While cyber incidents are already a top concern for most business leaders, organizations are simultaneously facing a dramatic uptick in physical incidents that have the potential to impact their people and operations. Leaders in risk, security, and business continuity know all too well that these threats, such as extreme weather events and infrastructure failures, continue to become more frequent and interconnected.
But a simple ROI calculation won’t cut it for physical risk prevention and mitigation investments because they can’t be measured by increases in revenue. In a world of increasing physical threats, a financially sound business strategy requires a focus on return on resilience investment , which shows in monetary terms what damage was avoided, not what income was gained.From 2021 to 2022, extreme weather events were up 42% in the U.S. and 72% globally.
Organizational resilience, or the ability to anticipate, absorb, and recover from hazardous events, is now table stakes. Ultimately, when the C-suite prioritizes resilience, they set the business up for recovery in the face of these physical threats, saving time, resources, and revenue and making the organization more competitive.
But the C-suite has historically prioritized the risks that have a direct financial impact on the bottom line, favoring investments with tangible financial returns. RORI allows them to quantify the “return” they can expect from the three primary impacts of a physical incident:Physical incidents pose a direct, tangible threat to business operations and the bottom line.
RORI can vary greatly depending on the type of business, size, revenue, and industry. It can be calculated by subtracting the annual average lost revenue of a physical incident’s direct impact from the amount of resilience investment spent in a year. ALR is calculated by the average revenue from business operations per day, multiplied by the number of days lost due to incident impacts that occurred over the course of a year.