Continuity plans fall behind business threat profile

Threats to business operations have changed dramatically. New threats are now emerging as businesses become increasingly reliant on technology. Ian Pollard believes it’s time for business owners to take stock.

It’s every business’s nightmare.

An earthquake strikes, causing widespread infrastructural damage. A fire devastates a warehouse. Or a major storm brings flooding and a huge clean-up bill.

That kind of misfortune doesn’t happen often – fortunately. And most businesses make provision to keep their operations and viability going while they tidy up the mess – usually enshrined in a Business Continuity Plan (BCP), which captures the organisation’s disaster recovery actions. 

Businesses decide evacuation plans and alternative worksite location arrangements in the event of a disaster, which they test and revise accordingly. End of story, you might think. We’ve got it sorted!

Truth is, the threats to business operations have changed dramatically in the modern era and new threats are emerging all the time as businesses are increasingly reliant on technology – in some cases almost completely so. 

An organisation’s IT platform has become a business life-support system; if it goes down for a lengthy period, the business may struggle to survive. IT outages do happen but most are relatively minor and surmountable. Every now and then, however, one will occur that is the IT equivalent of a 100-year flood – though the timing is a lot more frequent than a flood these days with the rise in cyber-attacks and cloud system failure.

IT is increasingly delivered by external suppliers who provide the likes of Internet and “cloud”-based services, telecommunications support, and third-party software or applications. Should those vendors fail, a business may be relatively powerless to do anything to recover. Worse still, IT failure can lead to a massive and costly loss of data or stifle a business’s ability to simply operate and generate income.

You may get operational again, but with severely increased costs and a drastic loss of revenue.

In recent times, moving IT support outside the business has been seen as a cost-cutter and an astute way to gain efficiencies, and ironically as a way to guard against IT (and thus business) failure. But even the cloud storage systems at industry leaders like Amazon Web Services (owners of one-third of the global cloud storage market), Facebook, Google and Microsoft can all, in theory, fail for a short but potentially disastrous time.

Cyber risks and cyber-crime in particular bring another dimension to business continuity in the IT space, with cyber-criminals deliberately and often indiscriminately seeking to paralyse organisations. The risks in that space are proliferating and the perpetrators are becoming more creative in their attacks.

But IT vulnerability is only one face on a multi-headed monster. In addition to their heavy reliance on technology and the largely unpredictable seismic and weather events that seem to be on the increase, businesses face a host of other risks that can hamstring their operations. 

An unexpected power outage can also rock a company, while a viral outbreak among employees or tragic loss of key personnel can devastate management and operations.  Filling out the list of risks are the threat of major theft of equipment, mechanical breakdowns, or failures in the supply chain.

Many businesses have yet to realise how vulnerable they have become with the passage of time, despite having a Business Continuity Plan (BCP) sitting on the shelf. 

The Plan must be viewed as a “live” document and regularly reviewed and updated to address new threats and risks, and changes to vendors and staff.

As insurers, we were concerned that businesses weren’t keeping pace with the business continuity threats of the modern era, and for that reason we’ve developed a BCP option that new clients receive for free when they insure with us. 

It’s in every party’s interests to have a comprehensive plan to help minimise the potential disruption from the many threats that an organisation faces today.

We considered the whole minefield of threats to a business in creating our BCP offering, which guides companies on how to ensure everyone in the business knows what’s happening during a crisis, and how to recover quickly. 

Adopting the BCP benefits the company in other ways too: premiums can be reduced and more attractive terms provided as a consequence of the decreased risk; and the plan can also accommodate other elements of a business’s regulatory or governance responsibilities, around health and safety, for example.

First step for many businesses, however, is to realise the world has changed and it is now a must – not a maybe – to account for, and guard against, the vulnerabilities arising from the technology we rely on and the increasingly riskier physical and virtual world we live in.

Ian Pollard (pictured) is MD of Delta Insurance, a Kiwi-owned specialist insurance provider based in Auckland. For more information visit: https://deltainsurance.co.nz/business-continuity-planning/ 

Article supplied by Delta Insurance.