How to build business resilience during a ‘polycrisis’

Steven Edwards (Host):
Hello everyone, and thank you for joining today’s webinar on How to Build Business Resilience During a Global Polycrisis.

My name is Steven Edwards. I chair a team of volunteers who organise these events for CIMA in the North West of England and North Wales. If you’d like to get involved or suggest topics and speakers, please use the Area 6 email address in the chat.

I’m delighted to be joined today by Andrew Tollinton, Co-founder and Director of SIRV Systems Limited—a team of technology, computer and data scientists committed to making UK businesses more resilient.

Just a few notes before we begin:

• To minimise disruption, you are all muted.

• Please submit questions using the Q&A icon (top right).

• A recording of the session and a feedback survey will be sent to you afterwards.

Andrew, thank you for joining us. Over to you.

---

Andrew Tollinton (Speaker):
Thank you, Steven, and hello everyone. I’m joining from London and delighted to be here.

Before we dive into the slides: there’s no such thing as a “stupid” question. Please use the Q&A function during or after my talk.

Today’s session is one hour: around 45–50 minutes of presentation followed by questions. We’ll cover three main points:

1. Define what we mean by polycrisis and business resilience.

2. Look at how to improve situational awareness.

3. Explore practical tools, including horizon scanning models.

---

About me

I’m CEO of SIRV—Systematic Intelligent Risk Valuation. We’re an AI-led company helping organisations improve business resilience.

I also chair the AI in Risk Management Committee at the Institute of Strategic Risk Management (ISRM), a global network of 40,000 practitioners and academics.

By background, I’m a qualified CIMA accountant, which shaped my career significantly.

---

Defining polycrisis and resilience

A polycrisis is where multiple crises occur simultaneously or interdependently:

• Example 1: Gulf of Mexico (2020–21). COVID-19 overlapped with seven major hurricanes and severe winters. “Business as usual” disappeared; disruption became the new normal.

• Example 2: Global events. COVID-19’s long-term impact on debt and behaviour was followed by Russia’s invasion of Ukraine, energy shocks, and persistent cyber threats.

Business resilience is the ability to avoid, mitigate, respond to, and recover from shocks. Unlike business continuity, which focuses on keeping operations running, resilience is about embedding adaptive capacity into everyday operations.

Think of resilience like physical fitness: the fitter you are, the quicker you recover from illness or injury.

The UK government recognises this through initiatives such as:

• The Resilience Framework.

• The National Preparedness Commission.

• The Prepare Campaign, providing practical public guidance.

• Nationwide Emergency Alerts (text warnings for floods or disasters).

---

Situational awareness

Recent risk conferences highlight three interrelated categories of risk:

1. Cyber – ransomware, state actors, disruption of digital systems.

2. Geopolitical – war, sanctions, supply chain shifts.

3. Environmental – extreme weather, climate change, pandemics.

These risks interact. For example:

• A flood causes power outages, which in turn expose cyber vulnerabilities.

• A geopolitical dispute leads to cyberattacks and trade disruptions.

Today I’ll focus mainly on geopolitics and environmental risks, as cyber is already widely discussed.

---

Geopolitical context

Conflicts in Ukraine, Israel, Syria and tensions in Taiwan illustrate how fast-moving global politics affects business.

Key points:

• The “axis of resistance” (Russia, China, Iran, North Korea) increasingly coordinates to challenge Western influence.

• In Syria, failure to enforce the “red line” on chemical weapons in 2013 emboldened adversaries.

• Russia’s invasion of Crimea (2014) and Ukraine (2022) marked turning points.

• Today we see deeper involvement from China and North Korea, while Western resolve is being tested.

As Professor Michael Clarke (King’s College London) told the BBC:

“If the West is humbled in Ukraine, it will lose credibility worldwide.”

This is often described as a geopolitical recession—uncertainty on a scale not seen since the Cold War.

---

Environmental risks

Climate and health crises are reshaping productivity and resilience:

• Heat: UK Met Office data shows rising temperatures and sharper extremes. Productivity falls by ~0.8% for each additional degree above comfort thresholds. Local councils are planning cooling shelters for vulnerable populations.

• Flooding: Repeated events in Wales highlight forecasting and communication failures. Over-warning leads to alert fatigue, while new developments alter flood flows.

• Pandemics: The UK National Risk Register estimates a 25% chance of another pandemic within 10 years.

Environmental risks also contribute to geopolitical instability (“climate violence”), driving migration and conflict.

---

Implications for business and finance

These risks flow directly into financial performance:

• Supply chain disruption (offshoring → nearshoring → reshoring).

• Higher shipping costs and uncertainty.

• Harder forecasting and strategic planning.

CFOs must now assess resilience impacts on budgets, forecasts, and investment priorities.

---

Horizon scanning and the Three Horizons Model

To turn awareness into action, organisations can use the Three Horizons Model:

• Horizon 1 (Now): near-term risks.

• Horizon 2 (Medium): emerging threats.

• Horizon 3 (Long-term): structural shifts.

Steps in horizon scanning:

1. Gather intelligence (who, what, where, when, why, how).

2. Assess and prioritise (impact and likelihood).

3. Communicate visually (use charts, maps, dashboards).

4. Review regularly (quarterly/annually, with “watch lists” in between).

This process works best when cross-functional teams (finance, ops, HR, security) collaborate.

---

Sources of intelligence

Useful UK resources include:

• Emergency Planning College (EPC).

• National Preparedness Commission.

• Local Resilience Forums (via gov.uk).

• Prepare Campaign website – practical public advice.

• National Protective Security Authority (NPSA) – security briefings.

• World Economic Forum Risk Report and the UK National Risk Register (2023).

• Think tanks such as Chatham House.

• Technology platforms such as SIRV, Dataminr and Everbridge.

---

Risk responses

Ultimately, organisations can respond in four ways:

1. Avoid – change activity to remove exposure.

2. Mitigate – reduce likelihood or impact.

3. Transfer – insure or outsource.

4. Accept – live with the risk.

---

Q&A highlights

Q: What’s the CFO’s role in resilience?

• CFOs naturally focus on prudence and risk. They often oversee real estate and other operational assets.

• Their role is to challenge assumptions in budgets and forecasts, ensure resilience is considered in supply chains, and align financial planning with risk.

Q: How do we protect sensitive information?

• Think in layers of security. Even if early defences are breached, later layers should prevent critical data loss.

Q: What about the economic squeeze (post-COVID, Brexit)?

• Headwinds are real, but AI and automation offer productivity gains.

• UK innovation has lagged post-Brexit; this remains an opportunity.

Q: Are undersea cables and space assets vulnerable?

• Yes. Intelligence services are active in this space. Organisations should plan backups: if one channel fails, what’s the alternative?

Q: Would a Ukraine ceasefire show weakness?

• Analysts argue that if Russia retains territory, it would embolden adversaries and weaken Western credibility.

---

Closing remarks

Andrew Tollinton:
If NATO can be caught unprepared in 2022, so can businesses. But it’s not too late to act. Resilience is about preparing now, building layers of defence, and maintaining situational awareness.

Steven Edwards (Host):
Thank you, Andrew, for an insightful session, and thanks to everyone who joined. Please complete the feedback survey and watch for the recording link.