of climate change.
coincided with excess demand for basic commodities
Understandably, social media issues seem less of
that were already in global short supply. The latest
a worry than during the COVID-19 inspired on-line
available figures show that inflation is currently at
hysteria. However, negative social media is still an
8.5% in the US and 10.9% in Germany, although some
on-going concern in sectors like finance and business
economists are now expecting this to be close to a
services. Technology, manufacturing, and government
peak given the rapidly increasing interest rates being
tend to consider it only a minor annoyance.
imposed by central banks.
Despite what was perceived (in earlier surveys) as
Another issue impacting resilience thinking more than
relatively successful management of the COVID-19
ever is the human resource shortages. Acquiring and
crisis, there was a surprising lack of confidence in
retaining staff along with making essential changes
management’s ability to embed a viable, sustainable
in working practices, restructuring, succession
resilience culture in both corporate and public sector
planning, and adequate staff training are all becoming
organizations. A key strategic concern across most
increasingly difficult challenges for many organizations.
regions and sectors, it was defined as a lack of an
However, there is no doubt that technological risk is effective environmental, social and governance policy,
still dominating resilience management concerns. poor levels of trust in management, inadequate staff
The top two positions are held by technology-related planning, and weak management development. This
risk issues (cyber events and IT disruptions), while is a challenge that will require considerably more
misuse of data is in the overall top five. For the attention in the future.

3
 Tr e n d s R e p o r t : G l o b a l R i s k a n d R e s i l i e n c e

Part 1 – The 2022 DRI Survey

The survey was based upon an initial set of issues strategic issues added as a separate question for
defined by the Future Vision Committee members. consideration. All business types and sectors (public
Both DRI Certified Professionals and other experienced and private) participated as did organizations of all
resilience practitioners in related fields participated. sizes. Responses were received from the seven global
The committee identified 15 key resilience related regions covered by the survey. Additional questions
issues and asked participants for their opinions. This were asked relating to the individual, their organization,
year’s survey also saw five longer-term global and and their level of professional certification.

Figure 1: List of 15 key issues identified by the FVC for use in the 2022 annual survey.
# Icon Issue Issue description
1 Civil unrest Activist protestors disrupting roads, transportation systems, and places of work,
causing injury to public, damage to buildings, retaliation, and public disorder
2 Climate change – business Increased flood risk in coastal areas and drought in hot areas, resulting in
impacts relocation or increased expenditure on protection, impacting future expansion, new
construction methods and building protocols
3 Cyber events All disruptive cyber events including ransomware, service denial, information
corruption, SQL injections, spoofing, phishing, and spam
4 Financial conditions Overall state of the economy at a specific time with indicators including GDP
growth, contraction/recession, inflation, interest rates, bankruptcies, consumer
confidence, and unemployment levels
5 Human resource issues Acquiring and retaining staff along with making changes in working practices,
restructuring, succession planning, and adequate staff training
6 Increased regulation Increased regulation at federal/national, state/local or industry body level
resulting in compliance failure leading to financial penalties and possible
withdrawal of operating licenses
7 Infectious diseases Pandemics, epidemics, respiratory illnesses, Ebola-type diseases, and bacterial
diseases immune to antibiotics
8 IT disruptions IT failure resulting in a system or application outage for a duration longer than
agreed and permitted caused by any reason, including human error, technical
malfunction, or deliberate sabotage
9 Labor – industrial actions Industrial actions, such as strikes, withdrawal of labor, picketing, work-to-rule, and
blockade of ports and other transportation hubs
10 Major incidents to facilities Fires, floods, explosions, chemical pollution, and building collapse

11 Misuse of data Data can be misused by individuals, companies, or nations. It can be acquired
illegally by theft or used in ways that were not intended by individuals within a firm
or organization
12 Natural disasters Hurricanes, tornadoes, cyclones, seismic events, wildfires

13 Social media issues Propagation of misinformation, memes, and fake profiles, which can be targeted
attacks by activists attempting to damage and destroy company reputation
14 Supply chain issues Disruption of key supplies, supplier failure, low inventories, single-source supplier,
global shortage of commodities and raw materials, transportation problems at
docks and depots, labor shortages, third-party vetting
15 Terrorism Domestic and global terrorism, CBRN attacks on high-density locations such as
transportation hubs or shopping malls

4
 Tr e n d s R e p o r t : G l o b a l R i s k A n d R e s i l i e n c e

Probability, Impact, and the Resilience Index As expected, infectious diseases (including
For comparison purposes, a scale of 1 to 5 was pandemics) has fallen from top position and now
utilized, with 1 being the lowest and 5 the highest, in appears in sixth place this year in the Resilience
terms of the importance assigned to each issue. For Index. Natural disasters, which traditionally has been
both PROBABILITY AND IMPACT, a simple statistical a top five issue, has fallen three places to its lowest
average was calculated (MEAN VALUE). To develop ever ranking of seven. The largest increases are
a “Resilience Risk Index” the probability and impact threats to commercial viability rather than operational
scores were multiplied. The two (Probability and disruption with financial conditions and increased
Impact) rankings are shown in figures 2 and 3 below. regulation scoring highly. Climate change has risen
The consolidated Resilience Risk Index is shown in four places, which puts it in its highest position (11)
figure 4 on the next page. since this survey began in 2006.

To reference a full description of each key resilience Full comparisons between 2022 and 2021 of the top
issue, see figure 1 on the previous page. 10 issues are shown in the table on page 7.
(See Figure A, on page 6.)

Figure 2: The PROBABILITY of the defined issue Figure 3: The BUSINESS IMPACT if the defined issue
causing significant problems in next year. seriously arises in the next year.

Rank Icon Issue reference Mean value Rank Icon Issue reference Mean value
1 Cyber events 4.08 1 Cyber events 3.99

2 IT disruptions 3.76 2 IT disruptions 3.78

3 Human resource issues 3.56 3 Misuse of data 3.40

4 Financial conditions 3.42 4 Financial conditions 3.37

5 Infectious diseases 3.40 5 Natural disasters 3.22
6 Natural disasters 3.25 6 Human resource issues 3.21
7 Supply chain issues 3.23 7 Infectious diseases 3.19
8 Misuse of data 3.20 8 Major incidents to facilities 3.17

9 Increased regulation 3.12 9 Supply chain issues 3.06

10 Climate change – business 3.06 10 Increased regulation 2.94

impacts
11 Climate change – business 2.85
11 Social media issues 2.87 impacts

12 Major incidents to facilities 2.83 12 Social media issues 2.80

13 Civil unrest 2.73 13 Terrorism 2.80

14 Terrorism 2.46 14 Civil unrest 2.67

15 Labor – industrial actions 2.32 15 Labor – industrial actions 2.46

5
 Tr e n d s R e p o r t : G l o b a l R i s k a n d R e s i l i e n c e

Figure 4: The Resilience Risk Index shows the consolidated top issues from this survey.

Res Resilience
index Icon Issue reference Prob Imp index
1 Cyber events 4.08 3.99 16.28

2 IT disruptions 3.76 3.78 14.21

3 Financial conditions 3.42 3.37 11.53

4 Human resource issues 3.56 3.21 11.43

5 Misuse of data 3.20 3.40 10.88

6 Infectious diseases 3.40 3.19 10.85

7 Natural disasters 3.25 3.22 10.47

8 Supply chain issues 3.23 3.06 9.88

9 Increased regulation 3.12 2.94 9.17

10 Major incidents to facilities 2.83 3.17 8.97

11 Climate change – business impacts 3.06 2.85 8.72

12 Social media issues 2.87 2.80 8.04

13 Civil unrest 2.73 2.67 7.29

14 Terrorism 2.46 2.80 6.89

15 Labor – industrial actions 2.32 2.46 5.71

Figure A: Resilience Risk Index - 2022 vs 2021 Key Strategic Issues For
Issue Ranking 2022 Ranking 2021 Resilience Professionals
Cyber events 1 2
(See Figure 5, on page 7.)

IT disruptions 2 3 The importance of long-term strategic issues were

Financial conditions 3 12
rated (most to least important).

Human resource issues 4 6 1. Resilience culture

Misuse of data 5 5 2. Quantum computing
Infectious diseases 6 1 3. Geopolitical changes
Natural disasters 7 4 4. Nation-on-nation conflict
Supply chain issues 8 7 5. Risk concentration
Increased regulation 9 17
Major incidents to facilities 10 9

6
 Tr e n d s R e p o r t : G l o b a l R i s k a n d R e s i l i e n c e

However, when asked which of these issues were Additional Analysis – Natural Disasters
causing an immediate concern the results were A more specific view of which natural disasters were
very different. of most concern was also surveyed. Widescale
1. Geopolitical changes flooding topped the list. The order from most to least
2. Nation-on-nation conflict concerning was:
3. Risk concentration 1. Widescale flooding
4. Quantum computing 2. Extreme heat/wildfires
5. Resilience culture 3. Hurricanes/typhoons
4. Seismic events – Volcanoes/earthquakes/
This highlights the pressure for short-term responses tsunamis
to current problems and shows why it is very difficult 5. Cyclones/tornadoes
for professionals to keep sight of key strategic issues
when overwhelmed by urgent events. Widescale flooding was also the top issue in the
previous survey and cyclones/tornadoes the least
concerning, so there was little change in opinion.

Figure 5: List of 5 Key strategic issues identified by the FVC.

# Issue Issue description

1 Geopolitical changes Business impacts of geopolitical changes, such as changing alliances and dependencies, strategic
use of foreign aid and imposition of sanctions, and commercial retaliation against nations and
businesses
2 Nation-on-nation conflict Nation-on-nation hostile action, such as war, other armed conflict, state terrorism, attempts to
influence election results, and fomenting political protest in non-friendly countries
3 Quantum computing Quantum computing threat to security of cryptology, including vastly improved speed of
complex problem solving that might lead to all cryptology keys being broken or at risk, which,
in turn, impacts all electronic data and makes the entire financial system vulnerable to
illegal access and corruption
4 Resilience culture Failure to embed a corporate resilience culture, including lack of environmental, social,
and governance policy, poor levels of trust in management, inadequate staff planning, and
management development
5 Risk concentration Too much risk concentrated in a few global mega-cities, including concentration of political
power, finance, corporate leadership, media, and academia

7
 Tr e n d s R e p o r t : G l o b a l R i s k a n d R e s i l i e n c e

Additional Analysis – Cyber Events Figure B: Resilience Index for North America
A more specific view of which cyber events were Rank Icon Issue reference
of most concern was also surveyed. The most
1 Cyber events
concerning was ransomware. The order from most
to least concerning was: 2 IT disruptions

1. Ransomware 3 Human resource issues

2. Spoofing and phishing (see notes below) 4 Financial conditions
3. Theft of information
5 Misuse of data
4. Denial of service
6 Infectious diseases
5. Destruction of information
6. Code injections to control an application’s data 7 Natural disasters

8 Supply chain issues

Ransomware was also the top issue in the previous 9 Increased regulation
survey and code injections was the lowest ranked of
10 Major incidents to facilities
the items included this year. Spoofing and phishing
replaced denial of service as the second most 11 Climate change – business impacts
concerning issue. However, this is not a serious 12 Social media issues
technical problem, in itself, as it does no direct
13 Civil unrest
damage to systems or data. The real problem is the
failure of targeted individuals to recognize the attack 14 Terrorism
and respond accordingly. It could also be viewed as 15 Labor – industrial actions
part of the theft of information category.

Regional Analysis Strategic Issues – Priorities for North America

The survey looked at seven world regions. Although Rank Issue reference
the responses received from the Oceania region
1 Quantum computing
were quite limited in number, we have included
them in the overall figures and provided a regional 2 Resilience culture
breakdown for completeness. However, care should 3 Geo-political changes
be taken in interpretating data from Oceania in
4 Nation-on-nation conflict
isolation for this reason.
5 Risk concentration
North America
This includes data from participants in the U.S.
and Canada.
(See Figure B, to the right.)
As the largest contributor to the survey, it was and second on both probability and impact scales.
expected that North American trends were likely to Concerns about the security risks posed by quantum
be very similar to the overall pattern. Technology computing are already becoming a serious issue for
risks are increasingly dominating the index with this highly digitally-dependent area.
cyber events followed by IT disruptions ranking first

8
 Tr e n d s R e p o r t : G l o b a l R i s k a n d R e s i l i e n c e

Latin America Figure C: Resilience Index for Latin America

This includes data from participants in Mexico and all
Rank Icon Issue reference
countries within the South American continent.
1 Cyber events
(See Figure C, to the right.)
2 IT disruptions
Although cyber events and IT disruptions lead the
list, the Latin American responses also indicate 3 Financial conditions
greater than average concerns across the survey for 4 Natural disasters
financial conditions, natural disasters, and climate
5 Infectious diseases
change, with marginally more concern for infectious
and supply chain events, human resource issues and 6 Human resource issues
misuse of data score lower than the survey average.
7 Supply chain issues
The main strategic concern is with the failure to
properly implement a resilience culture, whereas the 8 Climate change – business impacts

challenge of quantum computing and crypto security 9 Misuse of data

has not yet achieved the level of attention that has
10 Major incidents to facilities
been noted in North America.
11 Social media issues

12 Increased regulation

13 Civil unrest

14 Labor – industrial actions

15 Terrorism

Strategic Issues – Priorities for Latin America

Rank Issue reference

1 Resilience culture

2 Geo-political changes

3 Nation-on-nation conflict

4 Quantum computing

5 Risk concentration

9
 Tr e n d s R e p o r t : G l o b a l R i s k a n d R e s i l i e n c e

Europe Figure D: Resilience Index for Europe

This includes data from participants in the EU, the UK
Rank Icon Issue reference
and other non-EU members.
1 Cyber events
(See Figure D, to the right.)
2 IT disruptions
The top six positions are held in the same order as
for North America. Previous surveys have indicated 3 Human resource issues
that Europe and North America follow very similar 4 Financial conditions
patterns of response. However, predictably natural
5 Misuse of data
disasters are of much lower concern in this region.
Increased regulation is higher in this region than 6 Infectious diseases
elsewhere, again a reasonably predictable finding.
7 Increased regulation
Climate change is also above the survey average as
8 Climate change – business impacts
a resilience issue, perhaps triggered by the progress
made by green political parties in some European 9 Supply chain issues
countries. Fears about social media issues were also
10 Social media issues
somewhat higher in Europe than elsewhere.
11 Major incidents to facilities
Quantum computing was viewed as an important
strategic issue, but this was beaten as the top issue 12 Natural disasters

by concerns that resilience is not properly being 13 Terrorism

embedded into organizational culture.
14 Civil unrest
The risk of nation-on-nation conflict was relatively
15 Labor – industrial actions
high, probably enhanced by the conflict in Ukraine and
possibilities of future Russian expansion.
Strategic Issues – Priorities for Europe

Rank Issue reference

1 Resilience culture

2 Quantum computing

3 Nation-on-nation conflict

4 Risk concentration

5 Geo-political changes

10
 Tr e n d s R e p o r t : G l o b a l R i s k a n d R e s i l i e n c e

Asia – Far East Figure E: Resilience Index for Asia – Far East
This includes data from participants from China,
Rank Icon Issue reference
Japan, Singapore, and some countries across
South-East Asia. 1 Cyber events

(See Figure E, to the right.) 2 IT disruptions

The top three positions are held by technology-related 3 Misuse of data

risk issues, with cyber events and IT disruptions 4 Infectious diseases
being joined by misuse of data. Infectious diseases
5 Financial conditions
remain a higher concern in Asia than in western
countries, but this was expected in this highly health 6 Increased regulation
risk-adverse part of the world. However, natural 7 Supply chain issues
disasters were of less concern than the survey
8 Major incidents to facilities
average, a slightly unexpected result. In this region,
climate changes and human resource issues were 9 Social media issues
clearly viewed as much less significant than they are 10 Human resource issues
in both the Americas and across Europe.
11 Natural disasters
In this highly technically-advanced region, the security
risks posed by quantum computing were viewed as 12 Climate change – business impacts
the top strategic issue, but this was closely followed 13 Civil unrest
by concerns that resilience is not properly being
14 Labor – industrial actions
embedded into organizational culture. Interestingly,
the risk of nation-on-nation conflict was the least 15 Terrorism
concerning strategic issue among resilience
professionals in this region. Given that both China’s Strategic Issues – Priorities for Asia – Far East
intentions towards Taiwan and North Korea’s
persistent testing of rockets over Japan seem to Rank Issue reference
pose a global threat to peace, this seems surprising. 1 Quantum computing

2 Resilience culture

3 Geo-political changes

4 Risk concentration

5 Nation-on-nation conflict

11
 Tr e n d s R e p o r t : G l o b a l R i s k a n d R e s i l i e n c e

Asia – Middle East and Indian Subcontinent Figure F: Resilience Index for Asia – Middle East and
This includes data from participants from the Indian Indian sub-continent
sub-continent, Emirates, and other Gulf States.
Rank Icon Issue reference
(See Figure F, to the right.)
1 Cyber events
Three of the top four positions are held by technology-
2 Infectious diseases
related risks: cyber events, IT disruptions, and data
misuse. Infectious diseases was in second place, 3 IT disruptions
higher than in any other region. Many other issues 4 Misuse of data
were rated similarly to the Far East with natural
5 Major incidents to facilities
disasters relatively low and human resource issues
well below the survey average. Climate change is 6 Supply chain issues
rated as more important than in the Far East or 7 Social media issues
in North America but less than in Europe or Latin
8 Increased regulation
America. The Middle East is the only region that
considers financial conditions as a lower priority 9 Human resource issues
(rated 12 as against the survey average of four). 10 Climate change – business impacts
The highest rated strategic issue was concern about
11 Natural disasters
failure to embed a resilience culture, with geo-political
changes in second place. Quantum computing 12 Financial conditions
was also seen as an emerging strategic issue but 13 Civil unrest
currently without the same level of concern as seen
14 Terrorism
in several other regions. As in the Far East, the risk
of nation-on-nation conflict was surprisingly the least 15 Labor – industrial actions
concerning issue. There are three nuclear powers
in this area, and Israel is determined to prevent Strategic Issues – Priorities for Asia – Middle East and
Iran becoming another one. There are also shifting Indian sub-continent
alliances in Saudi Arabia and Pakistan between
traditional western allies and possible future allies Rank Issue reference
in China and Russia. Overall, this is an extremely 1 Resilience culture
unstable region, but in this survey, potential turmoil is
2 Geopolitical changes
reflected by geopolitical changes rather than conflict.
3 Quantum computing

4 Risk concentration

5 Nation-on-nation conflict

12
 Tr e n d s R e p o r t : G l o b a l R i s k a n d R e s i l i e n c e

Africa Figure G: Resilience Index for Africa

This includes data from participants mainly based in
Rank Icon Issue reference
South Africa and Nigeria.
1 Financial conditions
(See Figure G, to the right.)
2 Terrorism
Africa offers the most interesting regional perspective
with ratings that are widely different to the rest of 3 Cyber events
the world. The issue of most concern is financial 4 IT disruptions
conditions (survey average position is three), followed
5 Human resource issues
by terrorism (survey average position 14). Civil
unrest is also ranked highly at six (survey average 6 Civil unrest
is 13). Conversely, social media issues are seen as 7 Infectious diseases
the least important concern in Africa. Misuse of data
8 Supply chain issues
and increased regulation are also not perceived as
significant concerns – certainly much lower than in 9 Misuse of data
the other regions. 10 Major incidents to facilities
The highest strategic concern was failure to embed a 11 Climate change – business impacts
resilience culture, followed by nation-on-nation conflict
and geo-political changes. Quantum computing was 12 Natural disasters
considered the least important future concern in 13 Increased regulation
contrast to most of the other regions.
14 Labor – industrial actions

15 Social media issues

Strategic Issues – priorities for Africa

Rank Issue reference

1 Resilience culture

2 Nation-on-nation conflict

3 Geopolitical changes

4 Risk concentration

5 Quantum computing

13
 Tr e n d s R e p o r t : G l o b a l R i s k a n d R e s i l i e n c e

Oceania Figure H: Resilience Index for Oceania

This includes data from participants in Australia
Rank Icon Issue reference
and New Zealand.
1 Cyber events
(See Figure H, to the right.)
2 Natural disasters
Oceania reflects a relatively high risk of natural
disasters in the region and a delayed relaxation 3 Infectious diseases
of COVID-19 restrictions compared with Northern
4 IT disruptions
Hemisphere countries. Hence, natural disasters
and infectious diseases are rated two and three 5 Major incidents to facilities

respectively (survey average seven and six). Cyber 6 Misuse of data

events are still the top concern, but other technology-
7 Climate change – business impacts
related risks score a little lower than elsewhere.
Climate changes scores higher than in most regions 8 Supply chain issues
and human resources issues and financial conditions 9 Financial conditions
somewhat lower.
10 Human resource issues
The top strategic concern was geo-political changes,
11 Social media issues
which is understandable given the proximity to Asia
and somewhat stressed relationships with China. 12 Civil unrest
Following that, concern about failure to embed a 13 Labor – industrial actions
resilience culture is also seen as important. However,
like in Africa, quantum computing was considered the 14 Increased regulation
lowest concern from the options provided. 15 Terrorism

Strategic Issues – Priorities for Oceania

Rank Issue reference

1 Geopolitical changes

2 Resilience culture

3 Risk concentration

4 Nation-on-nation conflict

5 Quantum computing

14
 Tr e n d s R e p o r t : G l o b a l R i s k a n d R e s i l i e n c e

Sector Analysis The six grouped sectors listed below contributed

The survey looked at the business sectors 88.26% of the total survey.
represented by the respondents. Free entry was Finance (including banking, brokerage, 25.19%
permitted although a range of standard answers and insurance)
was suggested. Government and Public Sector 18.70%
Given the wide range of possible answers, the Healthcare and Education 12.83%
results were grouped into larger sectors for trend Technology (including developers, internet, 12.40%
analysis purposes. and telecom providers)
Business Services (including consultancy 12.39%
and audit)
Manufacturing 6.75%

The Resilience Index ranking is shown below for each

of the six reported grouped sectors.
(See Figure I below and Figure J on the next page.)

Figure I: Resilience Index by Sector (Finance, Government, Health/Education)

Resilience
Rating Finance Government Health and Education
1 Cyber events Cyber events Cyber events

2 IT disruptions IT disruptions Infectious diseases

3 Financial conditions Human resource issues IT disruptions

4 Misuse of data Infectious diseases Human resource issues

5 Human resource issues Misuse of data Supply chain issues

6 Increased regulation Natural disasters Misuse of data

7 Infectious diseases Supply chain issues Natural disasters

8 Natural disasters Major incidents to facilities Increased regulation

9 Major incidents to facilities Climate change – business impacts Financial conditions

10 Social media issues Financial conditions Major incidents to facilities

11 Climate change – business impacts Civil unrest Social media issues

12 Supply chain issues Social media issues Climate change – business impacts

13 Civil unrest Terrorism Civil unrest

14 Terrorism Labor - industrial ac-tions Terrorism

15 Labor – industrial actions Increased regulation Labor - industrial actions

15
 Tr e n d s R e p o r t : G l o b a l R i s k a n d R e s i l i e n c e

Figure J: Resilience Index by Sector (Technology, Business Services, Manufacturing)

Resilience
Rating Technology Business Services Manufacturing
1 Cyber events Cyber events Supply chain issues

2 IT disruptions IT disruptions Cyber events

3 Financial conditions Financial conditions IT disruptions

4 Misuse of data Human resource issues Human resource issues

5 Human resource issues Infectious diseases Financial conditions

6 Supply chain issues Natural disasters Increased regulation

7 Natural disasters Misuse of data Natural disasters

8 Infectious diseases Supply chain issues Major incidents to facilities

9 Increased regulation Social media issues Misuse of data

10 Climate change – business impacts Major incidents to facilities Infectious diseases

11 Major incidents to facilities Climate change – business impacts Labor – industrial actions

12 Civil unrest Increased regulation Climate change – business impacts

13 Social media issues Terrorism Civil unrest

14 Terrorism Labor – industrial actions Social media issues

15 Labor – industrial actions Civil unrest Terrorism

There were no serious unexplained discrepancies is health and education. However, it remains quite a
between different sectors. Cyber events was high concern in both government/public sector and
the top concern in every sector grouping except business services.
manufacturing where supply chain issues was top. IT For the first time, financial conditions appeared very
disruptions was the second issue in four of the six high in the ratings – a number three concern for
sectors and third in the others. finance, technology, and business services sectors
Human resource issues ranks higher than ever and number five for manufacturing. It is somewhat
before, appearing in every top five. Misuse of data is lower in government/public sector and healthcare.
also of concern across all sectors, appearing in every Supply chain issues remain important but are not
top five list by sector except manufacturing. the highest priority for most sectors other than
Infectious diseases (as expected) has fallen from its manufacturing. It is dominant in manufacturing but is
COVID-19 peak of the previous two years. It now only also important in technology, healthcare/education,
appears in one sector top three, which, predictably, and business services.

16
 Tr e n d s R e p o r t : G l o b a l R i s k a n d R e s i l i e n c e

The bottom three overall concerns of civil unrest, and technology). It was a bottom four item for
terrorism, and labor industrial actions were the bottom manufacturing, perhaps not surprisingly below labor-
three items for three of the six sectors. At least two of industrial action.
these three items were in every sectional bottom three. It is recognized that groups such as government/
Some other concerns scored poorly in very limited public sector and healthcare/education include many
sections – but these were consistent with expectations. different functions. How they are delivered can also
Increased regulation was at the bottom for vary very much from country to country with different
government, while social media issues was a bottom balances between private and public sector. However,
three item for both technology and manufacturing. the results across these groups were sufficiently
Climate change showed limited signs of position consistent to indicate that the aggregation made in
improvement from previous years and was only in the report is valid.
two of the top 10 ratings (government/public sector

Figure K: Resilience Index by Regulated/Non-Regulated Firms

Resilience
Rating Regulated Firms Non-regulated Firms
1 Cyber events Cyber events

2 IT disruptions IT disruptions

3 Human resource issues Financial conditions

4 Financial conditions Natural disasters

5 Misuse of data Misuse of data

6 Infectious diseases Infectious diseases

7 Natural disasters Supply chain issues

8 Supply chain issues Human resource issues

9 Increased regulation Major incidents to facilities

10 Major incidents to facilities Climate change – business impacts

11 Climate change – business impacts Social media issues

12 Social media issues Increased regulation

13 Civil unrest Civil unrest

14 Terrorism Terrorism

15 Labor – industrial actions Labor – industrial actions

17
 Tr e n d s R e p o r t : G l o b a l R i s k a n d R e s i l i e n c e

Impact of Regulation Organizational Size, Reporting Levels,

Across the full survey, 71.72 % of respondents came and Certification
from regulated firms and 28.28% from non-regulated Context information relating to survey participants
firms. This was an increase of 7% for non-regulated is listed below:
firms over the previous survey. Size and type of organization
For the survey regulated firms were those in banking,
Large multinational (private sector) 34.46%
energy, pharmaceuticals, aerospace, and utilities that
have sector specific regulators or specific industry Large domestic (private sector) 20.27%
legislation. Naturally, all firms must comply with Small or medium-sized business 13.29%
corporate law in their individual countries.
Niche small business (below 50 employees) 8.33%
The Resilience Index ranking is shown below for each
Government and public sector 18.70%
of the two categories.
Charity, non-profit 4.95%
(See Figure K, on page 17.)
The differences are very limited, with 12 of the Reporting level of survey participants
15 items having the same ranking (or within one
position) in both categories. The differences beyond Owner/partner 4.36%
that are natural disasters (three places higher in non- Senior manager 26.16%
regulated firms), increased regulation (three places
Middle manager 28.49%
higher for regulated firms), and the largest difference
Supervisor/team leader 13.08%
human resources issues which is five places higher
for regulated firms. This would appear a reasonable Individual contributor 21.80%
expectation, given the much higher compliance Consultant 6.11%
demands placed on regulated firms.

DRI certification of survey participants

DRI-Certified 71.72%

Not DRI-Certified 28.28%

18
 Tr e n d s R e p o r t : G l o b a l R i s k a n d R e s i l i e n c e

Part 2 – The Supply Chain Report

A range of challenges can adversely impact the global Figure L: Figure L: Overall Supply Chain Issues
supply chain. Over the past three years, the actions
taken by all governments to counter COVID-19 have Disruption reported % - facing this
severely disrupted the free flow of goods. The war by full survey problem Rank
in Ukraine has generated other shortages in some Longer delivery times from suppliers 68.95% 1
basic foods, fertilizers, chemicals, metals, and other Increased cost of incoming goods 58.50% 2
minerals as well as oil and gas from Russia. Shortage of skilled labor 55.56% 3
The survey asked participants their experience Transportation and logistical
41.50% 4
of supply chain difficulties and their expectations disruptions
for the future. Examples of supply chain problems No viable alternate source of supply 28.43% 5
are disruption of key supplies, supplier failure, low Inventory levels depleted 23.53% 6
inventories, single-source supplier, global shortage Production capacity reduced/
of commodities and raw materials, transportation 18.30% 7
factory shutdowns
problems at docks and depots, and labor shortages
anywhere in the chain. This is not necessarily an
exhaustive list but covers the main areas.
Manufacturing was the only sector in the full survey
Although supply chain issues were only the eighth
that identified supply chain as its top concern. In
most important resilience concern across the survey,
this sector 100% of respondents reported some
in many ways they are the most interconnected of
disruptions. The reported type of disruption was in
all those listed. The sector that is most acutely
the same order as the full survey, although each type
impacted by these challenges is manufacturing, but
impacted a higher percentage of the group.
it is not only manufacturers that are impacted. It
is considered the fifth most important concern in The equivalent table for manufacturing is
healthcare and education and the sixth in technology. shown below:
Only in the financial sector is it not a top eight issue, (See Figure M, below.)
where it ranked twelfth.There were no significant
differences between regions in their ratings –
confirming that it is a fully global problem. Figure M: Supply Chain Issues For Manufacturing

Question 1 Disruption reported by % - facing this

Is your organization experiencing supply chain issues? manufacturing problem Rank
If so, what issues are you facing? Longer delivery times from suppliers 76.19% 1

Some 66% of respondents said they were facing Increased cost of incoming goods 76.19% 2
current supply chain issues. Shortage of skilled labor 57.14% 3

From those who reported current concerns, the table Transportation and logistical
52.38% 4
disruptions
below shows the most common causes of disruption.
No viable alternate source of supply 42.86% 5
(See Figure L, to the right.)
Inventory levels depleted 35.67% 6
Production capacity reduced/
33.33% 7
factory shutdowns

19
 Tr e n d s R e p o r t : G l o b a l R i s k a n d R e s i l i e n c e

Question 2 Figure O: Types of Supply Chain Shortages for

Manufacturing
Is your organization experiencing difficulties in
obtaining products, materials, or services? Material in %- %- %-
Of respondents, 52% confirmed they were short supply for slight significant business
having difficulties with this aspect of supply manufacturing delays delays critical delays
chain management. The type of shortages being Basic raw materials 64.77% 27.27% 7.95%
experienced is shown in the table below. They have Components 50.76% 39.59% 9.64%
been listed to show the percentage of participants Semi-finished goods 56.00% 37.71% 6.29%
reporting this problem across three categories – slight Finished products
52.27% 37.50% 10.23%
delays, significant delays, and business critical delays. for resale
(See Figure N, below.) Fuel and energy
69.61% 22.65% 7.73%
supplies
Contract labor 56.94% 34.72% 8.33%
Figure N: Types of Overall Supply Chain Shortages

%- %- % - business
Material in slight significant critical Question 3
short supply delays delays delays Which of the following reasons do you feel are
Basic raw fundamentally responsible for the supply chain issues
64.77% 27.27% 7.95%
materials
you are experiencing?
Components 50.76% 39.59% 9.64%
The results are shown from the highest to lowest
Semi-finished
56.00% 37.71% 6.29% scoring category based on the whole survey. The
goods
manufacturing comparison is also reported.
Finished
products for 52.27% 37.50% 10.23% (See Figure P, below.)
resale
Again, for manufacturing, the importance of all
Fuel and
the problems is magnified. In particular, the labor
energy 69.61% 22.65% 7.73%
supplies
Contract labor 56.94% 34.72% 8.33% Figure P: Reasons for Supply Chain Issues

It is very concerning that shortages in all categories Across full Manufacturing

Suggested reason survey only
are creating business critical delays at this scale.
After-effects of COVID-19
For manufacturing, 100% reported shortages on at 75.69% 80.05%
measures
least some of these items. Labor shortage throughout the
55.56% 85.55%
The percentage of companies in manufacturing supply chain
that are experiencing business critical delays is Containers held up in
35.76% 50.45%
much higher than the overall survey and ports in Asia
demonstrates how vulnerable this important sector Inadequate global capacity
35.42% 50.25%
of commodities
is to these global shortages.
The war in Ukraine 35.07% 45.10%
(See Figure O, to the right.)
Restrictions on supply
24.31% 50.25%
by some countries
China’s zero COVID policy 23.26% 41.00%

20
 Tr e n d s R e p o r t : G l o b a l R i s k a n d R e s i l i e n c e

shortages are of more concern even than the after- Figure R: Implications of Supply Chain Issues
effects of COVID-19.
Most problems are global in nature but have some Across full Manufacturing
regional variations. Europe and North America usually Long-term implication survey only
show similar trends in resilience surveys, but the More acceptance of higher
costs as the price of security 82.73% 100.00%
war in Ukraine has opened a wide difference in and resilience
importance (71% in Europe, 28% in North America).
Increased support for local
Additionally, although the after-effects of COVID-19 74.44% 90.47%
energy and food suppliers
are still problematic in North America, they are
More trade wars, commercial
almost universally a serious problem for European 73.54% 76.19%
disputes, and political tension
organizations (93% in Europe, 72% in North America). More duplication throughout
69.50% 71.43%
(See Figure Q, below.) the supply chain
More domestic manufacturing
66.59% 80.95%
capability brought onshore
Figure Q: Reasons for Supply Chain Issues
Less dependency on China
(By Region) 60.99% 61.91%
for manufacturing
Less globalization in
Across North 57.17% 61.90%
products and services
Suggested reason full survey America Europe
After-effects of
75.69% 72.54% 92.86%
COVID-19 measures
These results were again most acute in the
Labor shortage through-
55.56% 62.18% 64.29% manufacturing sector.
out the supply chain
Containers held up in More than 80% of manufacturers believed that more
35.76% 37.82% 42.86% domestic manufacturing capacity would be brought
ports in Asia
Inadequate on stream. More than 90% thought there would be
global capacity of 35.42% 38.86% 35.71% increased support for local energy and food suppliers,
commodities and an unprecedented 100% agreed that there would
The war in Ukraine 35.07% 27.98% 71.43% be more acceptance of higher costs as the price of
Restrictions on supply security and resilience. All of this indicates higher
24.31% 23.30% 14.29%
by some countries prices for consumers with probable impacts on
China’s zero national and global inflation.
23.26% 62.18% 64.29%
COVID policy
There were no significant differences in terms of
expected future outcomes across the regions. There
Question 4 was most disagreement about whether there would
be less globalization in future. However, it was still
What are the long-term implications that will result
seen as more likely than not by all regions except the
from the current supply chain situation?
Middle East and Africa – perhaps predictably given
The results are shown as a percentage who thought the dependencies of their economies upon continued
the defined item would be possible or probable. In Western international involvement.
all cases the numbers exceed those expecting no
change. The results are shown in order of expectation
(based upon the percentages).
(See Figure R, to the right.)

21
 Tr e n d s R e p o r t : G l o b a l R i s k a n d R e s i l i e n c e

Part 3 – Comments and Conclusions

In this section, all references to issues that are included in the Resilience Risk Index will show
this year’s ranking in parentheses

has grown significantly. The threats of sophisticated

Cyber Events (1), IT Disruptions (2), attacks on the global financial system will call for
Misuse of Data (5) unprecedented cooperation between nations as well
The dominance of cyber, IT, and data concerns was as the private and public sectors within countries.
an expected outcome. Given that almost every There is a need for greater non-competitive spaces
organization is now more IT- and data-dependent than where firms can collaborate on this front without
ever, this will only become more so in the future. damaging their commercial confidentiality or fear
A cyber event can quickly halt any critical function, breaking regulatory obligations.
although with appropriate plans and capability in For the future, quantum computing carries a
place, loss and interruption should be minimized. significant risk to the security of public-key encryption,
This recovery is not always successfully accomplished with major implications for governments, particularly
in the required timeframes, and it is concerning that in the management of their most secret data, and for
in times of financial pressure some organizations companies that rely heavily on encryption to protect
might cut back on providing sufficient back-up client data, like those in the financial services sector.
capacity and adequate data security to resume
activities quickly enough.
Bad actors are more sophisticated, and the
emergence of new technologies gives further Financial Conditions (3)
opportunities for criminals and hostile states to COVID-19 lockdowns created a situation in which
infiltrate our security systems. Conversely, the most many governments decided to financially support their
basic of security procedures are still not being populations by effectively providing them with cash
particularly well followed, as the worry over phishing subsidies while their places of work were closed.
demonstrates. Avoiding phishing and spoofing is For the leading economic power, the U.S., this was
generally more dependent upon individual vigilance feasible but still potentially very damaging to longer-
as it is on enterprise-level defenses. term economic stability. Despite some negative
There are new exposures being created by a rapid indicators, some areas of the economy are still
expansion of working from home and an apparent performing well with high employment levels, a tight
welcoming of new remote/hybrid models of work. labor market, and reasonably high levels of household
Organizations have spent many years and millions of spending. Conditions are more difficult in mid-size
dollars creating very secure networks for all business economies, particularly in Europe. Lockdown was a
processes. With hybrid working, home workers will challenge that all countries are still trying to resolve.
often be using public networks or, at best, much However, the war in Ukraine has added further damage
less secure private networks than their office-based to the European economy, particularly in Germany,
counterparts. The surface area of the cyber threat which is very dependent upon Russian oil and gas.

22
 Tr e n d s R e p o r t : G l o b a l R i s k a n d R e s i l i e n c e

Food and many commodities are also impacted by The employer-employee relationship is being
the conflict. Twenty-five countries in Africa and the redefined, as much more flexible working patterns
Middle East imported wheat from Ukraine with some are being demanded by those whose do not need
of them entirely dependent on it. Ukraine was a a permanent physical working location. Some labor
major source of fats, oils, and animal feedstocks, markets are excessively tight with professional
as well as a leading exporter of iron, steel, ores, recruiters prioritizing candidate demands over precise
and ash – materials already in global short supply. job specification. This candidate-led market and
The excessive money supply during a period of inflationary pressures are pushing many employees
exceptionally low productivity, the release of pent- to demand inflation-matching wages, particularly in
up demand, and global material shortages have unionized workforces. New approaches to retaining
combined to produce a 40-year inflation high among and attracting talent have become a key corporate
virtually all leading economies and increasing fear in objective, with flexibility of working arrangements a
the developing world. Financial conditions was the central component of their recruitment offer.
top resilience concern in Africa. It will be interesting to observe how much of the new
Most economists expect that a recession is almost dynamic will continue, should severe recession occur
inevitable in Europe and probable in the U.S. In and forced unemployment rise significantly.
many markets, consumers are already engaging
in recessionary behavior by delaying big ticket
purchases and spending less on discretionary items.
The Federal Reserve has led the way in increasing Infectious Diseases (6)
interest rates rapidly, but other central banks are
As expected, there is reduced concern about
following if not quite as sharply. Inflationary pressures
infectious diseases, with worries about COVID-19 as a
will inevitably focus consumers’ minds on essential
public health risk subsiding. There seems to be better
spending such as food, fuel, and energy.
awareness of the potential for different infectious
diseases to break out, but there is also acceptance
that predicting what, when and how is impractical. It is
doubtful that the shift in importance is based on any
Human Resources Issues (4) calculated probabilities of another infectious disease
There is clearly shortage of labor in most low paid outbreak. It is more likely to be an assumption that
sectors following the COVID-19 lockdowns. There also another isn’t likely very soon based on historical
appears to be a skills shortage in many specialist frequency patterns – a view that has no scientific
and professional fields. There are some global trends, justification but is superficially comforting. There also
but domestic circumstances have partially caused may be a view that governments and businesses
these shortages – so the level of labor disconnect now understand how to handle such an outbreak and
varies widely between countries. In the U.S. and UK, would therefore mitigate its impact better in future –
an additional feature has been the Great Resignation here, the evidence is definitely mixed.
phenomenon first experienced during lockdowns and Many other factors are likely to affect the frequency and
as companies tried to return to pre-COVID working location of infectious disease outbreaks, one of which
practices. Working from home and hybrid working is climate change. Others include rising population in
became popular models during lockdowns, and many the developing world and increased urbanization in
staff wish to continue with these working methods. both the developed and developing worlds.

23
 Tr e n d s R e p o r t : G l o b a l R i s k a n d R e s i l i e n c e

Natural Disasters (7) Supply Chain Issues (8)

Natural incidents are not going away, although Global supply chains are likely to continue to be
whether the aftermath is called a disaster depends stretched in the medium term, exacerbated by
upon how and where they happen. It also depends geopolitical conflict such as Russia weaponizing
upon how well-prepared organizations, communities, energy and China stockpiling semiconductors and
and governments are to deal with the initial event. rare earth minerals.
For incidents to be treated as disasters, they usually The interconnection of supply chain challenges needs
take place in inhabited areas. This factor, rather than emphasizing. As well as the material shortages,
the severity of the event, has dominated response several other factors will affect supply chains. Labor
strategies in the past. This might be evolving, disputes by key infrastructure workers (particularly
because climate change is now also affecting in transportation), climate change in key supply
locations not previously susceptible to weather- territories like Bangladesh, increased flooding, and
related problems. Even disasters in remote areas acute cyber incidents all can disrupt supply chains.
can affect the way rivers run and how quickly forests Continuity and resilience in the supply chain will be a
and bushlands can regenerate. Therefore, natural key strategic risk in the years ahead.
disasters might progressively be defined by ecological
As trust between nations seems limited, reduced
impact as well as humanitarian concerns.
globalization and cooperation may create a world
There also appear to be different levels of concern with high levels of interdependency but low levels
for disaster events, as it shifts from largely of connectivity. This risk is illustrated by the global
uncontrollable flooding to fires which have a higher shortage of computer chips and the vital rare earth
degree of control, then moves to other events much metals which are used in virtually all hi tech products.
lower in frequency but even more uncontrollable Shortages of these types of material are largely
such as hurricanes and tornadoes. The response to linked to geopolitical rivalry as relationships between
the survey suggests that the level of controllability China and the West become more strained.
influences their ratings and in turn preparation,
with more controllable events having more feasible
operational resilience/contingency countermeasures.
In the southern hemisphere, natural disasters are Climate Change – Business Impacts (11)
generally seen as a bigger threat than elsewhere.
This category scored a little higher in the Resilience
Recently, equatorial tropical patterns have moved
Index rating than in previous years, but this might
further south and have not been countered to the
be due to more clarity in the definition. The survey
traditional degree by acute bursts of severe weather
covered issues such as increased flood risk in
stemming from the Antarctic. The third consecutive
coastal areas and drought in hot areas, the possible
La Nina weather event is unfolding, predicted to reach
need for relocation or increased expenditure on
its peak in November, rather than in February.
facility protection, the limitations on future expansion,
and the need for new construction methods and
building protocols.

24
 Tr e n d s R e p o r t : G l o b a l R i s k a n d R e s i l i e n c e

Climate change cannot, of course, be seen in Increased regulation was of particular concern only
isolation from many of the other issues identified. in the financial and manufacturing sectors – where it
It will impact the frequency and location of potential was number six for both.
future infectious diseases. It will impact the location Major incidents to facilities and social media were
and severity of many natural disasters making certain mid-ranking concerns across all sectors and regions.
production locations no longer viable. It might also
create adverse financial impacts by reducing the Embedding a Resilience Culture
viability of some global supply chain routes and There is a need for resilience professionals to
restricting long-distance freight opportunities. develop a strategy that helps them build a resilience
The energy crisis in Europe has increased public culture while responding effectively to short-term
resistance to zero carbon targets that have little events. As long as the term “resilience culture”
chance of being achieved without unacceptable is perceived as a stand-alone objective with little
damage to individuals’ lifestyles and finances. meaning to other parts of the organization, it will
We can expect to see much greater investment in inevitably make little or no progress.
making renewables viable at scale and identification Making resilience relevant to everyone is the key
of alternative raw materials (or different sources of to embedding it, but any cultural change without
current materials) to make countries energy self- meaningful metrics is difficult to accomplish. In
sufficient. From a security-of-supply point of view, particular, resilience needs to get the attention and
North America and Australia provide territories commitment from directors and senior leadership
with extensive resources and stable democratic teams. Because culture can be difficult to measure,
governments. We can expect considerable investment finding metrics that make business sense might be
in these territories as well as wider government challenging, but it is the only viable way forward.
financial support to achieve meaningful, significant
Such an approach would eventually elevate business
innovations in future energy provision.
continuity to a strategic function, whereby everyone
understands the importance of protecting the
organization’s ability to carry on through adversity
and that a professional resilience management
Other Resilience Index Issues approach is vital. This will not happen very quickly,
The following items showed no significant change in and progress seems to have stalled.
their prioritization from previous surveys:
Performing resilience assessments that measure
• Increased regulation (9) and quantify the degree of resilience that is currently
• Major incidents to facilities (10) in place against that which is required will give the
• Social media issues (12) topic an operational dimension. This should help
• Civil unrest (13) encourage further debate and action.

• Terrorism (14)
• Labor – industrial actions (15)
The final three items generally came at or near the
bottom in all regional and sector analysis figures. The
only real exception was in Africa where terrorism was
number two and civil unrest was number six.

25
 Tr e n d s R e p o r t : G l o b a l R i s k a n d R e s i l i e n c e

It is important to change the corporate mindset

about resilience. Assessment is not about audit or
A Final Thought
compliance. It is not about what has always been French President Emmanuel Macron has described
important and how processes have always been run. the world situation as “the end of the era of
Resilience must concentrate on the future needs abundance.” He concluded that “we are currently
of the organization, with the flexibility to address living through a major tipping point or a great
immediate and changing business demands. With upheaval – we are seeing the end of the abundance
the rapidly growing pace of computing power and of products of technologies that seemed always
accumulation of data, resilience practitioners need available, the end of the abundance of land
a keen eye on future challenges and how they could and materials including water and the end of
progress from theoretical threats to current day endless cash availability. We must now face the
problems. The importance that has already been consequences in terms of state finances.”
attached to a future risk, such as that posed by
Food for thought, indeed, for all resilience
quantum computing, is encouraging and demonstrates
professionals.
the value of involving the resilience community in
corporate horizon scanning. This involvement helps
an organization build a resilience component into all
future business and technology decisions.
Practitioner credibility and resilience culture would
be enhanced with wider participation in ongoing
sustainability corporate initiatives. Identifying and
providing important metrics for environmental, social,
and governance (ESG) programs is likely to get
considerable top-level attention.

26
 Tr e n d s R e p o r t : G l o b a l R i s k a n d R e s i l i e n c e

The DRI Future

Vision Committee
Bringing together a global community of subject matter experts, DRI International has convened
the Future Vision Committee, the leading global think tank on matters of operational resilience,
discipline integration, and the future role of resilience professionals. This interdisciplinary group
seeks to unite the profession by establishing meaningful and productive links among other
professional bodies, higher education, and membership organizations.

Lyndon Bird is chair of the DRI Future Vision Patrick Alcantara has more than 10 years of
Committee. He has worked exclusively in business experience in research, insight, and strategy. He
continuity since 1986 as a consultant, presenter, currently leads future consumer trends work at
educator, author, and business manager. He has Telefonica UK (O2), which feeds into innovation and
spoken at and chaired conferences throughout the proposition development. He is also former head
world and has contributed features, articles and of research and insight at the Business Continuity
interviews to most leading business and specialist Institute (BCI) where he considerably extended the
publications. He has been interviewed by a wide resilience industry’s evidence base. He has also
range of broadcasters, including the BBC, Sky managed research studies on behalf of organizations
News, Bloomberg TV and CNBC on continuity and such as the former UK Department for Business,
resilience topics. Bird helped found the Business Innovation & Skills, PwC, BSI, SAP, and the World
Continuity Institute in 1994 to promote and develop Health Organization. He is also a subject matter
the emerging BC discipline as a professional expert in resilience with 40+ publications and
field of activity and was a member of the original Editorial Board membership of 2 international peer-
BS25999 Technical Committee. He was voted BCM reviewed journals. He has also presented in various
Consultant of the Year in 2002 and given the BCM conferences including The European Information
Lifetime Award in 2004 by Continuity, Insurance & Security Summit (TEISS), International Disaster and
Risk Magazine. He is currently Editor of the Journal Risk Conference (IRDC), ASIS Germany Conference,
of Business Continuity and Emergency Planning European Logistics & Supply Chain Conference, and
published in the UK and the US, an advisory board the BCI World Conference & Exhibition.
member for the US publication Disaster Resource Alcantara is from the Philippines and is currently
Guide, and his book “Operational Resilience in based in the United Kingdom. He has a Diploma in
Financial Institutions” has been published Business Continuity Management, and a Bachelor’s
by Incisive Media. degree in Psychology. He also attained a Master’s
with Distinction from the Institute of Education
(University College London) and Deusto University.
He holds the Business Continuity Institute academic
credential (DBCI) and is a member of the Market
Research Society (MMRS), and the Future City and
Community Resilience Network.

27
 Tr e n d s R e p o r t : G l o b a l R i s k a n d R e s i l i e n c e

Al Berman is an MBCP, CBCLA, CCRP, Chairman analytics of the cyber supply chain risk portal, which
of DRI International, and the President of the DRI received the 2017 Cybersecurity Award for Practice
Foundation. During his career, Berman has been from Institute of Electrical and Electronics Engineers.
President of a major US bank subsidiary, CIO for a Conrad served as interim chief executive officer of
major trust company, National Practice Leader for Climassure, where she led a team which pioneers
Operational Resiliency (PricewaterhouseCoopers), innovative financial and technology products, data
Global Business Continuity Management Practice modeling, and advisory solutions to help mitigate the
Leader (Marsh), and Program Director for BCM for a economic impacts of extreme weather and flooding.
major healthcare organization. For 15 years prior, Conrad managed a global team
Berman has served on the Homeland Security responsible for delivering tactical solutions to Zurich
Standards Panel, US congressional committee Project Insurance and customers on strategic issues such
on National Security Reform, ANSI-ANAB Council of as business resilience, cyber and supply chain risk,
Experts, NYC Partnership for Risk Management and enterprise risk management, and total risk profiling.
Security, and Chair for the Alfred P. Sloan Foundation Andrea Bonime-Blanc, JD/PhD, is CEO and Founder
committee to create the new standard for the US of GEC Risk Advisory and a global governance, risk,
Private Sector Preparedness Act (PS-Prep). He has ESG, ethics, cyber and crisis strategist, serving
worked with governments in the US, Middle East, Latin business, nonprofits, and government. Since 2017,
America, and Asia to create standards and regulations. she has served as the Independent Ethics Advisor
His career in cyber security spans 4 decades, from to the Financial Oversight and Management Board
being part of a US government tiger team vested with for Puerto Rico. She serves on several boards and
the responsibility of finding flaws in networks and advisory boards including Greenward Partners (a
systems, to creating security systems used by IBM Spanish green energy firm), Ethical Intelligence (an
and other major system developers, to serving on EU-based AI ethics firm), ProtectedBy.AI (a US based
government committees. Berman serves as an adviser AI cybersecurity firm), Epic Theatre Ensemble (a
to companies and governments worldwide on issues NYC nonprofit), the NACD New Jersey Chapter and
including resilience, business continuity, disaster NYU Stern-based think tank, Ethical Systems. She
recovery, geopolitical risk, and cyber security. Berman’s serves as a Governance Mentor at Plug & Play Tech
articles and interviews have been on TV, radio, printed Centre, a global start-up eco-system, is a NACD Board
media, and online publications around the world. Leadership Fellow and Governance faculty and holds
the Carnegie Mellon CERT Certification in Cyber-Risk
Linda Conrad is the principal of corporate and
Oversight. She is a life member of the Council on
information security risk management at Exelon
Foreign Relations.
Corporation, a Fortune 100 Energy company. She
is responsible for driving strategic risk activities Andrea spent two decades as a c-suite global
and engagement with Enterprise Risk Management, corporate executive at Bertelsmann, Verint, and
Informational Technology, and the Chief Information PSEG overseeing legal, governance, risk, ethics, CSR,
Security Officer team. Conrad oversees cyber and compliance, audit, InfoSec and environmental health
physical security Key Risk Indicators and mitigation. and safety. She began her career as an international
Conrad is partnering with the National Institute of corporate lawyer at Cleary Gottlieb.
Standards and Technology (NIST) and Robert H. Smith
School of Business on development and predictive

28
 Tr e n d s R e p o r t : G l o b a l R i s k a n d R e s i l i e n c e

Andrea is a global keynote speaker and graduate Richard Knowlton is chairman of Knowlton
faculty at NYU teaching “Cyber-Leadership, Risk & Associates and is a member of the Cyber Resilience
Resilience”. She is an extensively published author Advisory Board of the Digital Leaders’ Forum, an
of many articles and several books including The Associate Director of Strategia-Worldwide and an
Reputation Risk Handbook, Emerging Practices in honorary Life Member of the International Security
Cyber-Risk Governance and The Artificial Intelligence Management Association (ISMA). Knowlton was
Imperative. Her latest book, Gloom to Boom: How Group Corporate Security Director of Vodafone
Leaders Transform Risk into Resilience and Value (2009-2015), after previously working in Milan as
(Routledge 2020) debuted as an Amazon #1 Hot Head of Security (Global Operations) for the Italian
Release in Business Ethics and Game Theory. She was UniCredit Group, the largest bank in Central and
born and raised in Europe, is multi-lingual and received Eastern Europe. Between 2014-2017, Knowlton
her joint Juris Doctor and PhD in Political Science from was Executive Director (Europe) of the non-profit
Columbia University. She lives in New York City with her Internet Security Alliance (ISA), a multi-sector trade
family and is an avid photographer and artist. association based in Washington DC. He was also
Boris Issavi is the director of business continuity previously a board member of the Commonwealth
management at Global Payments Inc., where he Cyber Crime Consortium and of the UK government’s
oversees the enterprise-wide BC and DR operations Overseas Security Information for Business (OSIB).
across the organization’s global footprint. He has Knowlton has spoken extensively on digital security
systematically built his expertise in operational risk management on the BBC and regularly presents
risk over the past 20 years. For almost 10 of those at major international events, such as the Mobile
years, he has been dedicated to business continuity World Congress in Barcelona (2017-2018). He is
and disaster recovery with global companies in the the three-times chairman of the Security of Things
financial industry. In his current role, Issavi manages World Conferences in Berlin (2016-2018). Richard
all phases of planning, analysis and implementation worked in the UK Foreign Service before entering the
of technical solutions in direct support of resiliency corporate sector. He is based in Italy.
and information security objectives from the David Porter has been the director of business
conceptual stage to the final execution. As a leader, continuity management at the Australian Taxation
he works to create an environment where ideas can Office (ATO) since 2010. He has also chaired a
flourish and effective solutions materialize. whole-of-government BCM Community of Practice,
with members from over 35 Commonwealth and state
based agencies. Porter and his team provide regular
mentoring support for other organizations and have
contributed towards readiness activities across the
public sector and wider finance industries. Porter is a
regular presenter at industry events and contributor
to the Oceania 2020 think-tank. The ATO BCM
team has won the Australasian Business Continuity
Institute Team of the Year award three times and the
team’s integrated BCM Framework and approach to
organizational resilience have also been recognized
in two peak Australian Government insurer awards for
excellence in risk management.

29
 Tr e n d s R e p o r t : G l o b a l R i s k a n d R e s i l i e n c e

Wolfgang Mahr has over 20 years of experience McNulty is the co-author, along with Dr. Leonard
in consulting and project management in the Marcus and Dr. Barry Dorn, of the second edition
ICT environment and over the last 15 years has of Renegotiating Health Care: Resolving Conflict
specialized in the field of business continuity to Build Collaboration (Jossey-Bass, 2011). He is
management. He is experienced in IT governance, the principal author of case studies on leadership
information security, business management, decision making in the Boston Marathon bombing
marketing, account and product management, in response, innovation in the response Hurricane
professional education as an author of educational Sandy and the professional/political interface in
content and international speaker. He holds a PhD the Deepwater Horizon response drawing upon his
from the Swiss Federal Institute of Technology in first-hand research as well as extensive interviews
Lausanne (EPFL), has earned a Bachelor of Business with leaders involved in the responses. McNulty
Administration degree from GSBA Zurich, is a has written more than 200 by-lined articles for the
Certified Information Systems Auditor (CISA) and Harvard Business Review (HBR), Sloan Management
is a long-time member of the Business Continuity Review, Strategy+Business, and other publications
Institute (MBCI). His professional publications, blogs, as well as several for peer-reviewed journals. His
and lectures at international conferences support the HBR cases have been anthologized through the HBR
exchange of ideas and further development of current paperback series and have been used in business
BCM issues. He participates in global standards education curricula in the United States and as far
bodies (ISO TC 292, CEN TC 391) and is a past away as France and the Philippines.
President of BCMnet.CH. He is fluent in German, Kenji Watanabe is a professor at the graduate
English, and French. school of engineering, and also the head of disaster
Eric J. McNulty holds an appointment as Associate and safety management of the Nagoya Institute
Director for the Program for Health Care Negotiation of Technology, with major research areas in risk
and Conflict Resolution and at the National management, business continuity management, and
Preparedness Leadership Initiative, a joint program critical infrastructure protection. He has almost 20
of the Harvard Chan School and the Harvard Kennedy years of business experience at the Mizuho Bank and
School of Government. He is an Instructor at the PricewaterhouseCoopers in financial business and
Harvard T.H. Chan School of Public Health. His risk management fields.
work centers on leadership in high-stakes, high-
stress situations. McNulty’s most recent book,
You’re It: Crisis, Change, and How to Lead When
it Matters Most (Public Affairs, 2019) is based on
meta-leadership, the core leadership framework
of the group’s curriculum. He teaches in graduate-
level courses on public health leadership, conflict
resolution, and negotiation as well as serving
as Program Co-director for the Leading in Health
Systems executive education program at the Chan
School. He also teaches in executive education
programs at Harvard Medical School, MIT, and UC
San Diego Health.

30
About DRI International
Disaster Recovery Institute International (DRI) is the the resilience profession. DRI is a Standards
oldest and largest nonprofit that helps organizations Development Organization accredited by the
around the world prepare for and recover from American National Standards Institute (ANSI), an
disasters by providing education, accreditation, and International Organization Liaison Observer to the
thought leadership in business continuity, disaster International Organization for Standardization (ISO)
recovery, cyber resilience and related fields. Founded Technical Committee 292 that manages ISO 22301,
in 1988, DRI has certified 20,000+ resilience a National Initiative for Cybersecurity Careers and
professionals in 100+ countries and at 95 percent Studies (NICCS) Training Provider, and a United
of Fortune 100 companies. DRI offers 15 individual Nations Office for Disaster Risk Reduction ARISE
certifications, including the globally-recognized CBCP Initiative Partner. Our certification programs are
certification, and certifies organizations as resilient recognized by various government agencies including
enterprises. DRI offers training programs ranging the U.S. Federal Government via the Montgomery
from introductory to masters level across a variety GI Bill and the GSA Schedule.
of specialties in multiple languages; online and From our inception, we have and continue to advocate
in-person continuing education opportunities; and an inclusive environment that enables everyone to
an annual conference dedicated to the resilience develop their skills and make a difference through
profession. DRI supports charitable activities through education and accreditation. Diversity, inclusiveness,
the DRI Foundation. and the promotion of mutual respect is exemplified
DRI provides independent analysis and standard- in all facets of our goals and mission, including
neutral, technical advice for governments and the Board of Directors’ membership, staff, thought
international organizations as the voice of leadership and charitable activities worldwide.

For more information, visit our website or contact a representative today.

drii.org | (866) 542-3744 | [email protected]

©2022 DRI International, Inc. All Rights Reserved.