strategy+business is published by PwC Strategy& LLC.
or, sign in with:
strategy and business
 / Spring 2003 / Issue 30(originally published by Booz & Company)


Enterprise Resilience: Managing Risk in the Networked Economy

Guided by these and other requirements, underwriters of risk, such as insurance, equity, and debt markets, will more aggressively distinguish between those businesses that are resilient and those that are not. To maintain earnings consistency and preserve and grow shareholder value, chief executives and board members need the capacity to sense and respond effectively to increasingly complicated levels of risk — risks that cannot necessarily be transferred through conventional means, such as insurance.

Interdependence Risk
Our emphasis on the importance of earnings consistency matches that of the capital markets. A company’s fate is determined by its ability to generate a reliable pattern of earnings growth. Companies that reduce earnings volatility and lower the probability of large losses are rewarded by financial markets with less expensive and better access to capital. What’s more, markets place “consistency premiums” on the stock valuations of companies that both promise and produce a steady pattern of increasing profits.

The business activities that enable the firm to gain a competitive advantage and sustain growth vary across both industries and companies. For some, manufacturing facilities represent the core earnings driver; for others, IT networks, customer support operations, supply chains, intellectual property, or a combination thereof power earnings. Traditionally, risks have not been perceived in the context of key earnings drivers, but rather in broad categories, each of which was managed in a functionally isolated way. Thus, financial risk became the province of the CFO, operations risk the responsibility of the COO, and network security the task of the CIO. Rarely do they or their business continuity or security programs link together in support of strategic objectives.

Senior executives have understandably renewed their attention to conventional risk mitigation programs. Seventy-five percent of Fortune 1000 CEOs surveyed by RoperASW on behalf of Booz Allen Hamilton in late 2001 expressed increased concern about such day-to-day activities as mail processing, travel, protection of employees, and protection of infrastructure. But by defining risk and security narrowly as the protection of personnel, plant, data, and financial position, CEOs and boards overlook the more prevalent perils they face conducting business in a networked global economy.

Networks are one of the great advances in industrial organization. Over the course of the last half century, the vertically integrated company has given way to the networked enterprise, an organizational structure characterized by greater agility and adaptability. Successful firms today must deal with intertwined layers of information, raw materials, analytical data, customer communication and service, and network infrastructure — at unprecedented speed — while maintaining countless secure relationships with third-party organizations, such as suppliers, technology outsourcers, and government regulators. “The diversity of networks in business and the economy is mind-boggling,” writes Albert-László Barabási, the physicist and author of Linked: The New Science of Networks (Perseus Publishing, 2002). “There are policy networks, ownership networks, collaboration networks, organizational networks, network marketing — you name it.”

Yet while the organizational and economic impact of networks is well known, their vulnerabilities remain largely unexplored by businesses. The reliance on open borders, transnational alliances, and global markets for capital, goods, and services has generated a “just in time” economy, which, although remarkably cost-efficient, leaves companies open to a range of discontinuities that can affect operations, reputation, customer habits, legal standing, regulatory compliance, earnings performance, and ultimately shareholder value. We call these new vulnerabilities, collectively, interdependence risk, and define it as unanticipated risk exposure across the extended enterprise that is beyond an individual organization’s direct control. Examples of interdependence risk include supply chain disruption, government intervention, and public infrastructure destruction.

The scale and impact of a disruptive event is a function of the relative importance of the dislocated entity and the degree of its integration into a broader extended enterprise. A problem that appears localized could ripple across an extended enterprise, an industry sector, or even a national or multinational economy. The capacity to withstand such disruptions is a function of a firm’s systemic resilience — its ability to understand its interdependencies, and to foresee and plan around discontinuities that can occur within them.

Follow Us 
Facebook Twitter LinkedIn Google Plus YouTube RSS strategy+business Digital and Mobile products App Store



  1. Mark Gerencser and DeAnne Aguirre, “Security Grounds the CEO Agenda,” s+b, Second Quarter 2002; Click here.
  2. Ralph W. Shrader and Mike McConnell, “Security and Strategy in the Age of Discontinuity: A Management Framework for the Post-9/11 World,” s+b, First Quarter 2002; Click here.
  3. Diane L. Coutu, “How Resilience Works,” Harvard Business Review, May 2002; Click here.
  4. Gary Fields, “An Ominous War Game,” Wall Street Journal, December 4, 2002
Sign up to receive s+b newsletters and get a FREE Strategy eBook

You will initially receive up to two newsletters/week. You can unsubscribe from any newsletter by using the link found in each newsletter.