How to achieve system-wide collaboration for business continuity?

Full account of the conference:

In an era of broken supply chains, climate-driven shocks, and cyberattacks that cross national boundaries, digital systems are often the only way to see and respond to risk.

But as speakers at Risk-!n 2025 warned, this reliance comes at a cost: when data isn’t trusted, systems fail.

Elaine Moran, executive director of the Sustainable Resilient Value Chains program at EPFL, opened the session by highlighting a disconnect between public expectations and corporate risk priorities. While extreme weather events and misinformation top the global risk rankings among academics, customers and governments, private sector respondents rank these lower.

“Companies are serving customers,” said Moran. “So this should be aligned.”

She argued that organisations will only be able to deliver resilience, agility and sustainability if they prioritise trustworthy data. That means data that is secure, energy-efficient, designed for people, and made available across the value chain.

To achieve this, Moran emphasised the need for system-wide collaboration and education. At EPFL, her team works across academic and industry silos to design executive programmes that help professionals speak a common language around risk, technology and sustainability.

“The exciting place to be for companies and for talent and organisations is there in the sweet spot,” she said. “The enabler is the digital technology… and it is only an enabler if it’s done the correct way, which is trusted, secure data.”

The trust barrier

One of the main challenges to reaching that sweet spot, said Moran, is a lack of trust in data. This includes doubts about robustness, security, and the consequences of data sharing. It also stems from fragmented systems and outdated technology.

“We hear it again and again: the two biggest barriers are legacy systems and silos, and a lack of trust in data,” she noted.

This is not just an IT problem. Data is created and used across every part of the business. For cybersecurity to support ESG and resilience goals, it must be integrated into operations, risk planning, and governance frameworks.

Engineering in cybersecurity

Geoffrey Kerr, a former global cybersecurity executive at Procter & Gamble, echoed this point. Recalling a five-year transformation programme he led at the company, Kerr said it took deep organisational design, not just technology upgrades, to become resilient.

“Don’t let this be an IT-led cybersecurity team,” said Kerr. “You need to bring multifunctional teams together, talk about the risk, quantify it, and then put after that your programme in place to address the risk.”

Kerr also stressed that attacks are constant and unavoidable. What matters is how fast and effectively an organisation can detect, contain and recover. That means creating a culture where everyone understands the basics of cyber hygiene and their role in safeguarding operations.

“You’re never going to be cyber secure, ever,” he said. “You’re just going to be more resilient.”

From tools to transformation

To achieve that resilience, Kerr advocated for a structured, benchmarked approach. At P&G, the cybersecurity team adopted the NIST framework and used it to track maturity against peer companies, communicate with the board, and guide investment decisions.

Just as important, said Kerr, was understanding the interdependencies between business functions and technical systems. Whether it’s a product formula, a manufacturing camera, or a supplier interface, the weakest point can become an entry point.

“You’re making a big mistake if you say it’s an IT-driven process,” he said. “You need to bridge between the two if you’re going to put in a successful programme.”

Resilience is everyone’s job

Both speakers stressed the need for integrated thinking. Resilience isn’t something that can be tacked on after the fact. It depends on designing systems, processes and skills with security and trust at their core.

“If we can explain, you can gain trust,” said Moran. “And be able to help the innovators to build these systems… that’s why education and shared language across the value chain are so important.”

Ultimately, trusted data isn’t just about technology. It’s about people, systems and leadership working together to build the foundations of a sustainable, adaptable business.

As organisations contend with climate shocks, cyber threats and operational disruptions, that lesson is more important than ever.