Organizational resilience is the ability of an organization to provide and maintain an acceptable level of operation, service, and performance in the face of challenging conditions, disruptions, risks, and crises and to bounce back and recover quickly from them with minimal impact to the organization including to its reputation. In contrast, brittle organizations view the absence of failure as an indication that hazards are not present or that the countermeasures designed are effective. As a result, they can be overwhelmed by discrete shocks, disruptions, minor interruptions, or deviations from standard operating procedures that resilient organizations are able to absorb and handle.
This entry discusses the mechanisms for resilience in organizations and how organizations can develop resilience. The entry concludes with a discussion of factors that may affect the degree of resilience that organizations need when facing reputation risk and reputation-damaging events.
Mechanisms of Resilience
Three mechanisms have been identified in resilient organizations. They put a focus on (1) situation awareness, (2) the managing of keystone vulnerabilities, and (3) the development of adaptive capacity.
Situation awareness refers to an organization’s awareness and understanding of its entire operating environment, including antecedents and consequences of crises, risks, and opportunities; available resources, both internal and external; and the organization’s minimum operating requirements in relation to the organization’s purpose, obligations, and stakeholders’ expectations and how they all relate to one another.
Management of Keystone Vulnerabilities
The concept of keystone refers to the presence of an integral species that has a disproportionate influence in an ecosystem relative to the size of the species. The loss of this species can cause a significant shift in the ecosystem, sometimes causing its immediate or eventual destruction. These keystone vulnerabilities are components in the organizational system, which, by their loss or impairment, have the potential to cause exceptional effects throughout the field or system, and associated components of the system depend on them for support. The concept can also have an architectural meaning, representing the wedge-shaped piece at the highest point of an arch that locks the other pieces in place or something on which other associated things depend for support. Two aspects of keystone vulnerabilities are (1) the speed at which a component failure has a negative impact on the firm and (2) the number of component failures required to have a significant negative impact on the firm.
Keystone vulnerabilities may be tangible or intangible. Tangible ones include critical supplies, services, computers, or other specialized equipment or people (subject matter experts, decision makers, or people containing large portions of the institutional memory). Intangible ones include relationships, communication structures, or clarity of the organization’s purpose, vision, strategy, or organizational identity. The individual components of these systems must be assessed for their vulnerability together with the vulnerability of the relationships and interactions between these components.
Adaptive capacity is the ability of an enterprise to alter its strategy, operations, governance structure, communication systems, and decision support capabilities to withstand disruptions. Adaptive capacity includes adapting and applying known information to the situation caused by the disruption in a creative manner and the ability of present organizational members to take on the role and responsibility of absent members. Other features include the capacity to know the limits of information at hand, the ability to seek out additional information, respectful interaction, positive adaptive behavior, and tolerance for uncertainty.
For organizations to become more resilient, they must build organizational awareness, select essential organizational components, assess vulnerability and identify and prioritize keystone vulnerabilities, and increase adaptive capacity.
First, an organization must develop a clear understanding and awareness of the issues that contribute to its resilience. This includes a proactive and preemptive analysis of possible vulnerabilities, a current and projected reality of the organizational operating environment, the resources at the organization’s disposal, the expectations and limitations of all stakeholders, and the positive and negative impacts of various types of crises. Awareness is achieved through the use of interviews with key stakeholders, surveys, benchmarking, and discussion reports and by the introduction of consequence and crisis scenario planning to assist in increasing awareness of risks, hazards, and impacts. During this stage, the group involved must question assumptions to create a more complete picture, discuss the human and organizational capabilities that enable safe performance, attempt to collectively learn from past errors, and defer decisions to the people with the greatest expertise on the problem at hand regardless of rank. These behaviors enable frontline care providers and other actors to better detect and correct emerging and manifest errors in a timely manner that minimizes adverse outcomes.
Second, the organization’s leadership and top management need to have a keen understanding of the critical organizational components, which require deep and broad insight into the organization and its intrinsic interdependencies. Internal components are those that the organization has the direct ability to manage in terms of resilience, such as all the various functional, operational, and business or mission-specific elements of the larger organization—such as contract management, marketing, business development, and strategy. External components, on the other hand, are those that, while potentially having some influence over component management, an organization has little or no direct ability to change. For example, Internet access or phone service would be an external component, because even though the organization may be able to manage its response to a phone or Internet outage, it cannot control the cause of that outage.
Third, the organization must conduct regular self-assessments of its keystone vulnerabilities. All organizations need to have some form of enterprise risk management, including conducting periodic self-assessments (whether conducted by internal and/or external experts). This is important because it contributes to increased situation awareness, promotes the development of adaptive capacity, and gives the organization something tangible to work toward. The assessments must be done by the organization because it increases the likelihood that the organization will take ownership, gain the necessary buy-in, and accept accountability for addressing its risks and reducing its vulnerabilities. An important tool in this process is the vulnerability matrix. A vulnerability matrix is similar to a traditional risk matrix. The x axis is criticality. The y axis is preparedness. Different zones are created representing vulnerability (high, medium, and low). Each component is plotted onto the matrix with a circle based on its score for the two axes. For an “all-hazards” matrix, each hole is of equal size, and it is its position in the matrix that determines its keystone vulnerability status. However, for susceptibility, the size of the circle should reflect the size of the component’s susceptibility. The larger the circle, the larger the susceptibility. The vulnerability matrix needs to be updated on a regular basis and checked against new strategies, structures, knowledge bases, and new components when any of them occur.
Fourth, the organization can increase its adaptive capacity by engaging in readiness exercises and disaster simulations, using various scenarios. The scenarios should be based on the known and expected risks the organization should be prepared for but should also, from time to time, include unexpected risks and vulnerabilities. These scenario-planning exercises should also lead to a consideration and discussion of the major issues facing the organization at the time of the crisis, the immediate and lesser priorities for the organization, the time frames when these will become critical, and what the organization could do prior to a crisis to be better prepared. A major pillar of resilience is having a well-developed, adaptable, and frequently changing set of scenario-based challenges and risk exercises.
Reputation and Resilience
Reputation-damaging events can cause disruption to an organization. Reputation-damaging events may lead to a rapidly falling stock price, the termination of a long-standing CEO, the departure of one or more of a company’s largest or most important clients, impacts and further effects on sales and revenue, and stress for employees throughout the organization, as well as possible talent drain and loss of competitive advantage. There are a number of factors presumed to influence the degree to which organizations can recover from such reputation-damaging events, some of which are positive and some negative. Positive factors that support the organization’s resilience include a higher-weighted proportion of positive to negative reputation topics, attributes, or dimensions and third-party endorsers’ persistent support of a firm after a reputation-damaging event. These factors should increase stakeholders’ perceptions of an organization’s capability to repair its reputation. Negative factors that may increase the visibility of the reputation-damaging event are as follows: greater relevance of the damaging event to the firm’s positive reputation attributes, the firm is older, more severe reactions by watchdog agencies (e.g., scrutiny and punishment), and the prestige of the media reporting on the event. Each of these factors increases the visibility of the event to stakeholders making it more difficult for the organization to engage in reputation repair.
When an organization has built organizational resilience over time by building the internal components necessary to withstand the vicissitudes of the marketplace—that is, the impacts on reputation, such as strong enterprise risk management, crisis management, business continuity, disaster recovery, and other components—it can be said that such an organization has built reputation resilience. The contrary can be said of organizations that are not prepared to meet their known and unknown risks and vulnerabilities—when the crisis hits, their lack of organizational resilience will lead to potentially greater reputation damage.
Bonime-Blanc, A. (2014). The reputation risk handbook: Surviving and thriving in the age of hyper-transparency. Oxford: Dō Sustainability.
Bonime-Blanc, A., & Kossovsky, N. (2015). Creating reputational value through organizational resilience. Business Insurance. Retrieved February 1, 2016, from http://www.businessinsurance.com/article/20150513/ISSUE0401/150519940/creating-reputational-value-through-organizational-resilience?tags=|83|302|338
Bonime-Blanc, A., & Kossovsky, N. (2015). Meeting activist wrath with reputation resilience (NYSE Governance Service Hot Topics in Board Governance). Retrieved February 1, 2016, from https://www.nyse.com/corporate-services/nysegs/hot-topics/board-governance/meeting-activist-wrath
Caza, B. B., & Milton, L. P. (2012). Resilience at work: Building capability in the face of adversity. In K. S. Cameron & G. M. Spreitzer (Eds.), The Oxford handbook of positive organizational scholarship (pp. 895–908). Oxford: Oxford University Press.
Chewning, L. V., Lai, C.-H., & Doerfel, M. L. (2013). Organizational resilience and using information and communication technologies to rebuild communication structures. Management Communication Quarterly, 27(2), 237–263.
Coutu, D. L. (2002). How resilience works. Harvard Business Review, 80(5), 46–56.
Gittell, J. H., Cameron, K., Lim, S., & Rivas, V. (2006). Relationships, layoffs, and organizational resilience: Airline industry responses to September 11. Journal of Applied Behavioral Science, 42(3), 300–329.
Houston, J. B., Spialek, M. L., Cox, J., Greenwood, M. M., & First, J. (2015). The centrality of communication and media in fostering community resilience: A framework for assessment and intervention. American Behavioral Scientist, 59(2), 270–283.
Koronis, E., & Ponis, S. T. (2012). Introducing corporate reputation continuity to support organizational resilience against crises. Journal of Applied Business Research, 28(2), 283–290.
McManus, S., Seville, E., Vargo, J., & Brunsdon, D. (2008). Facilitated process for improving organizational resilience. Natural Hazards Review, 9(2), 81–90.
Myburgh, D., Webb, C., & Seville, E. (2012). Enhancing organizations’ adaptive capacity and resilience through effective decision-making in the recovery phase. Business Continuity and Resiliency Journal, 1(4), 3–19.
Oomes, A. (2004, April 18–20). Organization awareness in crisis management. Paper presented at the Proceedings of the International Workshop on Information Systems on Crisis Response and Management, Brussels, Belgium.
Powley, E. H. (2009). Reclaiming resilience and safety: Resilience activation in the critical period of crisis. Human Relations, 62(9), 1289–1326.
Rhee, M., & Valdez, M. E. (2009). Contextual factors surrounding reputation damage with potential implications for reputation repair. Academy of Management Review, 34(1), 146–168.
Seville, E., Brunsdon, D., Dantas, A., Le Masurier, J., Wilkinson, S., & Vargo, J. (2008). Organisational resilience: Researching the reality of New Zealand organisations. Journal of Business Continuity & Emergency Planning, 2(3), 258–266.
Starr, R., Newfrock, J., & Delurey, M. (2004). Enterprise resilience: Managing risk in the networked economy. Strategy+Business, 30, 1–10.
Vogus, T. J., & Sutcliffe, K. M. (2003). Organizing for resilience. In K. S. Cameron, J. E. Dutton, & R. Quinn (Eds.), Positive organizational scholarship: Foundations of a new discipline (pp. 94–110). San Francisco, CA: Berrett-Koehler.
Vogus, T. J., & Sutcliffe, K. M. (2007, October 7–10). Organizational resilience: Towards a theory and research agenda. Paper presented at the IEEE International Conference on Systems, Man and Cybernetics, ISIC, Montreal, Quebec, Canada.
Weick, K., & Sutcliffe, K. M. (2001). Managing the unexpected. San Francisco, CA: Jossey-Bass.
Weick, K. E., Sutcliffe, K. M., & Obstfeld, D. (1999). Organizing for high reliability: Processes of collective mindfulness. In R. I. Sutton & B. M. Staw (Eds.), Research in organizational behavior (Vol. 21, pp. 81–123). New York: Elsevier Science/JAI Press.
Woods, D. D. (2006). Essential characteristics of resilience. In D. D. Woods (Ed.), Resilience engineering: Concepts and precepts (pp. 21–34). Burlington, VT: Ashgate.