2017 saw the importance of business continuity return to centre stage. From the WannaCry and Petya cyber-attacks, to the series of natural catastrophes that hit the Caribbean, US and Mexico, the perils of physical and non-physical risk were felt by businesses across the globe. The World Economic Forum's (WEF) 2018 Global Risks Report recently named extreme weather events, natural disasters and cyber-attacks as the most likely risks to affect businesses this year, intensifying the need to focus on business continuity.
Valuable lessons can be learned from the losses of last year and serve as an excellent opportunity for risk managers to put the importance of business continuity firmly back at the top of the C-Suite agenda. It is vital to take a proactive approach when protecting your business's operations. Failure to be proactive can result in loss of reputation, shareholder sentiment and ultimately bottom line.
Why does business continuity matter?
In today's interconnected world, hindsight is not an option in the face of disruption. Companies should not underestimate the importance of a contingency plan. News of a loss travels fast and businesses that are unprepared may be unable to swiftly resume normal operations, which could result in a decline in consumer confidence.
On top of this, both the business and risk landscapes are becoming increasingly complex. Many organisations have multi-tiered suppliers in many different locations across the world. Set this against the increase in frequency of natural catastrophes and cyber-attacks; those businesses that have not amply protected their supply chain are exposed.
As seen with the severity of the WannaCry cyber-attack last year, without comprehensive preparation organisations can be brought to a complete standstill. The unprecedented ransomware attack lead to the shutdown of computers across 80 NHS organisations in England alone, which led to 60,000 cancelled appointments and some hospitals diverting ambulances because they were unable to cope with emergency calls.
Similarly, as Hurricanes Harvey, Irma and Jose ripped through the Caribbean and US last year, facilities were destroyed, and many were left without power leading to severe business interruption.
These types of business closures can cause customers to rely on competitors which may result in a loss of market share. Ultimately, the most successful organisations are resilient ones. By developing and implementing a business continuity plan (BCP) companies can build resilience into their complex supply chains, identify their exposures and implement measures to mitigate risks as well as have a coherent strategy that can be quickly drawn upon in the event of a loss.
How to implement business continuity across your business
There are four main components in a successful business continuity programme. These components are comprised of: loss prevention, business continuity planning, crisis management and business recovery planning.
Loss Prevention: commitment to proactive loss prevention is a crucial element to any plan. Establishing where your organisation is vulnerable before a loss occurs puts you in a far more resilient position and will greatly improve your ability to avoid such losses.
Business Continuity Planning: having a plan for the worst-case scenario will ensure that all relevant parties are briefed and will promote a more streamlined and efficient recovery.
Crisis Management: If a loss was to occur, a clearly structured crisis management programme that can be immediately deployed will aid in your ability to reassure your customers, and may safeguard your reputation and shareholder value.
Business Recovery Planning: is critical to quickly getting you back on your feet. In some cases, resuming normal operations may not be possible, instead companies are encouraged to explore opportunities to adapt. Establishing alternate suppliers for key components would support consistent delivery of services whilst a business is recovering.
Partnering with an insurer that is able and willing to pay claims quickly in the event of a loss is also critical to a quick recovery. That should mean claims managers who are empowered to make on-site decisions around the world and release emergency funds when required before the full extent of a loss has been established.
Truly resilient companies recognise that timing is crucial in the aftermath of a loss. The most successful organisations are confident in their ability to recover quickly and resume normal operations as soon as possible.
At FM Global, we believe that the majority of loss is preventable and work closely with our clients to identify exposures to their business and implement engineering-based solutions to mitigate against risk.
Philip Johnson, is Managing Director at FM Insurance Company Ltd
Business Continuity Management Report
In November 2017, FM Global worked with the Business Continuity Institute and Airmic to create a report highlighting the importance of business continuity management. The report highlights key steps that can be taken to enforce a BCP across an organisation.
The report explains the following:
- The importance of business continuity to the broader risk management function.
- The Business Continuity Institute's business continuity management life cycle, which can be used as a framework for an organisation to build resilience.
- The appropriate language which risk managers can use when developing a relationship with business continuity managers, as well as the key questions which the risk manager should be asking.
The report is available to all Airmic Members, and can be found here.
For a useful guide on how to write a BCP, you can consult IT Governance' How to write a business continuity plan: the easy way