Building resilience through digital transformation

Digital transformation (DX) is no longer a discretionary choice but a fundamental strategic requirement for survival and growth. However, despite global spending on DX programmes projected to reach $3.9 trillion by 2027, only about 35 per cent of organisations report success. One cause of failure is a technology-first approach that neglects the essential component of resilience.

 

Resilience in digital transformation is the capacity to maintain operational continuity while navigating change, such as rapid technological shifts, intensifying cyber-threats and evolving regulatory requirements. DX is a primary driver of organisational resilience, improving a firm’s ability to survive and even grow during a crisis.

 

However, recent research indicates that while DX enhances recovery capacity (bouncing back after shocks), it can sometimes paradoxically weaken resistance to shocks due to the heavy resource requirements for implementation. Resilience, therefore, needs to be deliberately built into DX programmes if it is to be effective.

 

Generating digital resilience

 

Digital transformation builds resilience in several ways:

 

• Digital transformation improves a firm’s ability to understand the changing environment and adapt to it, adjusting strategies to market changes; new knowledge can be created and shared to help maintain operations
• Agility is improved: real-time data from AI and IoT, together with edge computing, facilitate faster decision-making, reducing the time lag between identifying a risk or an opportunity and executing a response
• Digital tools provide technical support for rapid innovation, allowing companies to pivot their products or services quickly when traditional business models are disrupted or weaknesses are spotted in competing businesses
• Digitalisation breaks down data silos in supply chains, creating end-to-end visibility that helps firms anticipate and prepare for supply shocks or demand shifts

However, while DX has many advantages for organisations, it also carries risks that mean resilience should be a primary consideration when planning a DX programme.

 

Why DX requires built-in resilience

 

The risks of non-resilient digital operations are substantial. For example, system downtime is very costly in the automotive industry, with a single hour of IT failure estimated to cost up to £2 million. Why do these costs arise?

 

Expanded attack surfaces: As connectivity increases through cloud-first and hybrid models, so does the potential attack surface. Cyber-security incidents, such as ransomware attacks, now impact entire operational technology systems and external supply chains, not just internal IT.

 

Regulatory complexity: Non-compliance with new laws that demand resilience, such as the UK’s Cyber Security and Resilience (CSR) Bill and the EU’s NIS2, can lead to severe financial penalties and reputational damage, meaning that board-level oversight of digital resilience is now a standard requirement for organisations.

 

Naive use of AI. While AI offers massive opportunities for efficiency, it also fuels a new generation of risks to data, as well as having the potential to deliver misleading and damaging insights, meaning that resilience is even more important.

 

To build long-term competitiveness, organisations must integrate resilience into their technology, processes and people.

 

Technology: from adoption to optimisation

 

It will never be sufficient merely to adopt new technology. Organisations need to understand why a particular technology will benefit them: the fact that a competitor has adopted it is not a good reason. At the same time, the downsides as well as the upsides of a new technology must be identified and mitigated. And adoption of the new technology should be driven by a desire to optimise it rather than simply use it. 

 

Take cloud computing. The benefits are clear: rapid scalability and the flexibility needed to respond to market shifts. But resilience must also be considered, and one strategy might be to adopt a multi-cloud strategy that avoids single-provider dependencies.

 

Process: avoiding risk

 

Technological tools alone cannot ensure growth. They must be supported by robust, agile processes that are designed to avoid unnecessary risk. Newly designed processes may look good on paper, but until they have been tested, their true quality remains unknown. Organisations should avoid a “rip-and-replace” approach, which can destabilise core business systems. Instead, a phased implementation plan, starting with high-impact “lighthouse” initiatives to demonstrate early wins, will help to build credibility and acceptance.

However, risk avoidance shouldn’t stop once a new process has been accepted. Initial results may be misleading for a number of reasons. Continuous validation of any newly digitised process should therefore replace intermittent testing. For instance, annual cyber-security testing should be replaced with continuous monitoring, using automation to regularly verify backup integrity, detect configuration drift and identify dangerous human behaviour.

 

Skills and culture: always learning, always open

 

Resilience is driven by human capability and culture. But for employees to be able to contribute to resilience, especially when new technologies are being implemented, they will need sufficient knowledge of how to navigate risk.

 

While technical skills and the ability to rapidly learn how to use new tools are important here, the most resilient workforce possesses strong cultural attributes. These include technological curiosity, critical judgment (i.e. common sense) when using new tools such as AI, openness to new ways of working, and the ability to take appropriate risks. Human-centric skills are also critical. Emotional intelligence, creativity and empathy are essential for maintaining team connection and psychological safety during disruptive periods.

 

At the centre of a resilient culture is attitude to learning. Employees should be prepared to engage in lifelong learning, knowing that skills learned yesterday or even today will be of little use tomorrow. To support this, organisations should move beyond outdated, long-form e-learning modules and employ blended learning techniques such as micro-learning integrated directly into daily workflows. And to build the very strongest workforce, they must move away from promoting (and recruiting) based on skills and experience and instead look for potential.

 

Resilience in DX: the strategic imperative

 

Digital resilience is a strong competitive differentiator. Organisations that successfully embed resilience into their digital operations and culture, treating it as a strategic enabler rather than a compliance exercise, will be well positioned to thrive in an era of relentless change and uncertainty. 

 

The goal should be to build an intelligent digital enterprise that anticipates obstacles, bounces back from unexpected disruptions and continuously learns so as to become ever stronger, more agile and more effective.