15 Sep 2021
by Alison Goodwin

COVID-19 has permanently changed many aspects of how we live and work, so long-term resilience planning must factor-in a very different risk landscape. 

One of the most significant changes is the adoption of more agile working, with organisations having to strike a balance between service delivery and offering staff greater flexibility. Alongside this, the pandemic has also accelerated the use of digital services: after months of social distancing, the public expects to arrange services and interact online. 

Future shocks 

As well as considering how risks have changed, it’s also important to think about potential future shocks. In Aon’s COVID-19 Risk Management and Insurance Survey, the public sector is unique in ranking another health crisis at the top of the list of significant future shocks. Given the sector’s frontline role throughout the pandemic, this isn’t surprising. 

Other potential future shocks that are identified include economic disruption, technological disruption, climate change and a major cyber event. Organisations must include all these potential events in their preparations to ensure long-term resilience. 

With an integrated, resilient and agile risk approach, organisations can make better decisions in both the immediate term and the future. 

Past experience  

Although an organisation’s resilience planning must focus on the future, it’s valuable to learn from past experiences.  

At Aon, we developed the COVID-19 Crisis Response Framework, to help organisations develop effective crisis responses in real-time. This involves three stages (React and Respond; Recover; and Reshape), which can help to shape future preparations and ensure organisational resilience.  

React and respond  

Although new risks and challenges continue to emerge as a result of the pandemic, the key lesson from this phase of the crisis response framework was that boards and management teams must broaden their scope when horizon scanning for future risks. 

Traditional enterprise-risk management (ERM) processes did not identify the enterprise-wide threat posed by the pandemic, nor appreciate the impact of interdependencies on the way the organisation functioned. Taking an enterprise-wide approach is essential, involving key stakeholders from across the organisation to ensure all potential issues are considered and a robust approach is developed.  


The recovery stage involves stabilising the situation following the crisis and readjusting to the new environment. The lesson that many organisations learnt from the pandemic was that conventional insurance wasn’t a solution to stabilising budgets.  

There may be room for more innovation and creativity within the insurance sector but organisations can plan for this too. A more concentrated focus on total cost of risk and internal management of risk, potentially as part of the pre-event crisis management planning, will provide the necessary resilience to ensure a smooth response to future crises. 


In our survey, protecting people and assets was consistently ranked as the top priority when it came to reshaping the organisation following the pandemic. 

It’s easy to see why. People are at the heart of an organisation’s resilience and strategy success. Workforce stability and engagement is a key driver for organisations to be sustainable and adaptable in a volatile and changing risk landscape. 

Protecting people  

Three key areas are identified in the survey – their wellbeing; retaining key employees; and operational resilience. 

There are certainly additional challenges around employee wellbeing, with organisations expecting to see more long-term physical and mental health issues as a result of the pandemic. Providing employees with wellbeing support but also greater flexibility will be essential.  


Wellbeing support will also help with retention but the shift to agile working means organisations must factor this in to retain talent. Enabling employees to work more flexibly can require a rethink on the way that services are delivered and we have seen organisations look at business process reengineering to facilitate this. 

Remote working coupled with the public’s appetite for digital services also means more dependence on technology. Standards need to be managed and maintained, with robust cyber strategies, risk management and insurance.  

Reprioritising risk 

Organisations must now reprioritise risk, broadening perspective and evaluating major shocks, (not just anticipated losses) and elevating risk managers to an enterprise-level strategic role. Doing so will also enable them to redefine resilience.