Founded on extensive desk research and interviews with resilience experts in the UK and abroad, this report offers ideas for further exploration in the context of a much-needed debate. The Executive Summary is reproduced below. A copy of the full report can be found here.
NOTE: Resilience First will be holding a webinar on 7 December to consider and discuss the report. See details here.
It’s frequently acknowledged that preparedness for contingencies that threaten UK wellbeing and prosperity needs the participation of all sectors of society. The concerns are large, varied, complex, interconnected, and far-reaching. In turn, resilience efforts need to be multifaceted, adaptive, and widely owned.
The private sector can, should, and is keen to contribute in many ways. Companies have much to offer by way of finance, physical assets, workforce, capabilities, and innovation. Many corporate leaders recognise the value of both resilient business ecosystems and more general societal commitments. The right conditions can enable them to align commercial imperatives with larger national ambitions.
The experience of recent crises suggests that existing national resilience arrangements fall short of what is required for current and future shocks. Sustained supply-chain challenges, extreme weather events, large-scale cyber-attacks, energy crises of different kinds, and a still evolving COVID-19 virus all argue for efforts to be increased and made more supple. Insufficient cohesion around mitigation measures and contingency plans, as well as the failure to anticipate possible cascading effects, impede the best use and co-ordination of different capabilities across public and private sectors.
Reframing the goals of national resilience and fostering debate about sectoral responsibilities would create a greater unity of purpose. A tripartite vision might focus on 1) reducing broadly defined societal vulnerabilities, 2) maintaining the reliability of critical ecosystems, and 3) securing the UK’s long-term strategic imperatives. Against that backdrop and the risk outlook, government and the private sector should explore how far to go – separately and in collaboration – to enhance risk mitigation and crisis preparedness. Maximal resilience may not always be desirable.
Underpinning cross-sectoral interactions with the right ‘terms and conditions’ is fundamental to securing the best results. More creative, equitable approaches to risk sharing should be nurtured where changing risks severely compromise the commercial business case for investment and action. Regulatory regimes should look harder at systemically important sub-sectors, make resilience a more central tenet of their agenda, expand the use of stress testing, and tighten enforcement. New data-sharing provisions should reduce barriers to sharing (where appropriate) and support decision-making by better integrating open source, public, and private data. Government emergency measures that flex standard procedures should be deployed in ways that enable rather than inhibit private-sector contingency planning. More generally, ensuring the private sector has a real seat at the table for resilience ideation and implementation would help reduce stove-piping tendencies within government and enhance traction for solutions across the economy.
The new national resilience strategy being prepared by government should stimulate and test new approaches that will position the UK well for the future. Numerous opportunities exist for public and private sectors to interact to greater effect, and much can be learned from initiatives in place already — in the UK and abroad. To take forward the selection identified in this report, government will need to play director, client, stimulator, facilitator, and cheerleader.
In ‘director’ mode, government could review the extent and deployment of existing legislative and regulatory powers. Key areas for examination include mandates for the production and stockpiling of critical goods prior to a crisis, requisition and production directives in a time of crisis, and enhanced powers of intervention to mitigate the potentially systemic impacts of large-scale cyber-attacks.
As ‘client’, government could further influence private-sector behaviour in line with new priorities. Key opportunities relate to adjusting contracting requirements to set resilience expectations of suppliers, creating a new suite of contingent contracts and procurement guidelines that could be drawn on in a crisis, and establishing a technology innovation fund focused on key resilience vulnerabilities.
As a ‘stimulator’ of markets, government could more strongly catalyse or expand novel solutions. Opportunities include cultivating an open research ecosystem where technology, innovation, and data can be combined in a pre-competitive environment; developing a multi-peril insurance scheme for catastrophes; building a cyber-risk pool that might focus on infrastructure loss events and/or small and medium-sized enterprises; and expanding the deployment of resilience and adaptation bonds.
As a ‘facilitator’ of innovation, government could enhance the integration of data and analytical capabilities. In particular, it could clarify or adapt legal guidance on data sharing to alleviate uncertainties; provide researchers from all sectors with access to a data sandbox and complex analysis platform; ensure the flow of real-time data from diverse sources into the new National Situation Centre; enable the better stress testing of critical national infrastructure assets and supply chains against major contingencies; and encourage relevant private-sector businesses — particularly CNI operators — to participate in cross-sector crisis exercises.
In ‘cheerleading’ mode, government could help promote resilience initiatives developed within the private sector. Measures to be encouraged might include the inclusion of metrics on asset resilience and risk governance in outputs from rating agencies and investment data providers; the creation of industry-based crisis codes of conduct that would help establish expectations as to reasonable behaviour by firms during contingencies; and efforts by companies to enhance the resilience capabilities of their employees.