Thought Leadership, White Papers
One of the most important benchmarks of a business’ health is its growth. Poor growth can result in downsizing, upset shareholders, or in the worst case the shuttering of its doors. Each year, a business plans for its growth, but things don’t always go to plan. A disruption in your business, such as a flood, fire or a physical breakdown of communications can put a big dent to your business’ bottom line. To mitigate the impact of these disruptions, you need to protect your business from the unexpected, but this requires investment of resources by the business into business continuity. So how do we convince them business continuity is worth it?
Align BC objectives with the organisation’s objective and KPIs
Business continuity should be a key part of a business’ strategy to ensure the business is able to run under even the most extreme of conditions e.g. when there is a major and sudden shift in the business’ operating environment like the flood in 2011 where three quarters of Queensland was declared a disaster zone or the recent DDOS attack against Dyn, which resulted in services such as Twitter, Reddit, Spotify and Amazon being rendered unavailable (2,3). While IT often forms part of a business’ mission critical services, there can be other parts of the business that are mission critical too, and this depends on your specific business’ needs e.g. it may be your customer service function. Any business continuity plan must plan to ensure these mission critical services continue to function as much as they can during the period of disruption.
Build your case
So how do you build a case for business continuity? Your business’ leadership team will want to know the impact any business continuity plan will have on their bottom-line, and how it will affect their KPI's. Of course, they will want to know what impact doing nothing will have too. The first step in determining the impact of doing nothing may be to assess the business disruptions that have occurred in the business within the past 6–12 months. As part of the assessment, evaluate how much those disruptions cost the business, by looking at things like business opportunity cost, loss in productivity, impact to reputation, etc. Having calculated the impact of doing nothing, determine the causes of these business disruptions and if they were predictable. Knowing their causes, and the likelihood of them occurring, will allow you to estimate how much the business would have recovered if a business continuity plan were in place. Understanding the impact of doing nothing, and of doing something, will allow you to define a solution that will ultimately best position your business continuity plan to benefit the bottom-line of your business.
Get clear on what business continuity can do for your business
One hurdle to achieving business continuity success is ensuring there is a consistent understanding of what business continuity is across the leadership team. Some in the leadership team may interpret business continuity as a list of service providers and insurers to call, and others may view it as disaster recovery, and for your business it might be one or both of those things, or even more. To ensure the business is aligned on business continuity, define the objectives of business continuity for your organisation. This means identifying the different parts of your business that would be affected by the business continuity plan, e.g., customer service. Use this understanding to illustrate the benefits of implementing business continuity across the business. It’s also important for management teams to foster a culture where business continuity is part of the day to day operations of a business. This empowers staff to take initiative in helping a business run in the event of a business disruption or disaster.
Communicate what you would need to put BC into the business
With your plan in place, the next step is to communicate what you need to implement your business continuity plan. To do this, outline the internal and external resources required to implement the plan, including both monetary and human resources. Then, outline the resources required to maintain the business continuity plan e.g. fees to business continuity providers, insurers, disaster recovery testing. Balance these costs with the estimated cost of an occurrence of an unmitigated disruption, and how likely it will occur e.g. how much would it cost your business if it were hit by a natural disaster and your most critical staff were displaced without the proper technology to run your business at full capacity, and what is the chance this will happen? A successful business continuity plan will need the total costs, both tangible and intangible of the plan, to be less than the total cost of not implementing the plan.
Rolling out BC in phases
The final pitch to the leadership team is how business continuity will be rolled out into the business. The best way to roll out business continuity is going to depend on your business, so consider your specific needs when outlining your plan. However, there are several key aspects that need to be addressed in the rollout plan. The first is managing expectations and setting a timeframe for the rollout of business continuity within the business. With the timeframe outlined, define a timeline, milestones to hit, and any activities that need to be undertaken for successful execution of the plan. Finally, and possibly the most important, identify the key stakeholders that need to be involved and make sure they’re involved in the process – one way of doing this is through using a RACI chart.(4) Addressing these aspects of your rollout pitch to the leadership team will make getting it approved as easy as possible, leaving you to focus on the task at hand.
If you are looking to protect what matters most in business, Interactive offers a complimentary risk assessment to help you identify what your risk profile could look like. Contact 1300 584 644 to schedule your consultation and BC facility tour.
1. The Cost of Cybercrime to Australia, Stay Smart Online
https://www.staysmartonline.gov.au/sites/g/files/net301/f/Cost of cybercrime_INFOGRAPHIC_WEB_published_08102015.pdf
2. Massive cyber attack ‘sophisticated, highly distributed’, involving millions of IP addresses, CNBC
3. DDos on Dyn Impacts Twitter, Spotify, Reddit, Krebs on Security
4. RACI Chart, http://racichart.org/