NextStaffing your Data Privacy and Protection Program
What would you do if your company suddenly went out of business? Seems like an odd question right?
Well the unusually busy 2017 hurricane season caused a lot of business leaders to seriously think about whether their companies could survive a major disaster – natural or otherwise. Let’s put hurricanes aside for a minute, the fact that we live in an increasingly inter-connected and complex world also means that imminent threat of danger is more real than at any other time in history. In 2016, The Institute of Cyber Security conducted a global survey which revealed that 82% of all companies surveyed experienced at least one cyber-attack attempt that they were aware of. This reality underscores the need for organizations to anticipate disasters and develop robust strategies that counter these or at the very least, minimize the impact on the organization including its staff, shareholders and customers.
Business Continuity Planning is one of the most critical components of strategic planning but unfortunately, not every company develops one. Having worked in the consulting industry for over 10 years, I have had the advantage of spending a lot of time in client organizations and one of the things that I hear often is ‘I know that creating a business continuity plan is important but I just don’t know where to begin’. If you are a business leader reading this and you can relate, take comfort in the fact that you are not alone. This blog post is intended to demystify Business Continuity Planning and shine a light on its importance to the organization as well as share some common misconceptions that we come across when working with clients to create a business continuity plan.
Simply put, Business Continuity Planning is a proactive business activity to identify, avoid and mitigate risks associated with ANY disruption of operations. It details steps to be taken before, during and after an event to maintain the financial and operational viability of an organization. Disaster recovery on the other hand, is a reactive plan for responding after an event (they are closely related but are not one and the same). Business continuity and disaster recovery planning are critical activities for organizations of any size, whether you a large enterprise or SMB.
A fair assumption is that most organizations understand the inherent importance of business continuity planning as a strategic activity. Interestingly though, a recent Travelers study found that 48% of small businesses are operating without any type of business continuity plan, yet 95% indicated they felt they were prepared. This then begs the question: If the importance is obvious, why are so many companies still without a formal Business Continuity Plan? Is it a case that business leaders have fooled themselves into believing the fallacy “that (insert disaster of choice) will never happen to us”? That is what many would call living on the edge because we know that anything that can happen, will happen. Here are three other common misconceptions that may hold the answers to that question:
Yes, we know that you hire the best and brightest people but even the smartest employees cannot be expected to automatically know what to do when disaster strikes. Leaving each person to respond in his or her own way only adds to the chaos and confusion of the moment. Having a well-documented business continuity plan in advance, and training employees to follow it, gets everyone on the same page — helping to ensure an organized, safe and timely recovery.
Insurance by itself is NOT a business continuity strategy. Proper coverage is a significant and important part of the plan. This however may not fully cover some of the peripheral damages from an event, like loss of customers, loss of market share, or setbacks in development or release of a new product.
Time spent developing and maintaining a business continuity plan is an investment for the company. The fixed costs will continue after an event, whether or not the organization is open for business. The faster a company can return operations to normal, the more likely they will be to recover from the event successfully. With so much at stake, you simply cannot afford to NOT have a plan.
According to 2016 statistics from the Federal Emergency Management Agency (FEMA) in the US, 40% of businesses do not reopen after a disaster. Similar statistics from the United States Small Business Administration indicate that over 90 percent of businesses fail within two years after being struck by a disaster. It does not take a major catastrophe to shut down your business. Seemingly minor disruptions compared to widespread natural disasters can often cause significant damage — power failures, broken water pipes or loss of computer data.
An important starting point in the development of a business continuity plan is an honest assessment of whether your organization can withstand a major disaster. This step in the process also involves a Business Impact Analysis, the aim of which is to identify time-sensitive or critical business functions and processes and the resources to support them. Ask yourself the following questions:
Is your business continuity plan predominately an insurance policy?
Is it largely an emergency response or evacuation plan?
Is it predominately an IT or data recovery plan?
Is it something you developed that sits in a binder on a shelf?
If you answered yes to any of the questions above, then now is the time to seriously think about what a disaster could mean for you and your organization and what you need to do now to mitigate the potential damage.