Business Wargaming for Resilience
In today's global business environment, volatility is not an occasional challenge—it's a constant reality. Rapid technological advancements are disrupting industries at an unprecedented pace. Extreme weather events, intensified by climate change, are impacting production facilities, transportation networks, and supply chains in ways previously unimagined. Geopolitical tensions in our increasingly multipolar world can lead to sudden supply disruptions, unexpected sanctions, and mass migrations, all of which have profound implications for businesses worldwide. The intricate web of global interconnectedness means that instability in distant regions can have immediate and unpredictable repercussions closer to home. In such a dynamic landscape, it is imperative for organizations—whether they are emerging startups or established multinational corporations—to allocate resources toward building comprehensive resilience.
Defining Business Resilience
A resilient business is characterized by its ability to withstand disruptions and crises, swiftly adapting and recovering in the aftermath of a shock. Effective modern resilience does not occur by chance; it requires deliberate planning, adequate liquidity—such as access to contingency financing—and a workforce thoroughly trained with predefined procedures to navigate challenges effectively. Resilience is not about optimism or hoping for the best, but rather strategic preparation for worst-case scenarios. Resilience is an outcome. It is the culmination of tailored diligence and proactive measures designed to safeguard an organization's assets and interests against unforeseen shocks.
Forward-thinking businesses are beginning to take note. Companies and Boards are increasingly seeing the benefit of having a Chief Resilience Officer (CRO) in place to rapidly coordinate key business functions—including human resources, risk management, compliance, legal affairs, communications, finance, and information technology—to respond effectively to fast-evolving events. The need for resilience to be woven throughout organizations is beginning to be recognized, but not fast enough.
The Three Pillars of Resilience
Achieving organizational resilience today can be broken down into the following three essential pillars. While more can be done within specific industries, these three pillars of diligence are broadly fundamental:
Financial Diligence (FD)
Financial diligence is the cornerstone of any resilient organization. Sound financial management is non-negotiable; it involves balanced investments, prudent debt, and cashflow management, as well as maintaining access to contingency financing, among other imperatives. Entrusting financial operations to inexperienced personnel is a risk no prudent business leader would take. Organizations must employ professionals with proven expertise in finance and accounting, ensuring that daily financial activities are managed competently. Further, it makes sense to conduct third-party audits to provide an objective assessment of financial health, and identify any potential issues before they escalate.
In the case of potential mergers, acquisitions, or partnerships, thorough financial audits of potential entities are essential. Financial diligence in these scenarios will help uncover hidden liabilities or financial irregularities that could jeopardize either or both businesses. By investing in robust financial diligence, organizations safeguard themselves against financial shocks and position themselves for sustainable growth. Alone, however, financial diligence is simply not enough.
Reputational Due Diligence (RDD)
In an era dominated by instantaneous communication and pervasive social media, reputational risks have escalated dramatically. A single misstep—such as enabling privileged access to critical data for compromised personnel, associating with a disreputable partner, or failing to fully vet potential investors—can inflict severe damage on a company's reputation and lead to legal repercussions that a company may not be able to survive.
For businesses operating in sensitive sectors, including in the national security space, the stakes are even higher. The U.S. National Counterintelligence and Security Center has warned that foreign adversaries, including China, use investments to access sensitive data, not only posing significant business risk but also threatening national security.
Just as accurate information is vital for informed decision-making, thorough reputational due diligence (RDD) into key personnel, business partners, potential investors, and other important associates is critical for protecting an organization's reputation. This is especially true if that reputation means your ability to do business with the U.S. government. It is essential to engage licensed professionals skilled in RDD, who have credentialed, non-public access to specialized databases aggregating individual and company records and advanced Open Source Intelligence (OSINT) capabilities and analysis tools to augment, piece together, and derive insights from those records. Such tools are increasingly leveraging AI to create and handle large datasets. A great RDD team, whose skill and use of tradecraft that can transcend simple toolsets, will be able to uncover potential red flags, conflicts of interest, or compliance issues that may not be immediately apparent.
Unlike other forms of diligence, RDD is the only one that looks around the subject to glean insights into the subject. This makes RDD uniquely powerful. Proactive RDD enables organizations to avoid overt pitfalls, as well as more stealthy threats such as adversaries that operate in plain sight, to better maintain the trust of stakeholders, customers, and the public.
Resilience Wargaming
The third foundational pillar of effective, modern business resilience is wargaming. Like RDD, Resilience Wargaming is often overlooked, yet is absolutely essential for organizational preparedness. Unlike traditional business wargaming which focuses on anticipating and outmaneuvering market rivals, Resilience Wargaming is about preparing for unforeseen challenges that could disrupt operations. It involves role-play and simulating adverse scenarios through red-team ‘aggressor’ exercises to inform new contingency strategies, or test the effectiveness of current contingency plans to identify vulnerabilities.
Unlike traditional business wargaming which focuses on anticipating and outmaneuvering market rivals, Resilience Wargaming is about preparing for unforeseen challenges that could disrupt operations.
By conducting these simulations, organizations can develop robust response frameworks for a range of potential crises, such as supply chain disruptions, cyberattacks, geopolitical conflicts, or internal security incidents. This proactive approach enables companies to refine their contingency plans, ensuring they are not merely theoretical documents but actionable strategies that can be executed effectively when needed.
The Imperative of Resilience Wargaming
Why don’t more companies invest in Resilience Wargaming? Many organizations, particularly early-stage and high-growth companies, are heavily focused on allocating resources and efforts toward achieving milestones and KPIs, leaving little time to prepare for bad days. But bad days do come.
Consider the COVID-19 pandemic—a massive shock to global markets that tested the resilience of businesses worldwide. The pandemic led to the permanent closure of an estimated 200,000 American companies. Organizations that survived did so by leveraging surplus capital or rapidly adapting their business models to the new reality. Few had pre-existing contingency plans for such a scenario, and even fewer had tested them. This lack of preparedness resulted in reactive measures rather than strategic responses.
Similarly, the ransomware attack on the Colonial Pipeline in 2021 stunned US energy markets and exposed significant vulnerabilities in critical infrastructure. For many companies, this attack prompted them to confront the possibility of cyber threats for the first time. The sudden surge in demand for cyber insurance highlighted how unprepared organizations were for such incidents. While the proliferation of cyber insurance is a good thing—the trick here is not to outsource preparedness to insurance.
Just as unforeseen, and at least as consequential, consider the total collapse of a critical infrastructure asset like the Francis Scott Key Bridge in Baltimore. Very few businesses, if any, considered the impact of such an event and the immediate and severe impacts on commerce and local businesses. In the immediate aftermath, over 500 businesses affected by the collapse of the Francis Scott Key Bridge applied for long-term, low-interest loans to help cover costs and stay afloat.
While it is impossible to predict every potential crisis, organizations can and should prepare for a range of plausible scenarios. Resilience Wargaming allows companies to build flexible response frameworks for various, and conceivable, crises or disruptions, such as supply chain issues, geopolitical crises, or publicized incidents of workplace violence, just to name a few. Resilience Wargaming provides a systematic approach to anticipate and plan for these possibilities. By stress-testing their strategies, companies can identify weaknesses and make necessary adjustments before facing real-world challenges.
Becoming Resilient: Executing Effective Resilience Wargaming
Like FD and RDD, implementing Resilience Wargaming requires expertise and should not be approached lightly or as an ad hoc exercise. Professional facilitators with experience in wargame design and execution are essential. These experts craft hyper-realistic scenarios tailored to the organization's specific risks and operational context. They guide cross-functional teams through simulations, identifying collaboration strategies, and fostering novel, critical thought. The process also involves subject matter experts who provide insights into specific threat areas, such as cybersecurity, supply chain logistics, or regulatory compliance. Skilled analysts then evaluate the outcomes of the simulations, offering business leaders actionable recommendations to enhance their resilience strategies.
By investing in professional Resilience Wargaming, organizations transform their contingency plans from static documents into dynamic capabilities. Teams become familiar with their roles during a crisis, communication channels are tested, and decision-making processes are refined. This level of preparation can significantly reduce response times and improve outcomes when disruptions occur. By embedding these principles into the organizational culture, resilience becomes a shared responsibility rather than a top-down mandate. Engaging with professionals who specialize in the three pillars of resilience—Financial Diligence, Reputational Due Diligence, and Resilience Wargaming—is a strategic investment in an organization's future.