Technology has introduced a level of efficiency to businesses that in the past was achieved with sheer manpower. This has resulted in organizations relying on this technology 100 percent of the time, making them vulnerable if the right contingency control measures are not taken to protect the system that is in place. It is therefore essential to assess the risks the organization faces with an impact analysis that looks at the entire business and its processes. Having a business continuity/disaster recovery (BC/DR) plan is one way to ensure the organization remains operational in the event of a disaster.
The importance of having a well thought out and properly governed business continuity plan was highlighted in a recent piece on accountingtoday.com. Author Michael Cohn cited a survey conducted by KPMG tiled, “Oversight Of Business Continuity Management Increasing; More Oversight Still Required.”
In that study, KPMG points out that 71 percent of the respondents had senior management advisory people or a steering committee in place to oversee business continuity management (BCM). While the survey shows continued improvement in implementing proper governance in BC, close to 30 percent of respondents still don't have governance competency in place in their organization.
Having strict governance in place ensures the BC protocols the organization has implemented will be carried out by the book in the event of a disaster. With the proper governance or committee in place, organizations are more likely to address many of the threats they face. According to the survey, 46 percent of organizations with such a system in place were able to address different levels of threats including cyber terrorism as part of their BCM, compared with 32 percent for those without.
Additional key metrics from survey include:
- Even with high cyber-related threats, 36 percent of organizations said they do not address cyber terrorism in their BCM program;
- International ISO 22301 is being used by 42 percent of organizations to support their BCM program;
- Only 16 percent of organizations reported a high level of integration with all mission-critical, third-party service providers;
- The financial impact of a five-day disruption or outage is not known by 20 percent of the respondents;
- Close to half (41 percent) of respondents do not know the organization's total application data stored in the cloud.
As organizations continue to rely heavily on digital technology, their leaders have to implement BCM programs capable of overcoming the many different disasters they face today. Not recognizing the dangers in today's digital environment can result in massive security breaches, such as the Target (News - Alert) incident that exposed the personal information of 70 million customers. On May 5, Target announced it is replacing CEO Gregg Steinhafel with CFO John Mulligan, while it looks for a new CEO. The incident in December of 2013 undoubtedly had a lot to do with that decision.
That security breach and the length of time it took the company to address its customers is a great example of why organizations should have strict governance regarding BCM. A well designed BCM program addresses all of the issues Target should have carried out as soon as the company found out its network had been breached.
Edited by Rory J. Thompson