The increase in natural disasters, environmental accidents, cybercrime and the health pandemic clearly demonstrates that disasters and disruptive incidence can and will happen and impact the public and private sectors.
It is not enough for companies and public entities to have an emergency response plan or a disaster management strategy. Organisations need to engage in a comprehensive and systematic process of prevention, protection, preparedness, readiness, mitigation, response, continuity and recovery.
Companies and public entities need to take an adaptive and proactive approach to minimise the impacts of a disruption.
The COVID-19 pandemic has resulted in many businesses and public entities offering their products and services online, 24 hours a day and 7 days a week. This reliance on the online and digital environment as a means to provide goods and services has substantially increased risk, especially when networks go down because of power outages and the rapid growth in cybercrime.
Survey results on business continuity show that private and public entities are not well prepared for business disruption. Before reading these survey results remember that surveys are often used for marketing purposes with no methodology presented and unverifiable data. However, they do provide a reasonable indication of where things stand now regarding business continuity preparedness.
A business continuity benchmark survey by BCI found that 46% of companies report that they do not regularly update their board of directors on business continuity program statuses.
Another survey by Continuity Central showed in the area of biggest challenges holding back business continuity developments within organizations, 22.7% of respondents cited lack of budget, while 14% identified organizational changes, 13.6% pinpointed lack of commitment, and 11.4% said lack of resources.
OnSolve released the results of a commissioned study by Forrester Consulting. The survey found that only 30 percent of business and government entities are very confident they can handle the increasing complexity of risk management in the future. The survey stated that while 99 percent of organizations experienced a critical event (i.e., catastrophic weather, active assailant, cyber attack, etc.) in the past 18 months, only 30 percent of organizations are very confident they can handle increasing risk complexity and just 38 percent of respondents cite ‘becoming more proactive’ in their critical event management goals.
In the 2018 Gartner State of the ERM Function Survey, 78% of respondents reported having a defined response plan for a cyber-related incident, and 76% had plans to deal with the effects of a fire or explosion.“ Even just a few moments of downtime can be costly, so it is essential that firms implement sound business continuity procedures,” says Ian Beale, VP Advisory, Gartner. “In fact, more than 40% of businesses will never reopen after a major natural disaster.”
The McKinsey SME Financial Pulse Survey carried out in April 2020 revealed the concerning reality that 52 percent of SMEs are considering having to close down parts of their business and reduce capacity as a result of the COVID-19 crisis. As McKinsey states, SMEs across South Africa represent more than 98 percent of businesses, employ between 50 and 60 percent of the country’s workforce across all sectors, and are responsible for a quarter of job growth in the private sector. While the GDP contributions from South Africa’s SMEs lag other regions—39 percent compared to 57 percent in the EU— this sector is a critical engine of the economy.
Private and public organisations that are taking business continuity seriously are implementing formal management systems such as the ISO 22301:2019, Security and resilience – Business continuity management system. The requirement is a management system standard published by International Organization for Standardization that specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise. It is intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization.
Organizations that implement a business continuity management system (BCMS) based on the requirements of ISO 22301 can undergo a formal assessment process through which they can obtain accredited certification against this standard. A certified BCMS demonstrates to internal and external stakeholders that the organization is adhering to good practices in business continuity management.
Sources
https://www.thebci.org/news/2020-business-continuity-benchmark-report.html
https://continuityinsights.com/interim-survey-results-available-business-continuity-trends-and-challenges-2020/
https://www.continuitycentral.com/index.php/news/business-continuity-news/6817-many-organizations-are-overconfident-about-their-capability-to-successfully-manage-future-incidents
https://www.gartner.com/smarterwithgartner/stress-test-your-business-continuity-management
https://www.mckinsey.com/featured-insights/middle-east-and-africa/how-south-african-smes-can-survive-and-thrive-post-covid-19 won’t you turn that slightly down for me you know how to turn it turn the volume not the thing it’s good
https://en.wikipedia.org/wiki/ISO_22301