KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Thank you very much, indeed. And let me just see how I can get this one done.
I think, yes, right now, what are in a nutshell, the key learnings that we have taken, or we have seen from the Corona or COVID pandemic or 2020, what is different and how have we changed vis Avi earlier pandemics or earlier crisis in the healthcare sector? What I'd like to do is present to you just five key learnings that we can take away, and there will be a workshop available after the lunch break that if you wish to attend will outline a little more how business continuity must react to that as a discipline, both in the resilience sense and in the cyber sense.
But let's start with these short remarks on what we have learned and what we've seen during the pandemic up to this point in time. Now there are several things that really sort of spring to mind and are apparent when we stand here in November and we look back to say the end of last year or the beginning of this year, first of all, we have seen resilience deficits we've then experienced something that was fairly new. What I call the health dilemma saying, is it business and health?
No, nowadays it is often seen and interpreted as business versus or against health. We have seen quite a number of failures in business continuity management and in the plans themselves. We'll get to the details of that. We've also seen that the crisis has been a game changer for crisis managers, crisis communicators, and other people having to deal with unforeseen or, you know, critical situations. And finally digital transformation and cyber transformation has become a very important game changer.
And it has shown during this pandemic that it is the make or break point for organizational survival and success. Now let's take one by one. My first sort of learning that I took away even after all these years was, well, we are not as resilient as we thought, we've realized how vulnerable we are individually and within our organizations. And that has brought a lot of uncertainty and fear in most of us, whether that is the fear of becoming ill or it's the fear and uncertainty about keeping our jobs.
Most everybody amongst us in societies as human beings is affected in some way, the lockdown tragically has confirmed several facts that we've always suspected, but we've never quite touched and been able to, to prove beforehand. One was that during a true lockdown when societies and economies aren't functioning, traditional supply chains will come under men's strain that we saw in the first quarter of 2020, when step by step successively industries, deliveries, logistics, and other things were partially or fully shut down.
So critical dependencies that organizations have in their supply chains turned out to be an element of risk that had not been there in earlier epidemics and pandemics, for instance, two, three in Canada and Europe, and in China and 14 on the Arab peninsula, as a result, we've seen a lot more CADing effects since March, 2020. What started perhaps in one industry or in one sector would quickly ripple through the whole system and with a certain time lag between cause and effect. We could see how like one dominant piece after the other would flip and suffer from the impacts.
And the consequences is at this point in time, we also observe that resilience greatly varies across the sectors of industries and countries. So people-centric business models, service oriented models are under severe pressure, particularly when they're combined with frequent physical contact, other sectors have successfully virtualized to the extent possible, but when it comes to industry hardware, big things in the physical world, you can't just virtualize them and therefore other precautions had to be taken.
Now, the good thing in this highly sort of automated world of manufacturing and industry proper, it is much easier to implement a hygiene concept and therefore continue business as usual because 80 to 90% of what is being done there, the factory floor is robotics and automation. Anyway. So machines do not catch viruses, at least not the Corona ones.
So shifting to the left is what I call a phenomenon that we see in continental Europe in particular, but we're also seeing it in other sort of Southern or more sort of peripheral European countries, intrinsic resilience that business are expected to have, or are considered to have, have been gradually replaced by institutional and state support or guarantees. And this has led to an economic model that was last seen during the 1930s, then known as the new deal introduced in the United States as a response to the global financial crisis of the day.
So principle number one, we are not as resilient as we thought. And our key learning, number two, we did not anticipate the trade off between health and economy. It is indeed a poison choice and it was declared a choice fairly early in the game. It's not for me to say whether that is good or bad. I'm just stating the facts as they emerged over the months after March. So early experience with what we probably saw as an upcoming academic or pandemic assume that things would run just like they had in previous pandemics.
In other words, there would be a comparatively mild to moderate institutional response to the emergence of new virus, governments and health authorities, and the w H O would tell people to be careful. And, you know, I do remember one of our foremost pandemic experts, Regina Phelps from the United States recently had a discussion with her and said, look, back then you were speaking as a keynote speaker. I was in the audience and what were we saying?
Well, keep your distance, wash your hands if you have to wear a mask. So it wasn't unlike today, in fact, and in measures and in recommendations.
However, the response that we've seen to this one has not been like the ones before, because back in the day, we were assuming that there would be cooperation between state governmental institutions and the private economy. Now that to an extent has been broken as firms have been told to just stay put, and then if they feel they can't survive, if they should go for loans or grants. The other thing that led to the somewhat harsh or toxic trade off was perhaps the emergence of a moral imperative that led to deep systemic resonance across all these various countries.
The moral imperative in this was that under media scrutiny and increasing pressure governments turned from flattening the curve and implicitly accepting that yes, there would be severe cases and deaths to a more cautious prevent any new cases, because we've seen that this is so drastic. So there was a paradigm shift. And under the impression of these severe cases, there was a self reinforcing cycle of political pressure, more restrictive measures, more demands by the media and the public.
And then eventually that the culmination in a global lockdown of an unprecedented scale, massive economic impacts were tolerated as a result. And if you look at the numbers today, regardless of how you treat the moral aspects of the situation, you will see that the numbers of money that's been lost through the first lockdown. And now through the second is reaching an astronomical level. Some countries have easily doubled their national debt and they have tripled or quadrupled their percentage rate of national debt versus gross domestic product every year.
So key learning number two, no one had expected this type of trade off to lead to the situation that we're in now, because nothing of the sort had happened in earlier, pandemics, not surprisingly key learning number three, business continuity plans and pandemic plans have failed. First of all, we did have the wrong assumptions and we have to just admit it. We were assuming the wrong things and intrinsic deficiencies in all our plans came to light fairly quickly, where they were tested against reality existing BCPS then failed on several accounts.
Staff losses were obviously anticipated every good business, continue to plan does that, but they would only anticipate a loss of about 30% of the workforce through illness, sometimes even 50%, but never a hundred percent and never including any family problems as such. It was almost a dejavu. When I looked at some old pandemic plans from my, my clients back in 2009 and 2005 and how they would make assumptions about how many people would be sick with a winter winter influenza, which is not unlike Corona now. And then on reading these old plans and on seeing what the assumptions were.
We could clearly see that if we had used any of these old plans in March this year, they would've failed after about a month or two months flawed assumptions in plans. Number two, just like I told people back in the two thousands, well, you call it a pandemic plan, but you're only thinking about influenza. There are other things out there that are much, much worse and restrictions may apply. Government restrictions may apply no one listened because everyone was under the impression and everyone was under the spell almost of influenza being the thing of the day.
However, as we did see in 2012 to 2014 with, and some African countries, there are other things out there that will require much, much more drastic action. So incorrect time horizons plans just didn't look into the future. They were just too restricted to about 30 to 90 days. Cost considerations quickly turned out that pandemic plans had been written with cost minimization in mind and important factors such as the backlog arising from the lockdown or employee care were overlooked. Scenario error.
As I just mentioned, many, many plans addressed precisely the wrong pandemic scenario, and that made them rigid and more or less useless for, for flexible response strategy. For instance, if you take an influenza plan, it would usually assume that after about 90 to 120 days, a vaccine is available and hence you double cross and double line your plan and you finish and stand it down, back to normal. Now we haven't seen a vaccine as we all know, since the early days of Corona in December, 2019, and we are still working on that.
So this is what I mean by scenario error, we are addressing a pandemic, but we're not addressing the right pandemic. So plans, I have to say, as well as government measures were often based on group dynamic decisions rather than data and rational behavior.
Again, most continuity planners, excuse me, are still quite rational animals. Aren't we? So as a community, you will expect that things would be done in a rational manner to make sure that you get the maximum of efficiency and the minimum impact outta the situation.
However, what we've seen here is that in order to get a minimization of risk, even if it's uncertain, you will tolerate a maximum of impact. Again, that was a strategy that was unforeseen and unforeseeable for the BC community. Let's move on to number four for crisis management. This is quite a game changer because what we are seeing here is that traditional crisis management no longer works.
It has been superseded by a new dynamic that manifests itself in the public noise, as well as the multiplication of stakeholders, people who are having a say in it who want to have a say in it and who want to be heard in public making their statements. So crisis managers were taken by surprise when events went irrational, what do I mean by irrational?
Well, in the initial phase, there was limited preparation and business. As usual, we were all expecting this to be a normal pandemic that would run like H one N one swine flu and other things in the past, in the progression phase plans were invoked and people were dealing with unforeseen problems. One unforeseen problem obviously was the total lockdown and the closing of borders. Another unforeseen element may have been that whole society and countries would fall into two factions.
The ones who were four stricter measures and restrictions and lockdowns and the others, the skeptics were for letting the thing run its course. So there was a rift in terms of opinions, politically in societal sense. And it's difficult for organizations to position yourselves with your business when you don't know where exactly the dividing line is.
All right, across your employees and, and your leadership. At the end of the first wave, there was a deescalation phase and there was some going concern or major impact problems companies needing help. So that was all part of down managing the crisis after the seemingly sort of the seeming relief of it being over, which it wasn't as we now know now for the second progression phase, people were just at their wits end. They did not have any further crisis plans to go through it again and again.
So as a result, what you're now hearing from many, many corners and industry sectors is, well, if you lock us down again, we might as well stay closed for good, because there's no point in carrying on with our business. We are dead. Now the effects and the long term developments are still to be followed and seen. But crisis management pretty soon in this pandemic was caught between a rational decision making saying great is good for the greatest number and risk as feeling. So there was a growing divergence of the objective risk assessment and the risk as presented by the media.
For instance, there are certain facts, and I may address that in the workshop later that you can present one way or another, but the way it was done, it clearly sort of led to a self reinforcing process of media reporting, shifting to absolutes ever higher numbers, and trying to sort of make bigger headlines every day. We can still observe that if you read papers in any language, that there are these things that are maybe not conducive to keeping things calm. So crisis management effectively has had to relinquish control as external forces have become overwhelming.
So there are things that we thought we wouldn't see again after, you know, the world wars and other sort of situations like that. Looking down whole industries by government orders, taking military control of key enterprises as they did in Hungary, partial nationalization, the state steps in as owner or part owner of key firms and industries. So we are then effectively from a crisis management point of view in an ongoing state of emergency in a state of fear and a state of self retention. That's aggravating the crisis without any prejudice to why this is happening, how it is happening.
I'm just saying crisis managers need to look at this situation and acknowledge that it is much different from anything we've seen in the past. And key learning. Number five, finally, digital transformation was, and is key to mastering this crisis induced by the pandemic. So it is now evident. And we saw that traditional organizations with a low degree of digitization were hit much harder. Infrastructure weaknesses came to life very quickly, and we could see that it just was not easy to shift from traditional. This is our castle, our it's in-house. We work on premises.
We don't like the clouds to a nimble strategy that says, well, it's eat as you go and pay. As you eat, we will just use individual services, common platforms, and we will just go totally infrastructure agnostic. And there was a security risk that came to light that had perhaps been half the result of not being familiar with new ways of doing things.
And half by not having invested enough in security beforehand, work practices often turned out to be unsuitable for decentralized and remote work time accounting clocking in clocking, out working hours and existing policies emerged as major obstacles, particularly in large firms in highly regulated countries like Germany and Austria and the laws of work practices to make a point often date back to the 1970s or even earlier.
And it truly showed in this crisis because, you know, if the debate is how you make sure that no one works more than 10 hours a day, because it's a law, then that may be fine. But sometimes you have a mind to politely tell these people look, did you notice that there's a crisis going on out there? So maybe we should think about it. The tool chain was broken in quite a number of places.
So we saw that very often and remote operations were disrupted because we didn't have the missing key elements like qualified electronic signatures or other basic day to day stuff that you need to work from home decentralized. And without going physical on things, there were missing tools or broken tools for collaborative work. Sorry about that. And there were security risks.
I mean, imagine the example of zoom was one in point is to improve. But we saw that in the early days, we were looking at experimental tools and things that hadn't been tried and tested properly facing organizations, which were still fraught with bureaucratic approvals tests and security concerns around it. And then finally, and most importantly, people just didn't know how to get it done. So there was a lack of experience with remote work and some age cohorts.
It was such an alien thing because they had hardly got to grips with their smartphones and now they were expected to leave their offices behind, do something totally different, do it from home all by themselves. And how do you support this sort of workload? So often there was basic problem in that people were unable to communicate through video and voice, and they would just use the phone and do the phone conferencing. And there was confusion about protocols, for instance, where people said, well, you know what I do not like teams, slack, zoom, WebEx, go to meeting whatever the names is.
I'll just do the WhatsApp with my friends because that's the way I always do it. Now, WhatsApp may be a good thing for several purposes, but it's certainly not for business communications. And as a result, you sold media breaks and tool chain breaks. That then turned out to be cyber risks and led to a lot of cyber crime and, and impacts. Now these are the five key learnings I just wanted to briefly present in this keynote saying, well, what is it that was so different about the pandemic to date?
And then I will be after the lunch break in the coffee and inspiration lounge, conducting a slightly longer workshop where we'll in group and hopefully in an open debate discuss what needs to be done. So what do we do with these key learnings? How do we change BCM it, service continuity, cyber and risk management.
Now, with these words, I do hope that there are three or four minutes for some questions left and I will be happy to hand it back to you, Berto to moderate any questions that there may be.
