Cybersecurity, IT Maturity
How Much Does Your Business Rely on Technology?
Having a strong business continuity plan that can adapt to changes in your business is a constant effort and a necessary one. After all, how reliant is your business on technology? In times of crisis, that same reliance applies to your need for a comprehensive business continuity plan.
If your systems were to go down, what would happen to your organization? Realistically speaking, how much could your company withstand losing revenue, regulatory agency sanctions, or damage to your reputation?
Increasingly, technology permeates business operations. Advances in technology like cloud, mobile, and social media alter how we interact with customers and run our businesses.
If an outage were to happen, would your business cease to function? How much revenue would you lose? How quickly could you recover?
What Is the Cost of Unpreparedness?
Most companies have a general business continuity plan. However, the tremendous pressure of immediate competitive demands can outweigh their ability to test and adapt business continuity processes to their evolving business.
According to Uptime Institute, about half of all businesses experienced at least one disruptive event in the last three years. However, no one knows when technology disruptions will happen and it’s hard to put processes in place to ward off a disruption with no exact date.
Companies who are unprepared pay a significant price when disruptions occur. In fact, inadequate business continuity planning can have a long-lasting impact on businesses, especially SMBs.
Here are common costs associated with having no viable business continuity plan:
- Business Disruption: What will happen if your computers go down? Does your production line stop? Is your customer service center reachable? Do your business locations cease to function? According to the 2019 Allianz Risk Barometer, the cost of business interruptions can vary from $6.7 million after a fire or explosion, $4.4 million due to storm, or half a million for water damage. Logically, the longer the downtime, the higher your losses.
- Regulatory Compliance and Litigation: Regulations like Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI, DSS) and General Data Protection Regulation (GDPR) require organizations to have viable business continuity plans in place and to be able to enact them when necessary. These groups can even conduct random audits and fine companies whose processes are inadequate. The average HIPAA penalty in 2018 was over $2,500,000. “Cyber incidents are increasingly likely to spark litigation, including securities and consumer class actions,” says Allianz.
- Brand Reputation: For many companies, your reputation is paramount. Businesses can suffer greatly after a cyber incident or disaster. In fact, Facebook’s value fell almost 40% in 2018 after a tumultuous year for the company including a massive data breach and privacy scandal. As social media evolves, companies must prioritize protecting their brand from reputation events.
- Customer Disillusionment: Consumers expect your website and services to operate properly and consistently. Experiencing service outages or delayed product fulfillment takes a toll on customer loyalty and can have a major effect on revenue.
- Loss of Partner Trust: As supply chains become leaner and more efficient, your partners rely on your operations almost as closely as you do. Vendors, companies, and customers frequently extend trusted connections between their IT systems. Large vendors or ones that are heavily regulated usually require their supply chain partners to adhere to the same regulations. Without a business continuity plan, you risk losing out on valuable partner relationships.
- Employee Turnover: Often, it’s your employees who suffer the most when system problems occur. They hear all the complaints and work extra hours. After an outage, they can feel beaten down and disillusioned, leading them to find work at another organization or one more committed to putting sound business continuity processes in place. This is especially difficult to deal with if your industry is already experiencing a skills shortage.
Limiting the Impact of an Outage
It’s impossible to stop outages from happening, so how do you mitigate the risks?
Business continuity examines how your company uses technology and puts procedures in place so your systems remain functioning when your main power source is out. Business Continuity planning includes creating systems and procedures to back up data, developing steps to switch systems, training employees to move to the spare systems, and regularly testing your plan so that you know it will work.
If you don’t have a sound plan, you need to get started writing one ASAP. A good place to begin is with an assessment outlining your most important applications and the systems most likely to have problems and then developing workarounds to protect them.