New Articles
  September 26th, 2017 | Written by

Be Prepared or Be Left Behind

[shareaholic app="share_buttons" id="13106399"]


  • If you believe these common misconceptions about managing business disruptions, your company is at risk.
  • “It won’t happen to us” is wishful thinking.
  • Insurance can lull executives into a false sense of security.

Business continuity comprises certain processes that allow a company to continue to deliver products and services – and therefore continue to bring in revenue and meet its commitments – no matter what circumstances may befall it.

While most executives may believe they are prepared for at least some disruptive scenarios, commonly held misconceptions show the opposite may be true.

“We have a plan.” Many executives think if they have a documented business continuity plan, the business is adequately prepared. But having a plan and being able to execute it are two very different things. Unless the plan is comprehensive, complete, current and accurate, it may not be worth the paper it’s printed on.

“It won’t happen to us.” To think that a business will never experience a significant disruption is wishful thinking, and indefensible, should a disruption occur. In addition to natural disasters, acts of terror or the catastrophic weather events that are becoming more common, even seemingly minor disruptions can have a significant impact on an organization’s ability to maintain operations and meet its commitments.

“We have insurance for that.” This is certainly a way to pay for some disruptions, but it does not ensure business continuity. Insurance coverages can lull executives into a false sense of security that risks have been addressed and require no further attention. And insurance will never compensate for brand impact and loss of shareholder value.

In fact, effective business continuity can help avoid claims and prevent losses entirely. Balancing investments between insurance coverages and business continuity can result in a dramatically reduced risk profile that may otherwise drive higher premiums. Additionally, typical coverages only compensate the business – they do not compensate partners or customers who rely on goods and services for their own needs, and who may be left high and dry in the event of a disruption.

“We don’t have the time or resources for that.” It is true that there is a rational balance of fiscal and fiduciary demands that should determine how much to invest in managing any risk. That number is rarely zero and should never materially impact the core mission of the business. Tragically, many organizations are spending money on people, assets, services and activities that will not protect the business’s ability to function during a crisis.

A focused program aligned with the business priorities and mission can cost much less and deliver much more than one that is left to its own devices without executive sponsorship. The most expensive programs are those that produce plans that no one will ever use. Well-conceived programs operate more effectively and efficiently and deliver superior results.

“We already have data backups, recovery centers, and cyber security measures.” These, like insurance, are critically important measures to have in place, but only address a narrow portion of the full scope of disruptions that can impact a business. Like business continuity plans, are the IT disaster recovery plans comprehensive, complete, current and accurate? Have these plans been exercised under a variety of disaster scenarios to ensure IT operations can be restarted and resynchronized to the current state of the business? A comprehensive program that incorporates IT disaster recovery plans and response capabilities ensures that investments in IT resilience deliver value in the event of a disruption.

“We don’t have a very complicated business, so we don’t need a formal plan.” The truth is, every business is complex in its own way, and lacking a formal business continuity program, the true extent of the organization’s internal and external dependencies, or the actual duration of a business disruption, isn’t revealed until a disruption occurs.

Not having a business continuity program means not having an understanding of what it will take to respond to a variety of potential disruptions, find workarounds to maintain operations, and recover fully, should an adverse event occur. Scrambling to respond without a plan – while under the pressure of customer commitments, compliance, safety and public scrutiny – never works out as well as having a plan and a program already in place.

In the event of any disruption, a workforce will need to execute a business continuity plan with a minimal amount of damage to the business, and that is very hard to do without complete visibility into all facets of the business – no matter how simple you believe its processes and dependencies are.

“Our contracts protect us and limit our liability.” Another common misconception is that if you limit your liability, your business is protected. But what about your customers, your employees and your business partners? Are you protected from shareholder suits if your equity value is damaged? During an operational disruption, there are many stakeholders affected – whom the business has the responsibility to consider, and whose impact can cause damage to your company’s reputation and your brand. If brand trust is destroyed because a potentially preventable issue has affected customers, shareholders, employees or partners, contract liability may become immaterial. Planning and responding effectively in the face of adverse events far exceeds the benefits of contract protections alone.

To Move Forward, Manage Business Continuity Risk

A company’s viability, brand equity, and ability to compete in the marketplace every day all rely on having a firm grip on business continuity risks, and an effective program to actively manage them. If you are not making business continuity management a strategic priority, you are in a shrinking minority – and creating substantial risk for your business.

David Nolan is CEO and founder of Fusion Risk Management. He can be reached at