An established statistic states that 75 per cent of companies in existence today will face an incident in the next 18-24 months which can potentially shut down the company. According to Gartner, of those companies that face these life threatening major disasters, 80 per cent per cent will shut down or go bankrupt in the following 24 months.
Business Continuity Management System (BCMS) is frequently confused with Business Continuity Process (BCP), disaster recovery, IT disaster recovery and crisis management (CM). In layman terms, BCP is the plan for an individual department or function within an organisation. Each department such as payroll, marketing, human resource have their individual BCP, which when consolidated together for the organisation is referred to as the Business Continuity Management System (BCMS).
BCM and BCMS are often used synonymously. On the other hand, disaster recovery refers to civic plans at the government level to manage catastrophic natural disasters such as floods and earthquakes, but now include acts of terrorism impacting large numbers of humanity. Information Technology Disaster Recovery (ITDR) is solely focused on the recovery of IT whether it is networks, data centres, servers or applications. Crisis management’s focus is limited to the control of a particular event which may be classified as a crisis such as a fire or bandh, riot or civil unrest which may impact an organisation.
ITDR as a term first started being used in the 1970s when for the first time, organisations such as banks, insurance companies and airlines started to rely heavily on IT for their day-to-day operations. BCP and BCM evolved over the past couple of decades when organisations realised that while the core of their business may be IT, the people and processes were equally crucial, if not more, to recover. Organisations realised that it was useless if the backup data centre was recovered, but there weren’t trained people to operate those computers and applications. BCMS are far more holistic in their approach to business recovery and resilience.
Volatility, uncertainty, complexity and ambiguity (VUCA) characterise any business environment today. The continuing increase in VUCA has led to an increased recognition that new and previously unconsidered risks are emerging all the time. Even the most risk-aware organisations are likely to experience low-probability but high-impact events that can fundamentally change businesses and even entire industries.
Companies typically, under the banner of “resilience,” take measures like having a risk management function for risks that cannot be forecasted. With VUCA here to stay, organisations need to decide to move beyond resilience and face the opportunities presented by the unexpected. Advanced practitioners of risk management closely look to integrate BCM and ITDR solutions into their enterprise risk management (ERM) programmes.
Over the decades (since the ’70s & ’80s) as ITDR and BCP/BCM have become more popular, the types of challenges that an organisation faces are increasing. Today organisations are potentially facing closure from cyber-attacks, significant loss of business due to negative publicity in social media such as Facebook and Youtube. The significant negative impact to United Airlines over a video on YouTube (‘United Breaks Guitars’ by Dave Carroll) is a case study, studied across organisations on the disaster that a single video on YouTube can do to the reputation of an established old world economy company such as United.
The key challenges faced by businesses today in the wake of VUCA are that new and varied threats continuously appear on the horizon for which corporates aren’t prepared. Cyber-attacks, social media negative publicity, electromagnetic attacks are no longer only in the realm of Hollywood (Ocean’s Eleven) but a very probable event in the near future. Progressive companies need to prepare themselves to be able to build organisations that are resilient.
Need for preparedness Unfortunately, VUCA preparedness is lagging in India compared to others globally. Governments such as in the US, UK, Australia, Singaporeand the UAE, amongst others, have standards on BCM, which mandates both government and private organisations. They have plans and processes in place to ensure business continuity. A progressive and stable government at the Centre in India should create BCM standards for organisations in India to follow and adhere to.
India more than any other nation or organisations needs preparedness for VUCA. As a nation we are in a geo-politically sensitive region; our neighbours are known to revel in our misfortune and are known to encourage and support hostile acts of terror on our soil. We have witnessed attacks on our hotels, transport systems , and have no assurance of prevention of a future attack on key BFSI institutions, or even an electromagnetic attack.
As the complexity of threats increases, the future of BCM/ITDR is in automation. It is no longer possible to work on traditional methodologies of BCM and ITDR. Attacks and incidents never come with an appointment. Unfortunately, due to globalisation we now work in a 24x7 environment. BCM and ITDR managers do not have the luxury of addressing issues during office hours.
Therefore it is important and convenient that automation allows them to address attacks from anywhere. The CIO, CRO and BC Heads today need automation that gives them enterprise-wide real-time visibility, availability check, manageability into their systems, processes and people via mobility.
Unfortunately the adoption of automation as well as the fundamentals of BC in Indian organisations is extremely low. In India, the MNCs with HQs overseas are the most advanced in BCM and IDTR, as they are driven from an office abroad. A small subset of Indian companies with global aspirations, and specifically those in the BFSI sector who benchmark themselves against global giants, are moving towards BCMS. In the Indian pharmaceutical sector we are seeing some early adopters, primarily by mandates from the FDA. A bulk of Indian large and SMEs are yet to develop formalised plans for BC or deploy BC automation.
Unfortunately, a nasty disaster will only motivate them. The silver lining is that hopefully they will take a generational leap and move directly to BC and ITDR automation.
The writer is CEO, Perpetuuiti
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.