We do not expect something to go wrong – until it actually does.
Then when something goes wrong, we might panic if we cannot decide what to do or how to respond, and do not have a plan just waiting for us in the drawer.
When Covid-19 hit, the world stood still for a brief moment. Most businesses found that they were not prepared for this kind of crisis, with many struggling to move forward.
With the pandemic apparently receding, and life returning almost to normal, many businesses are on the road to recovery. But have we learned our lesson? When the next interruption, virus variant, or crisis comes, will your business be ready?
You may ask, but how can I expect the unexpected? How can I prepare for something which I do not know is coming?
Thankfully, there is a way to prepare your organisation for this. With Business Continuity Management, also known as Business Continuity Planning, you can prepare your business to minimise disruption to your operations and minimise losses.
As business owners or managers, we should recognise the added risks in the world today. The new normal has brought with it remote work, increasing dependence on mobile devices, and a greater reliance on cloud infrastructure. While these have transformed and redefined the modern workplace, they also bring with them new kinds of risks.
For instance, remote work has led to an increase in businesses employing third-party providers and remote workers. A report by CyberArk states that 96% of organisations grant these third-parties access to critical systems. This creates more access points for hackers, increasing the organisation’s vulnerability. With company systems also being accessed from personal devices through public WiFi and unprotected home networks, the security risk is even greater.
The widespread use of mobile devices has also made them a target of many cybercriminals. According to Check Point Software’s Mobile Security Report, 46% of companies experienced a security incident relating to an employee downloading a malicious mobile application.
Meanwhile, cloud vulnerabilities have risen by 150% in the last five years, and phishing remains to be one of the most popular cyber attacks. According to Verizon’s Data Breach Investigation Report, 85% of data breaches are a result of human interaction.
Thus, the risk of your business experiencing a cyber attack is indeed greater these days. How equipped are you to do business in the new normal? If you receive a ransomware attack, would it cripple your operations? If your employee accidentally provides his password to a phishing website, would it be a big blow to your organisation?
According to a 2022 report by Sophos, it takes an average of USD 1.4M to remediate a ransomware attack, and an average of one month for the business to recover. Meanwhile, Kaspersky reports that the average cost of recovery from a single security incident is around USD 86,500 for small and medium businesses, and USD 861,000 for larger enterprises.
There are many hidden costs to a disruption, such as the following:
• loss of potential revenue due to downtime
• customers flock to your competitors during your downtime
• increase in customer acquisition cost to win customers back
• loss of valuable data or assets
• cost to recover lost data (or whatever was lost)
• cost to recover customer trust
• cost to restore brand reputation
The less prepared you are, the longer your downtime and the greater your losses. So how exactly can you prepare your business?
Business continuity management (BCM) is a framework which helps organisations ensure minimum downtime and resume operations quickly when a crisis hits. Although traditional BCM focuses on disruptions such as natural disasters and health crises, BCM for the new normal should give more attention to cyber attacks and data breaches.
Some best practices in BCM for the new normal include:
1. Develop a Data Protection Management Programme (DPMP)
A DPMP ensures that the organisation’s data, which are valuable assets, are protected. A good DPMP identifies the risks that are present, and establishes the necessary controls to minimise the risk exposure of the organisation. A DPMP also integrates a breach response plan, so that the organisation can act swiftly and decisively during a data breach.
IT and cybersecurity managers should be included in the business continuity and crisis management team. According to Ponemon Institute, the lack of integration between IT and other departments significantly hampers the organisation’s response to a crisis.
3. Taking third-party suppliers into account
Organisations are becoming more reliant on third parties or ad-hoc staff for IT functions. Thus, any disruption with your third-party providers is a threat to the continuity of your operations. Third-party providers must be taken into account as you develop your Business Continuity Plan.
A good business continuity plan will put your organisation in a better position to exploit unexpected incidents as an opportunity rather than a threat. Good BCM will enable your organisation to:
• reduce financial risk
• reduce downtime and ensure quick recovery of operations
• ensure compliance with regulations
• reduce the risk of being fined
Learn how to identify threats for business operations as well as how to build a framework for building organisational resilience with the capability of yielding an effective response that protects the interests of key stakeholders and brand reputation in our BCM course.