The spread of a severe pneumonia now known to be COVID-19 through China and into other countries offers a timely reminder of the difficulty of planning for pandemic events and natural disasters. Businesses always need robust and current continuity plans that stipulate exactly how business operations will respond to and resume after a disruption — whether it is a natural disaster or an operational disruption, such as a broken contract.
In the 2018 Gartner State of the ERM Function Survey, 78% of respondents reported having a defined response plan for a cyberrelated incident, and 76% had plans to deal with the effects of a fire or explosion
More than 40% of businesses will never reopen after a major natural disaster.
Even just a few moments of downtime can be costly, so it is essential that firms implement sound business continuity procedures. In fact, more than 40% of businesses will never reopen after a major natural disaster.
The number of incidents that organizations face continues to rise. In a 2016 survey, 22% of organizations reported 11 or more disruptions over the prior 12 months, a 15% increase from the year before. The costs of such incidents are also rising. Natural catastrophes in 2018 cost companies roughly $20 million more than the average of the 30 years prior, underscoring the need for business continuity management (BCM) plans.
Components of a BCM program
A BCM program should reduce the impact of internal and external volatility, enabling the organization to reliably and consistently meet its strategic objectives despite disruption. A comprehensive BCM program covers the response and resilience of IT operations, the supply chain, the workforce and more.
Successful BCM programs have four components:
Test your plan
Without formal processes and guidelines, ad hoc responses will likely extend downtime and business loss. Plans must be tested to ensure they will enable the organization to weather disruption.
Tabletop exercises for BCM test the effectiveness of procedures and safeguards in place to respond to — and recover from — specific continuity incidents. These exercises are an effective way to gauge organizational preparedness and awareness, but also to uncover flaws or gaps in recovery plan design.
Mind your own “business”
First define the threats and risks specific to your organization. Consider that a risk reported in the global news cycle doesn’t automatically make that a risk for every organization.
Prioritize relevant scenarios by considering regulatory obligations, response plan maturity, criticality to business operations and response plan complexity. From there, leaders can draft relevant and comprehensive scenarios.
Assign clear roles and responsibilities for participants and facilitators in tabletop exercises, including:
The original article by Ian Beale, vice president for advisory at Gartner, is here. This article has been updated from the original, published on August 21, 2018, to reflect new events, conditions or research. The views and opinions expressed in this article are those of the author and do not necessarily reflect those of CDOTrends. Photo credit: iStockphoto/NiseriN