Part of KPMG's series COVID-19: Insights for CIOs and IT executives

The Government’s response measures to COVID-19 have led to the emergence of a new normal for consumers and enterprises. Amid the COVID-19 crisis, the resiliency of technology systems is being tested like never before. Technology leaders need to ensure that technology is resilient, performant, and can rapidly adapt to the constant uncertainty to emerge stronger out of this unprecedented disruption.

Organisations with key gaps in their systems resiliency are experiencing adverse impacts to business continuity; they are seen as digital laggards by the market resulting in negative financial impact. The resiliency of critical business services and underpinning technology systems is a key need now and beyond.

Adjusting to the new normal

As organisations navigate this crisis, they are pressed to scale up to the surge in usage of digital channels, the potential of increased cyber threat and to accommodate remote working whilst operating in a constrained environment. In particular they are grappling with:

Ensuring a seamless engagement experience for consumers: Traditional business models are being re-invented as consumers turn to online shopping, e-banking, telemedicine and online entertainment; schools and universities are trying to ensure continuity of curriculum through remote learning platforms; and enterprises are enabling their workforce to on work from home, use videoconferencing and collaborate online to ensure businesses remain operational.

Increased threat from cyber-attack vectors: Malicious actors are exploiting the current fear and uncertainty to target individuals and businesses. There has been a significant increase in phishing and spear phishing e-mails, malware and ransomware attacks in recent months.

Remote working and workforce productivity: Workforce productivity may be impacted by connectivity challenges, latency and lower performance of corporate systems as a result of the significant increase in remote working employees.

Environmental challenges

While responding to this new normal, technology leaders will still be expected to deliver systems that are resilient in an operating environment with new or increased challenges including:

A potential reduction in funding for technology initiatives: As businesses experience constrained revenue growth, the funding available for new technology initiatives may be limited which will have a radical impact on technology investment plans. We covered balancing technology investments when ‘everything is a priority’ previously in the series and highlighted the inherent tension between constrained funding and an increase in demand for digitisation and enabling technologies.

Continued business continuity risks: Supply chain disruptions, unavailability of critical resources and front line staff, highly disrupted customer services due to reduced availability of contact centre operations, and gaps in business continuity planning and measures all pose significant risks to business continuity.

In-flexible service contracts for outsourced technology components: There is a heavy reliance on organisations’ outsourced managed services footprint. These contracts are typically based on peak demand or known usage patterns. COVID-19 redefined these parameters as users radically changed their behaviour and continue to do so. Mitigating this cost and service level risk requires a combined effort of the organisation and their partner ecosystem.

Five key imperatives for technology resilience

To help organisations become resilient and preserve continuity of business operations given these new complications, we encourages clients to consider five key imperatives:

Imperative 1: Define what's important and worth protecting, identify the risks and threats and design the response.

Define the technology backbones and associated service quality metrics; identify potential bottlenecks and key risks of failure to support the critical business process; ensure there is a mitigation strategy (for example: decoupling) for third party services which impact critical business process; eliminate or auto-scale single points of failure (versus manual remediation); introduce low intrusive cloud solutions to optimise the network bandwidth.

Imperative 2: Plan and Test for unexpected 'black swan' events.

Undertake scenario modelling and conduct stress testing, performance design and tuning to mitigate against the bottlenecks and key risks for the technology backbone; implement circuit breakers, for example allow non-critical components, applications and services to be isolated, circumvented or terminated when critical functionality is impacted; design alternative experiences for the customer in critical performance capabilities; and establish a practice to test resiliency frequently. Organisations are also finding opportunities to use the lessons learnt from the initial COVID-19 response to inform their scenario planning thereby painting a real and recent picture of the critical components of their technology systems and infrastructure.

Imperative 3: Monitor and measure with an eye on metrics that matter.

Define and rigorously monitor service level indicators (metrics that matter) and ensure they are supported by a plan to react to preserve the metrics or react when the failure occurs; undertake proactive and intelligent monitoring for the four 'golden' signals of monitoring including latency, traffic, errors and saturation; leverage both white and black box monitoring (for example native or internal logs versus testing user outcome behaviour of the system).

Imperative 4: Leverage intelligent automation for efficiency, productivity and continuity measures.

Invest and scale your existing automation footprint to ensure it is resilient and fault tolerant; prioritise automation to resolve high-volume tasks; optimise the deployment of human talent to focus on high touch activities; leverage intelligent automation to plan for business continuity, including chatbots/conversational platforms, self-healing bots, and predictive systems for applications and critical infrastructure.

Imperative 5: Get ready for remote-work, now and the future.

This involves continuing to scale and expand connectivity and collaboration platforms including video conferencing for employees to remotely connect and collaborate; work to increase utilisation and improve the effectiveness of remote-working tools and technologies, communicate best practices and ideal use cases; periodically remind employees and third parties to remain vigilant to spear-phishing, business email compromise and other cyber threats as they increase.

As mentioned in our article Prioritising IT work when everything is a priority, while all imperatives are important, management will need to apply its own criteria. However, through these challenging times, a focus on resiliency will help support your organisation to successfully navigate through this pandemic, and be even better prepared for any future disruptions.


If you have any questions regarding the content of this article and would like speak to someone from our team please contact us.

COVID-19: Insights for CIOs and IT executives series