As an industry professional, you're eligible to receive a printed copy of the journal.

Fill out your address below.






Please reset your password to access the new DRJ.com
Reset my password
Welcome aboard, !
You're all set. We've send you an email confirmation to
just to confirm you're you.

Welcome to DRJ

Already registered user? Please login here

[wpmem_form login]

Create new account
(it's completely free). Subscribe

Security breaches and ransomware. Wildfires, flooding, and hurricanes. 

This is what most organizations have in mind when they think about business disruption and plan for business resiliency. All of these events are costly, disruptive, and bring normal operations to a crawl. 

But business resilience goes far beyond cyberattacks and natural disasters. Power outages, personnel changes, and even digital transformation can disrupt your business in various ways. Resilience is about having a plan to deal with the big hits, as well as the changes that come from competitive pressure and changing market dynamics. Resilience is about ensuring your business – and the underlying IT infrastructure – is available, safe, and agile.

Here’s why you might be thinking about resiliency all wrong and how to cultivate an agility which helps your business weather changes of all kinds.

The Most Common Disasters in 2018

Natural disasters cost the U.S. $155 billion in 2018, with hurricanes, wildfires, and even Hawaii’s volcanoes playing a role. Cyberattacks are also increasingly becoming more expensive. One report estimates that cybercrime costs the world almost $600 billion, up from $500 billion in 2014.

While these disasters are often widespread and newsworthy, companies are often left reeling from more mundane and localized, albeit still disruptive, events. In 2018, a leading disaster recovery and business continuity service provider received 91 disaster declarations spanning the U.S., UK, Europe, Canada, and India. Looking at the causes of those declarations, some interesting trends surface. While hurricanes and flooding were both causes of several declarations, the top cause, at 17.5 percent of the total, was power outages. Network outages and hardware failures closely followed. In total, those top three triggered 40 percent of total declarations. Flooding and hurricanes combined were just 13 percent of the total.

Beyond IT: Workplace Disruptions

If your building lost power, how quickly could employees resume serving customers? If you experienced communication issues which cut off your link to the cloud, how would you access the data and applications which reside there? If your company acquired another with 15 sites and a few data centers, how quickly could you streamline the collection of current and “new” IT infrastructure?

Resilience programs have to go beyond how to bring back up the applications which have gone down or send employees to a recovery site. Sometimes an issue cripples operations, and sometimes it just affects employees’ ability to work effectively. Alternatively, it might be positive news, like migrating select applications to the cloud or a digital transformation program, which can similarly disrupt normal business operations. All of these events can affect your organization’s employees, investors, customers, and reputation, and you’ll only be truly resilient when you have a plan for managing these changes and disruptions holistically.

How to Build Resilience for Any Disaster

There are four principles which can minimize the impact of many kinds of disruptions:

1. Understand dependencies.

Not just in your IT, but in your organization. While digital transformation can increase revenue, customer satisfaction, and agility, it can also leave your organization susceptible to external threats if you’ve opened up part of your business that wasn’t previously connected. Know the potential impact of an application failure or data breach. The same thing goes for employees. If there is an unexpected personnel change, what’s the succession plan or adjustment to access rights and process flows?

2. Cover the last mile.

So many resilience plans fall short in the last mile: your people. Train and educate your team on what they should and should not do. Many companies underestimate how much employees are targeted with real threats like phishing attacks. Simulating phishing emails to test users and teaching them how to report phishing attempts can avert disasters. Training them on new technology ensures smooth transitions when migrating to the cloud, for example. Also, regular testing of disaster recovery plans can help identify weak areas and reinforce the required actions.

3. Don’t assume anything.

It’s easy, given the many benefits of the cloud, to assume your data and applications are safe and easily recoverable. But just because your applications and data are running in the cloud do not mean your cloud provider will own recovering them. Recoverability still falls on your shoulders. In a similar vein, it’s easy to assume your locations’ power and communications will always be in place, but it is imperative to have a plan for when they fail.

4. Don’t try to become impenetrable.

It is impossible, whether we’re talking cybersecurity, natural disasters, or a power outage. Instead, aim for agility. You cannot block disasters from happening, but you can create a good plan so when they hit, you not only fix the problem but keep your business running in the meantime. Beyond IT resiliency, that means having a plan for proactive communication with customers, vendors, and partners to keep them apprised of the situation and how you are handling it. That way you protect both your critical business systems and your reputation.

Disruptions and disasters come in all shapes and sizes, but they all have one thing in common: they cannot be predicted. Even for hurricanes you can see coming days in advance, it is impossible to know their full impact until after they’ve passed. Truly resilient businesses take that unpredictability in stride, with a plan that minimizes disruption, improves agility, and ensures their business stays up and running.

February 3, 2021 – Using Mass Notification to Accomplish Your 2021 Business Continuity Goals

WATCH NOW

February 17, 2021 – Is your BIA effective? Or are you using it ineffectively? How 2020 Changed My View on “Traditional” Business Continuity

WATCH NOW

February 24, 2021 – Evolving Employee Safety for the Anywhere Worker

WATCH NOW

ABOUT THE AUTHOR

John Beattie

As a principal consultant within Sungard Availability Services (Sungard AS), John Beattie works closely with organizations to reduce operational risk through establishing new business continuity and disaster recovery programs or transforming existing ones. He also leads Sungard AS’ third-party risk management practice and is a contributing member of the Shared Assessments Standardized Information Gathering (SIG) and Standardized Control Assessment (SCA) content committees.

Disaster Proofing Your Business with an Electronic Document Management System
Critical Backups and Data Protection in the Event of a Disaster Nearly 18,000 businesses were dislocated, disrupted or destroyed by...
READ MORE
Exercise-Grid1
Effective Preparedness through Strategic Exercise Programs
Timing: have a plan, but don’t wait for it to be ‘perfect’ before beginning an exercise strategy Successful drills and...
READ MORE
P-and-S-Model
Small Business Disaster Preparedness
Planning Preparedness Tips For Small Businesses: The Products and Services Catalog In light of what has occured in the Midwest...
READ MORE
A Culture of [Business] Continuity | Part II
This two-part series from Avalution Consulting focuses on defining and embedding a “culture of continuity” within organizations. PART II: IMPLEMENTING...
READ MORE