Business Continuity Management (BCM) – being prepared starts with the mind

Exceptional events like cyber-attacks, data breaches, natural disasters and terrorist attacks are increasingly increasing companies’ awareness of Business Continuity Management (BCM). It is in management’s vital interest to ensure operational continuity and resilience when faced with all kinds of disruption Unfortunately, many companies do not have the preparation, skills, people, processes and technology required and in place to provide internal and external stakeholders with the reassurance that in the wake of a crisis or disaster, the company is able to restore operations. In this blog article, we will show just how important BCM is and what kind of effective planning should be in place.

BCM precautions are not considered as effective until they have been put into practice

Business Continuity Management is a comprehensive process, one that identifies potential threats to a company and creates a framework for providing an effective response. The aim is to safeguard the interests of key stakeholders, the company’s reputation and activities that add value.

Every company should take an “all-hazards” approach to preparations, as both basic and specific response and recovery capabilities are required for any kind of incident, with additional specialised capabilities for specific types of incidents. Preparedness helps to ensure that customers get support in the event of an incident, while staff and assets are protected.

BCM’s tangible advantages

Business Continuity Management aims to improve resilience so that companies can survive in the event of partial or total inability to be operational. The benefits of an effective BCM programme include:

  • Proactive identification of operational risks
  • The ability to reduce and manage these risks
  • The ability to manage risks that cannot be insured against, like risks to the company’s image and reputation
  • The ability to respond in an effective way to major disruption
  • The competitive advantage of having a proven ability to maintain customer service despite significant disruption

BCM – being prepared starts with the mind

Business Continuity Management is simpler than is often imagined. To implement BCM, the following questions need to be taken into consideration:

  • What are the most important products and services within the company (in scope)?
  • What are the critical activities and resources needed to deliver these services?
  • What are the risks to this critical work?
  • How will this critical work be maintained if an incident occurs (loss of IT/OT, loss of access to premises, loss of utilities, etc.)?

Today, it is essential to have a BCM programme that is up to date, that reflects the current business environment and that is also available in the event of adverse events such as cyber threats, for example ransomware.

Effective BCM through careful planning (BCP)

The Business Continuity Plan (BCP) is a documented, step-by-step plan for immediate response, backup operations and disaster recovery. It ensures that critical resources are available and ensures operational continuity in a crisis. Or to put it another way, a Business Continuity Plan is what companies need to mobilise to stay in business. A BCP is the response to the question: how will we continue to work if we suffer a significant business disruption such as the loss of our set-up or our IT/OT? By developing a BCP that also takes into account the worst-case scenario, it helps companies to be on the safe side, even if events occur that are less catastrophic.

So what does a Business Continuity Plan look like? The following points (as a minimum) need to be included and defined:

  • The roles and responsibilities of staff and third party providers
  • Kinds of disruption including cyber threats
  • Thresholds for escalation
  • A description of immediate measures that need to be taken to protect both staff and customers and to minimise damage
  • Priorities and protocols for business continuity and system recovery
  • Protection of more critical information including procedures for dealing with ransomware, data leakage, etc. and other activities.
  • Plans for the infrastructure, systems or processes/procedures that provide for the continuity of critical processes, should a large number of staff or critical staff/departments be unavailable for an extended time period.
  • Alternatives identified for core processes, equipment, infrastructure systems, suppliers, utilities, interdependent business partners and key personnel
  • Cash and liquidity requirements

This may sound time-consuming, but being prepared for BCM starts with the mind. A useful introduction to the topic can be found in initial discussions with top management (who will be an advocate for the topic?) and in additions to guidelines, frameworks and standards (if BCM is not included, it will not happen).

To sum up once again – heightening awareness and involving both senior management and staff will increase resilience and improve the staff's ability to adapt and overcome disruption. An important point in resilience is the awareness that there will be disruption. However, provided BCM precautions are put into practice, a company will be prepared. Ultimately, after BCM exercises and resilience building, the staff becomes more mentally resilient to face future disruption. Preparedness for Business Continuity Management starts in the mind – and at the nerve centre of the organisation, i.e. at C-level.

Professional BCM from the get-go

Important basic prerequisites are to create awareness and to involve staff and management, but that is just the beginning. Effective BCM including BCP is a challenge that it is not always possible to face up to alone. My colleagues and I can provide you with support due to our comprehensive knowledge and many years of practical experience in wide-ranging aspects of BCM. Contact us without any obligation – we will be pleased to advise you.

Contact us now

<< >>

Cyber Risks , IT Security

Markus Limacher
About the author / Markus Limacher

InfoGuard AG - Markus Limacher, Head of Security Consultant, Mitglied des Kaders

More articles from Markus Limacher

Related articles
Business Continuity Management (BCM) – being prepared for global events
Business Continuity Management (BCM) – being prepared for global events

Companies' business processes can be significantly affected by unforeseen events, not only in this country [...]
Cyber Resilience: CSIRT insights and emergency plan for top management
Cyber Resilience: CSIRT insights and emergency plan for top management

It is no longer a question of if, but when a business will become the target of a successful cyber attack. [...]
Dealing with cyber risks is a matter for the top management
Dealing with cyber risks is a matter for the top management

Cyber security is not a sprint, it's a marathon. It is neither a product nor a state; it is an ongoing [...]

Exciting articles, the latest news and tips & tricks from our experts on all aspects of Cyber Security & Defence.

Blog update subscription
Social Media