Thursday, 28 May 2015 Blog ehdf

Tackle IT Uncertainties Head-On With Business Continuity Management

The world is now more susceptible to both cyber-attacks and natural/environmental disasters, more than ever before. At such a time, a company’s Business Continuity Management (BCM) plan must be in place so that there are no business disruptions in the event of a disaster. While some businesses like to believe that they can quickly come up with a ‘Plan B’ to work through a crisis, the world’s best corporate leaders spend time making plans for events they hope will never happen!

Steps to get started

1. Analyze your business and gain insight into various functions and dependencies. This will help you identify areas most crucial to your business.

2. Assess the risks to specifically prepare and plan for any continuity issues

3. Plan and prepare a framework for your organization to effectively respond to incidents

4. Communicate your plan to everyone in your organization

5. Test the plan regularly

Benefits of investing in BCM

1. Proactive identification of risks and their impact minimizes the effect of a disruption on a business

2. It improves organizational awareness of risks, and identifies best methods to tackle crises

3. A strong BCM program, when properly implemented, saves an organization from business downtime and improves its reputation and trustworthiness in the long run

4. It helps maintain a strong public image in the aftermath of crisis and protects a company’s market position

5. With an effective Business Continuity program, the cost of any future disruptions can be significantly reduced

Interesting stats

eHosting DataFort’s 2014 BCM survey, conducted in partnership with Continuity and Resilience (CORE), the Business Continuity Institute (BCI) and DNV GL Business Assurance highlights the following interesting developments in BCM within the Middle East:

Increased focus on BCM investments: The survey reveals that 26% of the respondents do not have a dedicated BCM team, where nearly 63% of the respondents confirmed their organizations did not have a dedicated IT Disaster Recovery or BCM team, and that Business Continuity Management was being driven by Information Security Unit, Quality Management, IT and Operational and Overall Risk teams.

Maturity of BCM and IT DR readiness still has a long way to go: 56% of respondents rated their organization’s IT Disaster Recovery readiness as average or below average and 64% of the respondents rated their BCM readiness as average or below average.

A shift is already underway in the way corporations look at BCM: The survey reflects that 27% of the respondents invest anywhere between US$100,000 to US$250,000 to implement and sustain their BCM program, 22% invest between US$250,000 to US$1 million and large organizations in the banking, oil and gas, telecoms, government and e-commerce sectors accounted for 11 per cent to have set aside BCM budgets of more than US$1 million.

Lack of a robust business continuity plan can result in financial loss that may have a negative impact on bottom line profits of an organization: 30% of the respondents who have indicated the financial impact of disruptions as per their Business Impact Analysis (BIA) estimate that a two-day disruption could set the organization back by US$3 million and more.

Businesses continue to be vulnerable to disruptions: 66% of the respondents reported at least one significant business disruption in the last year and the top three causes for disruptions in the Middle East have been identified as:

1. Applications and network infrastructure failure

2. Power outage

3. Human error

Organisations considering external IT service providers: 47% of BCM budgets in the UAE are being spent on IT disaster recovery infrastructure, seats, software and licensing. This can be further reduced by working with specialized service providers who can implement IT disaster recovery at a fraction of the cost of doing it in-house. In fact, 30% of the survey respondents have indicated that they plan to outsource the enhancement of IT Disaster Recovery plans to specialist external service providers.