Skip to main content

Four Critical Ways to Build Resiliency as COVID-19 Continues to Rebound

What you need to know about emerging business continuity risks.

COVID-19 and its highly transmissible Delta variant continue to reveal new sets of exposures and increased levels of uncertainty many organizations did not anticipate. As the year progressed, business continuity management needs changed as the Delta variant emerged[1] and associated risks continued to evolve.

Most organizations have spent the past 18 months building operational resilience and digitization and have achieved productivity and continuity with a remote workforce.

Now, the variant has disrupted return-to-work strategies and it is likely that remote working will continue for many organizations, at least for the near-term. Many businesses moving forward with employees returning to the office are implementing mandatory mask wearing, testing and proof of vaccinations.[2]

With these recent headwinds, leaders need to reimagine what sustainability and competitive advantage will look like, today and in the future. Here are some business continuity management considerations that will help you make decisions about the future of work at your organization.


Conduct a vendor resiliency analysis.

It’s important for risk managers to look upstream in their supply chain to identify potential business interruption risks so that a vendor’s problems don’t become your problems, which can threaten your operations. A vendor resiliency analysis is the examination of a critical vendor to ensure that, in the event of a crisis, the vendor can continue to support your organization with its products and services. Business continuity leaders recommend doing this analysis with all of your vendors, and even asking them to do so with their vendors—as far upstream as you can go, to find out how resilient your supply chain is.

Analyze vendors in the same manner in which you would develop your own business continuity management program. Ask your suppliers what they’ve done to protect themselves in the four areas of business continuity management: emergency response, crisis management, business unit continuity and IT recovery. Then, ask what they will do to support your company in the event of a crisis, through an increase or decrease in materials, service or information.


Mitigate the risk of guilt by association.

Organizations are increasingly being held accountable for the corporate social responsibility (CSR) and environmental, social and governance (ESG) practices of their vendors. While many of these practices are outside your control, unless you audit your providers, an issue can potentially affect the public perception of your company. You need to have confidence that your vendors are operating responsibly in the face of, among other things, digitalization, climate change and evolving regulations. Keep lines of communication open with suppliers and ask for reporting on material origins, manufacturing processes and human resource practices. It’s also becoming increasingly common to ask for reporting on the vendor’s ESG compliance and policies, and to include a supplier code of conduct in the contract.


Upgrade BCM plan for Cyber Risk.

All business continuity management conversations should involve cyber risks, including a growing ransomware threat that frequently leads to business interruption, technology and data losses, computer forensic costs, defense costs, privacy breach costs, fines and penalties and damage to your business reputation. Organizations that were slow to digitize before the pandemic are now quickly ramping up their technology, which has exposed more business processes, operational technology assets and supply chains to a variety of disruptive cyber events. Risk managers should quantify their cyber risks to understand the company’s exposure and upgrade their legacy BCM plans and processes to mitigate the increased cyber threat.[3]


Plan for long-term occupational health and safety.

If you haven’t done so already, organizations need to decide now if you’re going to install permanent remote working, bring all employees back onsite, or take a hybrid approach. Companies need to be clear on their corporate social responsibility stance regarding the health and wellness of their staff, customers and vendors, regardless of the route you choose. Risk managers also need to account for unexpected work-from-home possibilities, hygiene measures, social distancing and potential new policies expanding sick leave in the business continuity management plan.


The decisions you make regarding business continuity in 2021 aren’t all about surviving the ongoing crisis of the COVID-19 pandemic. Instead, those decisions are long-term strategy moves that will set you up to be resilient and agile for many years to come.

[1] Déjà vu: Delta Variant Requires Companies to Rethink Return-to-Office Plans

[2] More Companies Delay Office Reopenings as Covid Cases Surge

[3] The rise of operational losses from cyberattacks: Four steps to upgrading your BCM for Cyber Risk

This document has been provided as an informational resource for Aon clients and business partners. It is intended to provide general guidance on potential exposures and is not intended to provide legal or medical advice or address medical concerns or specific risk circumstances. Due to the dynamic nature of infectious diseases, Aon cannot be held liable for the guidance provided. We strongly encourage visitors to seek additional safety, medical and epidemiologic information from credible sources such as the Centers for Disease Control and Prevention and World Health Organization. As regards insurance coverage questions, whether coverage applies, or a policy will respond, to any risk or circumstance is subject to the specific terms and conditions of the policies and contracts at issue and underwriter determination.

While care has been taken in the production of this document and the information contained within it has been obtained from sources that Aon believes to be reliable, Aon does not warrant, represent or guarantee the accuracy, adequacy, completeness or fitness for any purpose of the report or any part of it and can accept no liability for any loss incurred in anyway by any person who may rely on it. Any recipient shall be responsible for the use to which it puts this document. This document has been compiled using information available to us up to its date of publication.

All descriptions, summaries or highlights of coverage are for general informational purposes only and do not amend, alter or modify the actual terms or conditions of any insurance policy. Coverage is governed only by the terms and conditions of the relevant policy.