Warning (again): contains percentages that you may find rather unnerving.
Business Continuity saw the beginning of change in May this year, when the new International Standard was published. Moving from a British standard (BS 25999) to an international one (ISO 22301) will offer benefits and reassurance to organisations with international supply chains to consider for instance. It also offers the opportunity to leverage accreditation to potentially lower insurance premiums. Indeed, insurers are increasingly seeking assurance that organisations are compliant with the BC standard before issuing certificates or agreeing premiums.It’s hard to talk about Business continuity without talking benefits. The move to an international standard should create an even greater interest in this increasingly pertinent standard. According to the CMI Business Continuity Survey, the last three years have seen an increased number of managers in organisations implementing BC plans, from 49% to 58% and now 61%. Most encouragingly, currently 81% of those implementing an effective plan are reporting an effective reduction in business disruption. 77% felt it had improved business resilience. If that is not a clear benefit I don’t know what is!
At the other end of the scale however, we have the organisations that as yet have not fully grasped the importance of planning how to continue business in the event of a BAU threat or disaster. Research done by Norwich Union reported that businesses without an effective BC plan which experienced a disaster have a greatly reduced chance of ever fully recovering. In fact only 8% make to the five years plus mark. It gets worse, 40% never re-open and another 40% re-open but fail within 18 months. Never underestimate reputational damage. How then, can an organisation fail to include Business Continuity Planning into the very fabric of its being? Referring again to the CMI survey, 15% of managers cited a perceived lack of business benefit as a reason for not having a Business Continuity Plan. (I do hope none of these businesses are in the supply chain of any readers…)
However, a staggering naiveté emerges when we read in the same survey that 54% of businesses that do not have a plan say it is because they “rarely get significant levels of disruption in their business”. Given the fact that almost half of businesses surveyed, reported disruption from extreme weather, which cannot only have affected those who have already included it in the scope of their BC plan, surely?
There are a number of factors at work here apart from the unwillingness to acknowledge that sometimes events out of one’s control can impact a business. Also some organisations have a knowledge gap in what they think they can survive and what they can actually survive. Don’t forget reputational damage will be a key indicator in how your talented staff, your clients and your supply chain partners respond to you after a disaster. Another consideration is the best of intentions being poorly researched and implemented, so another knowledge gap but this time in where the REAL threats and risks lie and planning for things that may be inappropriate whilst real threats are unconsidered. Add to that a good or a less than good plan being poorly implemented, tested and educated through an organisation and you have, what is known among youngsters as an epic fail.
As Business Continuity becomes an international standard, the opportunity for UK businesses to benefit increase. The ability to plan the continuance of business in exceptional circumstances should not be considered exceptional. Supply chain partners, clients, insurers and employees will come to demand this as standard, making the ISO 22301 standard all the more attractive and necessary.
Advent IM – The UKs Leading Independent Holistic Security Consultancy