Revisiting Your Business Resilience Strategy: The Key to Staying Ahead

Today’s news can often feel disheartening—sometimes even alarming. From unprecedented weather events—such as regions receiving over a foot of rain in less than 24 hours—to escalating global conflicts, the lingering effects of recent pandemics, and increasingly strict customs regulations and border security, the list of controversies and crises seems to grow by the day.

Although history books contain a great deal of wisdom, they cannot be solely relied upon to prepare us for the unique present and future challenges we face. Relying exclusively on historical experience runs the risk of making us somewhat complacent and leads us to think that all we have to do is look to the past to find ready answers for today and tomorrow. But we can’t allow ourselves to be lulled into a false sense of security.

In previous articles I’ve shared a framework for managing threats and making organizations resilient in our rapidly changing risk landscape. While many businesses have adopted strategies to manage these emerging threats, resilience requires more than a “set it and forget it” approach. We must revisit and check the strategy frequently to keep up with new challenges.

Threats to physical and cyber security are evolving with breathtaking velocity. Still, one principle remains unchanged: Keep it simple.

Why Revisit Your Resilience Strategy?

Companies must continually adjust their threat management strategies to changing circumstances. The model you set up two years ago might have seemed strong when you first implemented it, but the world is not static. We regularly see new technologies, major economic changes, fresh geopolitical tensions, and significant environmental changes that bring new challenges and vulnerabilities.

Leveraging the PESTEL Framework

All organizations are susceptible to external influences, which can come from many sources and substantially impact an organization’s functions. I have written previously about the PESTEL framework, which is an invaluable tool for helping organizations categorize potential threats and think through their responses.

Here are the six key threat areas identified in the PESTEL framework:

• Political. Obviously, changes in public policy, regulation, or the overall geopolitical environment can have a direct impact on an organization. Example: The United States holds presidential elections every four years and congressional elections every two years. In addition, state governments change hands just as regularly. These elections inevitably bring important changes that will eventually affect businesses.
• Economic. The health of the economy, inflation, labor costs, and changes in basic market conditions can make or break an organization. Example: The Trump administration’s aggressive tariff policy has deeply affected the stock market and the economy generally. The ultimate outcome, while not yet clear, will surely impact consumers and businesses in profound ways.
• Social. Demographic shifts, changes in what people do or buy, and the movements and trends that communities experience can directly affect an organization’s customer base. Example: In 2025, some people who once supported the move toward electric vehicles turned aggressively against one particular EV manufacturer (Tesla) to protest government policies they disagreed with. At a more mundane level, gradual changes in the makeup of a neighborhood can drastically affect the profitability of local businesses.
• Technological. Advances in technology bring great benefits to industry and consumers but also introduce new vulnerabilities. Example: Artificial intelligence has improved many aspects of life and business, but bad actors can use it to perpetrate fraud and misinformation, impacting businesses as well as individuals.
• Environmental. Sustainability is now an expected part of an organization’s portfolio. Meanwhile, events like floods, tornadoes, earthquakes, and other natural disasters can cut deeply into an organization’s activities and resource availability. Example: The catastrophic fires that hit Southern California in December 2024 destroyed more than 1,200 homes and many commercial structures. Total damage from the fires has been estimated at between $95 billion and $164 billion, including $75 billion in insured losses and $297 million in lost wages. The effects on California’s business climate will be reverberating for years to come.
• Legal. Organizations are directly affected by certain courtroom decisions. New laws and regulation changes filter down to an organization and have a very direct impact on how that organization functions. Example: The Environmental Protection Agency (EPA) has imposed restrictions on emissions of carbon dioxide and other gases, impacting businesses throughout the country. These restrictions are often matched or exceeded by laws at the state level.

Keeping a fresh understanding of these areas allows you to act without being forced to respond to a given situation. You can respond with forethought rather than in the moment. And when you can do that, you can actually allocate resources to different places without being pulled in multiple directions—you can do damage control beforehand.

Steps to Strengthen Your Resilience

There are positive actions that can help businesses fortify their defenses against emerging threats. Here are four of the most important:

1. Conduct audits on a regular basis. Set up a schedule for the routine review of your physical and cybersecurity measures.
2. Collaborate across departments. Foster constant communication among the teams for all-inclusive threat management.
3. Continually update. Use the PESTEL framework to keep an eye on possible emerging threats and adjust your strategies accordingly.
4. Plan for scenarios. Prepare contingency plans for the different kinds of threats you might face so you can act quickly and effectively when something happens.

A business’s instinct to survive is born from the uniform experience of its various parts. When a company is under threat, every area feels the pinch. In response, every area must contribute to overcoming the challenges. Some effective responses can be based on common sense, but others may seem counterintuitive.

Successful businesses prioritize their ability to bounce back from adversity—a trait that gained importance in the wake of the devastating COVID-19 pandemic. But bouncing back requires a willingness to scrutinize all parts of a business and to be resilient at all levels.

Keep in mind that resilience isn’t just a static quality that one possesses, but rather a capability that must be dynamically and continuously developed. This is because what collapses isn’t static. The structures that hold up an organization aren’t just resilient; the organization itself must have a dynamic, resilient structure to withstand a long-term crisis.

Tom Meehan is retail technology editor for LP Magazine as well as CEO of CONTROLTEK. Previously, Meehan was director of technology and investigations with Bloomingdale’s, where he was responsible for physical security, internal investigations, and systems and data analytics. He currently serves as the chair of the Loss Prevention Research Council’s (LPRC) Innovations Working Group. Meehan recently published his first book titled Evolution of Retail Asset Protection: Protecting Your Profit in a Digital Age. He can be reached at TomM@LossPreventionMedia.com.