Posted by: David Scott
business continuity, business risk, contingency planning, contingency plans, data breach, disaster planning, disaster prevention, disaster recovery, risk management
According to a recent survey by BDO, “Business Continuity” ranks higher as a security concern than “Data Breach” among most U.S. companies. Security risks such as wars, natural disasters, and terror attacks were cited by 55% of responding companies, vs. 44% expressing concern about breaches of security and the resulting privacy and theft issues.
One could well ask: If you suffer a catastrophic compromise of data, and the resulting compromise of reputation and trust, are you not imperiling the continuity (the continuing) of your business? Well, sure… but… plenty of organizations have suffered large, embarrassing, breaches of data – and have survived quite nicely.
If you really want to understand Business Continuity in the face of large-scale catastrophe, consider New Orleans: When those levees broke during Hurricane Katrina, how many businesses, large and small, had locks on their doors? How many had system and data backup and recovery plans? How many had robust Disaster Recovery plans? All to wash away in the comprehensibility of a flood. Business = Gone.
That’s what we’re talking about when we talk about Business Continuity. For businesses in New Orleans back in ‘05, no measure of a conventional Disaster Recovery plan would suffice. Given the fact that levees were long understood to be underspec’d for a Cat 4/5 hurricane, it would seem that a prudent business would have extended its DR and Continuity planning to include the surrounding whole: Perhaps joining a local association of companies in common purpose to lobby local government for a true surety posture that secured the local environment. You need a place to do business, first and foremost.
Today, true Business Continuity planning means that you must, in part, survey where you’re at in a physical sense, and assess physical vulnerabilities to public infrastructure, power, water, security, roads, access, policing, emergency response, recovery postures, etc. Your organization may not have a powerful lever in influencing local leaders’ actions for the protection and securing of your surrounding whole – but that doesn’t mean you can’t lay the groundwork, or ally yourself with other sympathetic organizations, in making the case for a surrounding policy and plan for security. That is, the “security garden” in which your organization grows and prospers.
What would happen to your business in the face of a “dirty bomb” (dispersal of radioactive matter), or a natural disaster such as a hurricane or tornado? While human life and treatment for survivors would be the first priorities, the continuity of business would be a close second: Hospitals, emergency response, policing – these all are businesses in The Business-Technology Weave. Even charitable organizations are considered “business” here: They are in the business of getting something done according to mission and desired outcomes. For any human activity, a real recovery needs to have people working and getting back into the routines of their lives quickly.
Maybe you’re thinking, “I’m not in a city that’s below sea-level with aging levees” (as was New Orleans); perhaps, “I’m not in a major metropolis like those most vulnerable to terror strikes” or “I’m not in a tornado zone.” And yet, who in the Gulf foresaw the spill and the impact to business? Today’s business continuity planning must examine risk and contingency in a much more imaginative and comprehensive fashion.
Next: We’ll consider lessons from the BP oil spill. We’re going to examine BP’s deficiencies, not from any political perspective, but from an empirical point of view, so that the “local” organization - that is, yours – can learn from the disaster in the Gulf. Prevention must be made a value, a standard, a mission, and most of all - a belief. Increasingly, in more and more areas, prevention on a steady, ongoing, basis is going to be a thorough necessity to ensure business continuity.
This examination, from the perspective of The Weave, will lead us to the largest, most comprehensive disaster imaginable… and what can be done in terms of prevention. But I’m getting ahead of myself…
June 7th: On this day in 1963, the Rolling Stones made their first television appearance (Thank Your Lucky Stars) and released their first single, “Come On”