Risk Trends 2025 and Beyond: Business Resilience (including third parties and impact of cyber attacks)

Practice makes perfect, so how have your leadership and board practices for a real crisis?

In the face of growing emerging risks, resilience has become an important focus for Canadian businesses.

And it’s top of mind. A recent corporate risk survey from Canadian Underwriter 2024, found that 57 percent of respondents identified business interruption as their top enterprise risk. It was followed by cyber incidents (46 percent) and natural catastrophes (43 percent). And all three of these are interrelated or integrated risks.

Strong strategies can mitigate these risks. By withstanding — and swiftly recovering from — threats and disruptions, organizations stand to gain operational continuity and long-term stability. 

Changes in global and domestic economic conditions can impact businesses, particularly those reliant on international trade and commodity prices. In the case of an oil and gas operation, a sudden drop in oil prices can hurt Canada’s energy sector, lowering the revenue generated by the organization, which in turn lowers investments in the business. Many businesses have resilience plans for times when there is a sharp decline in margins.

Global supply chain disruptions can result in delays, added costs, and operational challenges. During the COVID-19 pandemic, many businesses struggled to get the materials they needed from their suppliers. To mitigate this and build resilience, organizations need to consider developing relationships with multiple suppliers. Local suppliers can also help ensure a steady flow of goods, even when global supply chains are disrupted. 

Since March 2020, global supply chains have become more resilient. However, the size and quality of digital logistics networks will usually dictate how resilient they have become or have the potential to become.

Weathering the storm

Extreme weather events like wildfires, floods, mudslides, and storms can damage infrastructure and disrupt operations — so try not to underestimate the damage potential of climate change and environmental disasters. A thorough and proactive disaster recovery plan and resilient infrastructure can help withstand unexpected environmental impacts.

And to build business resilience, the right talent is imperative. But labour market complexities — like skills shortages, demographic shifts, and changing workplace expectations — can affect recruitment and retention of specialized skill sets. To attract and keep top talent, businesses need to offer competitive salaries, flexible work arrangements, and opportunities for professional development. This is a win for your workforce and a win for your business. 

To prepare, leadership teams can conduct table-top training exercises to practice relevant and probable scenarios, like ransomware attack simulations, to discuss teamwork and sequence steps in an emergency management plan.

Why stop there? Here are other risks to consider:

• Regulatory and non-compliance risks
• Geopolitical instability
• Pandemic and health crises
• Financial market risks
• Cyber security threats
• Technological change and obsolescence
• Climate change and related natural disasters

Questions to consider: 

• What role and associated responsibilities do your outsourced partners have in business resilience (e.g., disaster recovery, business continuity, etc.)?
• Do you include outsourced partners or third parties in the table-top training exercises?
• Are the roles and responsibilities of business resilience built into vendor and key stakeholder contracts and training?