Business Resilience

Business Resilience

Companies are facing increasing risks and threats. Those risks are classified by experts in different categories. First, we can distinguish internal and external threats.
Interactions with the external world are necessary for companies to grow; this comes with risks sometimes taken unconsciously. Open doors, unprotected systems and assets can be tempting opportunities for malicious external or internal parties. Today data should be included as a critical asset and could also be threatened by malicious attacks.
Globalization is offering more opportunities and also opening doors for more threats, as observed, attacks are becoming more sophisticated like cyber attacks and malware (NotPetia, Wannacry) where hackers will hijack your valuable data and ask for ransom. Global threats are diverse and unexpected. This year the entire world is facing a pandemic, affecting millions, taking lives and hurting businesses that forced to adapt or disappear. So how to adapt? How to anticipate and protect your company from any type of threat? What is the right amount to invest in having sufficient protection for your assets?

Adaptability and agility is a tactic that can be instilled in the company’s culture if required by the nature of the business but it is more strategic to invest in preparedness to face disasters and major incidents. Nobody can predict the future, nobody has a crystal ball to anticipate the next black swan but everybody can prepare its organization based on known events and realistic disaster scenarios. Anticipation is key and this is exactly what BCP (Business Continuity Plans) ensures:

• A definition of business needs in case of major interruption.
• A clear operational resilience involving business and IT.
• A plan defining continuity strategy and business recovery, backups, remote work, and a plan to return to normalcy.
• The BCP is tested regularly to cover different disruptive scenarios. Tests involve the entire organization or the critical activities; these tests are managed by the company’s crisis unit.

Scenarios covered in BCP are mainly physical destruction (loss of premises), HR-related (Pandemic), or IT related (loss of IT or cyber-attack).

The usage of IT is increasing in our personal lives and in business. IT and operational risks are becoming more of a serious threat to business; that is why now regulators like Basel Committee consider these threats in their risk models in banking supervision. IT departments were regarded as centers of cost, now representing opportunities to develop and transform business; in fact, it is becoming the backbone of modern companies (data-driven companies) and needs to be considered as such.

The more wealth the company creates, the more protection is needed to secure its assets. It is difficult to define a specific budget based on company size or based on a percentage of revenues.
Some experts may say IT security is 1% of the IT budget. We just need to warn that a BCP is covering the rare but still possible event. We may say that the ROI is zero if the extreme event did not happen but ROI is infinite when any disaster strikes. BCP is ensuring the survival of your company. As Warren Buffet said: “You never know who’s swimming naked until the tide goes out.”