Business resiliency and crisis management can make or break an organization’s ability to survive a major disruption. Prudent business leaders know that crises are today’s reality, whether a cyberattack, data breach, natural disaster or product recall. They understand that business sustainability for the short- and long-term depends on having the right contingency strategies in place to prepare for and respond to these potentially debilitating events.
They also know that while a crisis is occurring, and in the minutes and hours that follow, is not the time to be thinking about the status of their recovery plans and response plans. Using that time most-effectively is critical to a successful recovery. Research has shown that those companies that have prepared for the inevitable cyber crisis are more likely to recover completely and avoid long term negative impact.
Leaders need to actively manage their business resiliency as a core governance, risk and compliance concern to avoid surprises that could lead to a business interruption, resulting in lost revenue and damage to the organization’s strength and reputation.
Is your organization prepared for a crisis? Start by asking yourself these five crisis preparedness questions:
1. Do you know your risks? Have you considered all potential crises and the impact each could have on your business operations?
2. Are you focused on early detection? What measures do you have in place to detect each type of crisis? What obstacles could stop you from reacting in a timely manner?
3. Do you have a plan for recovery? Could your systems be recovered? Have you identified alternative supply chains to avoid single points of failure?
4. How will you communicate? How will you inform employees and external stakeholders? Do you have a spokesperson? Is that individual prepared to speak to the media? Do you have a list of standard questions that you’re prepared to answer, regardless of event?
5. Will your plan work? Have you tested it? Just like fire drills prepare us for real fires, crisis plans need to be regularly tested. Ask yourself if it makes sense to spend thousands, maybe even millions, of dollars on a plan that you don’t know for certain will work. The 2014 State of Risk Report commissioned by Trustwave found that more than 20 percent of companies don’t have incident response plans. Of those that do, the same number never test them – leaving their organizations open to risk. Like any other company processes or procedures, your plan should be a flexible document that is periodically tested and revised to continue to meet your needs.
Crisis planning is critical to business survival for small and midsize companies. Hartman Executive Advisors can work with you to develop, test and implement an effective business resiliency program tailored to your specific needs. Get in touch today for a free consultation.
You can also read about how Old Line Bank worked with Hartman to develop an enhanced information security program and trained senior leadership on ways to handle issues of cybersecurity.