Our world is highly complex and prone to disruption: Natural disasters, cyberattacks, power outages, terrorist attacks, pandemics and other crisis scenarios can threaten companies existentially. The corona pandemic has shown us how vulnerable the German economy really is: According to the Federal Statistical Office, in 2020 the economy fell into a deep recession after ten years of growth; especially in the second quarter of 2020, economic output saw a historic slump. There will be other crises after this pandemic. The classic methods of risk analysis and risk management, which only take into account expected risks, do not adequately protect companies against major losses. “Companies often only consider the most likely scenarios rather than focusing on possible crisis events,“ says Daniel Hiller, Head of business unit Security and Resilience at Fraunhofer EMI in Freiburg. Teams at Fraunhofer are establishing resilience as a new security concept to help prepare organizations and companies for crises. The results of their research work include the online tool Fraunhofer Resilience Evaluator FReE and the KMU-Lagebild software, both designed to enable companies to measure and evaluate their resilience and to carry out a resilience analysis before, during and after a disruptive event.
The five-stage concept “Prepare, Prevent, Protect, Respond and Recover”
The online tool FReE allows companies to plan resilience strategically, to implement the abstract concept in their company and to put it into practice on management level. FReE is based on the five-stage concept “Prepare, Prevent, Protect, Respond and Recover.” The software comes with a list of 68 questions related to the five resilience stages. The answers provide the company with some initial information needed to assess resilience. The five stages are ordered chronologically, starting with a what-if scenario. During this Prepare stage companies prepare for disruptive situations, which helps avert damage using preventive measures during the Prevent stage. “An aluminum processing plant, for example, might want to protect its premises with security fences and cameras, because thieves usually break in at night to steal aluminum,“ says Hiller, illustrating the first two stages using a classic example. The Protect stage, as the name suggests, aims to protect; this might include safeguarding important infrastructures or buildings with additional concrete layers or walls. If it was not possible to stave off the disaster, the Respond stage comes into play. It is now important to quickly identify the cause and extent of the damage and to preserve critical supply functions. After the incident, companies should systematically draw lessons from the crisis in order to be better able to avert future risks and to boost their resilience in a cyclical iterative process – researchers call this stage Learn and Adapt.
The FReE tool takes the user through the list of questions, which are ordered chronologically into the sections before, during and after a disruption and cover all company divisions. These including personnel, finance, infrastructure and technology. The tool allows you to filter by division during the evaluation process. “For example, a controller can set the filter such that only results related to finance are shown,” says Hiller. Possible questions include: “Is there a disaster manager in the event of a disruption?“, “What are their qualifications and powers?” or “What are the financial reserves for emergencies?” The evaluation is shown in the radar chart, with the worst result being at zero percent in the graticule.
FReE is available in three versions: The free web-based quick version includes 15 questions. The full version, which includes the complete list of 68 questions, is available on a project basis. The accompanying consulting project is based on the paid version. As part of the consulting project, Hiller and his team work together with the companies to develop appropriate measures to boost resilience and eliminate weak spots. Furthermore, additional questions can be added to the FReE tool to adapt it to the needs of specific industries. Many SMEs are already using the quick version and are planning to update it to the full version.
While FReE enables companies to assess their resilience on their own, the KMU-Lagebild project supports them in carrying out a comprehensive resilience assessment. The researchers model all procedures and processes on the computer using the available data. By inputting hypothetical disruption scenarios you can see how the system reacts to them and which countermeasures have to be taken. “By asking yourself not only what the most likely disruptions are, but also what potential incidents there are, you broaden your view of the risks. What’s more, resilient companies exhibit a high level of adaptability and flexibility,” says Hiller in summary.