Investing in Your Company’s Physical Risk Resilience

While cyber incidents are already a top concern for most business leaders, organizations are simultaneously facing a dramatic uptick in physical incidents that have the potential to impact their people and operations. Leaders in risk, security, and business continuity know all too well that these threats, such as extreme weather events and infrastructure failures, continue to become more frequent and interconnected.

Recent research shows that C-level leaders are also beginning to understand these risks, but 18% of CEOs admit they still don’t have anyone in the C-suite overseeing physical security and duty of care. Physical threats often have cascading effects that reach all areas of the business, so preparing for them can no longer be a siloed responsibility that’s relegated to mid-level management — it’s a critical element of organizational resilience that leaders must learn to recognize and measure.

But a simple ROI calculation won’t cut it for physical risk prevention and mitigation investments because they can’t be measured by increases in revenue. In a world of increasing physical threats, a financially sound business strategy requires a focus on return on resilience investment (RORI), which shows in monetary terms what damage was avoided, not what income was gained.

OnSolve - 2024 Global Risk Impact Report

2024 Global Risk Impact Report

Every threat can become a cascading, dynamic risk. Learn how making the shift from risk prevention to resilience management can help organizations navigate the unexpected impacts of physical threats and strengthen preparedness.

The Quantifiable Benefits of Resilience

From 2021 to 2022, extreme weather events were up 42% in the U.S. and 72% globally. During the same time frame, infrastructure and technology failures (including power outages) soared 807% in the U.S. and 688% globally, and transportation accidents (aircraft, maritime, rail, and road) increased 296% in the U.S. and 211% globally.

Organizational resilience, or the ability to anticipate, absorb, and recover from hazardous events, is now table stakes. Ultimately, when the C-suite prioritizes resilience, they set the business up for recovery in the face of these physical threats, saving time, resources, and revenue and making the organization more competitive.

But the C-suite has historically prioritized the risks that have a direct financial impact on the bottom line, favoring investments with tangible financial returns. RORI allows them to quantify the “return” they can expect from the three primary impacts of a physical incident:

Direct Impacts

Physical incidents pose a direct, tangible threat to business operations and the bottom line. In a hypothetical situation, a fire at business A — a company doing $10 million in revenue — could result in as many as five days of downtime and cost about $250,000. If a severe tornado destroys a distribution center of business B, a Fortune 100 company, the loss may reach or exceed $80 million.

Indirect Impacts

If a business suffers reputational damage after mishandling a crisis, they’re likely to lose customers as well as talent. According to research completed by LinkedIn, the cost of a bad reputation for a company with 10,000 employees could be as much as $7.6 million in additional wages. In a world where brand reputation means so much, even a single negative incident could force a business to fold.

Impacts to Competitive Advantage

Advanced preparation enables an organization to minimize the impact of physical threats better than the competition, which can result in a tangible monetary return. Consider that a major physical incident is likely to affect not just one company, but all its competitors. Say an infrastructure failure causes a day of downtime for business A, but effective risk preparation allows its competitor, business B, to prevent all downtime. Customers of business A are likely to seek out alternatives that are ready and available, such as business B. One can put such a return in monetary terms by investigating how a similar business was impacted by a previous incident.

RORI can vary greatly depending on the type of business, size, revenue, and industry. It can be calculated by subtracting the annual average lost revenue (ALR) of a physical incident’s direct impact from the amount of resilience investment spent in a year. ALR is calculated by the average revenue from business operations per day, multiplied by the number of days lost due to incident impacts that occurred over the course of a year. While this number does not include qualitative impacts such as the social/emotional ones or quantitative factors such as employee turnover and customer churn, it can create a mathematical understanding of the amount of revenue saved from investing in resilience planning.

Aligning RORI with an Organization’s Strategy

Understanding how threats are impacting the bottom line and how organizations plan to mitigate them is becoming a board-level priority. Ninety-nine percent of corporate boards have asked executives for plans that combat physical threats. RORI, when applied consistently throughout an organization, can be an effective tool for C-suite leaders to create targeted mitigation strategies and ultimately remain resilient during unexpected crises, even during an economic downturn. Here’s how to ensure resilience investments align with business objectives:

Gain buy-in that RORI aligns with the priorities of the overall organization:

Executives are always analyzing the factors that impact top and bottom lines, whether that’s financial or reputational. While resilience investments may not turn a profit, they reduce the risks that threaten the people, places, and property responsible for driving the company’s revenue.

Ensure the whole organization is reviewing and talking about RORI in the same way:

Physical risks impact every area of the business, so it’s important that every team and department understands how a resilience investment benefits them. RORI may be a new concept for many, but understanding its value is the key to successfully justifying the investment in risk-management solutions and strategies.

Bring RORI to all department levels:

When asked about quantifiable ROI, shift the conversation to the value and return on resilience. Maybe a security measure saved a life, or perhaps anticipating a potential threat saved the organization $2 million in incident avoidance. These concrete numbers, in combination with the less-quantifiable benefits, such as positive brand reputation or improvement in employee turnover or customer churn, can be used across all areas of the business to illustrate the holistic value of crisis management.

The Time Is Now to Change the Perception of Risk

Given physical risks’ cascading effects on business operations and ultimately revenue, physical risk management must become a priority for the C-suite. CEOs should continue to invest in areas that have a tangible financial return, but they must also rethink how they’re evaluating ROI. RORI can provide the proof that better preparation pays off. Learn more in the OnSolve Global Risk Impact Report.

Originally published in Harvard Business Review, August 2023

OnSolve

OnSolve® is a leading critical event management provider that proactively mitigates physical threats, allowing organizations to remain agile when a crisis strikes. Using the most trusted expertise and reliable AI-powered risk intelligence, critical communications and incident management technology, the OnSolve Platform enables enterprises, SMB organizations and all levels of government to detect, anticipate and mitigate physical threats that impact their people, places and property. With billions of alerts sent annually and proven support for both the public and private sectors, OnSolve is used by thousands of entities to save lives, protect communities, safeguard critical infrastructure and enable agility for the organizations that power our economy.