By Derek Smith Jr
The year 2020 certainly tested the design, implementation and execution of business continuity plans (BCP) in every sector of every country in the world. This reality was driven by the COVID-19 pandemic, among other threats to the continuity of business. A BCP is a comprehensive, realistic, efficient and adaptable approach designed by a company to sustain critical business activity during and after a disaster, whether the disaster is technological (e.g. malware attack), physical (e.g. natural catastrophe) or emotional (mass resignation). There is no guarantee that if a BCP is deployed by an organization that it will work in a real-time scenario, however, what is certain is that without a BCP, the impact during and after a disaster could be crippling to an organization — whether a small to medium-sized enterprise (SME) or a large enterprise.
A study managed by Mercer noted that “more than half of companies (51 percent) around the world have no plans or protocols in place to combat a global emergency, such as coronavirus (COVID-19)”.
Make no mistake, there are many documented accounts of inadequate business continuity planning and, conversely, effective business continuity planning. In 2018, the city of Atlanta was not prepared for a ransomware attack that devastated the city government’s computer systems for five days, subsequently causing the city to revert to a manual process. This successful attack caused the city more than $20 million, split between the ransom payment, emergency IT consultants and crisis management firms. What is even more astonishing is that the city could has saved more than $15 million if they were adequately prepared and had a robust BCP in place as the ransom requested was a mere $52,000. On the contrary, in 2013, Cantey Technology, an IT company that hosts servers, experienced a fire outbreak that destroyed its network infrastructure, melting cables and burning its computer hardware. Although catastrophic, Cantey’s BCP required that clients’ servers were moved off-site, where continuous backups were maintained, and this strategic move averted a disaster.
The benefits of business continuity planning starkly outweigh the disadvantages. Below are four advantages:
- Business continuity planning require management to identity risk, design and deploy mitigating controls and test their impacts during simulated testing of the BCP.
- While developing various contingency strategies and recovery strategies, management would be able to identify possible integrations and efficiencies.
- Mitigation of reputational risk in the event of a disaster due to adequate preparation.
- BCPs help entities avoid regulatory penalties, prepare for internal and external audits and minimize disaster recovery costs.
In short, disasters can almost never be fully avoided. However, preparation for those disasters can be the difference between your entity’s ability to adapt and survive or simply fold and fail. Having the ability to assess vulnerabilities and risks, adapting to unconventional forms of doing business and acting with extreme precision will be key to preparedness in the year 2021.
Derek Smith Jr is a Top 40 Under 40 leader; the compliance officer at Higgs & Johnson, a leading law firm in The Bahamas; and the former assistant vice president, Compliance & Money Laundering Reporting Officer (MLRO), at an international private bank. He is also a CAMS member of the Association of Certified Anti-Money Laundering Specialists (ACAMS) and an executive member of the Bahamas Association of Compliance Officers.