It is a dangerous world out there and in many ways your business may just be a sitting duck. Fire, flooding, weather events, civil unrest and ransomware have all wreaked havoc on U.S. business in the last few years. And some of those organizations were never able to recover.
On December 31st, 2021 a wildfire stoked by 100mph winds ripped through a Boulder County, Colorado suburb. The aftermath was devastating with more than 1000 homes lost. While industry was mostly spared, at least eight businesses were destroyed and several-dozen more severely damaged.
In late September and early October 2022, Hurricane Ian unleashed its fury on the coastal regions of Florida, South Carolina and North Carolina. Approximately 623 commercial and government properties sustained more than $114 million in damages – five of which were destroyed and 34 more sustained major damage.
The largest semiconductor chip company was hit hard by a ransomware attack in 2022. Threat actors leaked employee credentials and proprietary information online. The root cause or vulnerability was determined as employees utilizing weak passwords. The hacking group demanded a $1 million ransom and additional money to allow the business access to 1TB of company data. And Nvidia wasn’t alone; in 2022 alone, organizations were victims of more than $235 million in ransomware attacks. How much of their data was recovered is anyone’s guess.
In all likeliness, many of these businesses had insurance and perhaps even a disaster recovery plan. But recovery and response are two different things. What was key leadership doing to navigate these unfolding events and what was being done in real time to mitigate the damages? No insurance policy or recovery plan is going to spell that out. What all these businesses needed was a comprehensive Business Continuity Plan.
A Business Continuity Plan (BCP) is the design and documentation of the processes, protocols and procedures that addresses and designates an organized response to a litany of potential threats an organization may encounter.
A BCP differs from disaster recovery efforts. Rather than focusing solely on recovery post-event, a BCP is a proactive, predetermined guide to the actions and accountability related to any number of unique threat scenarios. A BCP is concerned with keeping the lights on, mitigating damages, and ensuring everybody remains safe. Yes, disaster recovery and business insurance are important, but they are not the first line of defense. Not to mention that business and cyber insurance will never cover the true cost of catastrophic event.
Many potential threats to the safety of a business are location-centric, while others are more universal. Weather events tend to be more regional. U.S. organizations in the South and along the Eastern Seaboard are concerned about hurricanes. Those in the West are prone to earthquakes and wildfires. The Midwest sees its fair share of tornadoes and snowstorms. But all businesses share potential risks like ransomware, hostage or active shooter situations, building fires, and a number of other potential threats. So a BCP needs to be comprehensive and address different threat scenarios and designate the response to each event.
It is important to first identify the scope of the BCP as well as the critical functions that need to take place during an emergency. What departments or business areas should be involved in addressing each specific threat scenario? These designations might differ depending on the event. While the most important function of the BCP is to keep everyone as safe as possible should disaster strike, it is also designed to maintain operations throughout a threat scenario in a way that reduces both monetary and physical damages.
Then it all has to be documented, reviewed regularly, and easy to access if and when a threat arises. Designing a BCP is no easy task, but it is critical and well worth the effort.
The continuity of your business and its ability to survive numerous threat scenarios is essential. We have just scratched the surface here. To learn more about the nuts and bolts of creating a BCP for your business, register for our very important upcoming webinar:
Come Hell or High Water: The 5 Keys to Business Continuity
Friday, April 28, 2023
8amPDT/9am MDT/11am EDT