BC Management recently released its 2021 Business Continuity Management Event Impact Report in partnership with Witt O’Brien’s. The latest report takes an in-depth look at some of the top trends we’re seeing across the business continuity industry today, including the impact of the coronavirus pandemic on response and recovery planning.
Here’s a quick look at some of the report highlights, including the top five takeaways, common challenges, and where we’re headed in the future.
Current and Future Focus for Business Continuity Events
While the top trends may shuffle a bit year to year, as a whole, this year’s report shows us that human/business disasters remain a top concern as disruptors for organizations, followed closely by technical disasters, natural disasters, and accidents.
Rounding out the top 10 most-pressing events organizations are most concerned about:
- Cyber-attacks: 88%
- Power outages: 76%
- Data breaches: 74%
- Network/communication outages: 58%
- Pandemic/diseases: 53%
- Computer viruses: 52%
- Brand/social media damage: 51%
- Hurricanes: 47%
- Fires (not natural) 46%
- Earthquakes: 40%
The good news is a majority of organizations (60%) say their business continuity plans and preparation helped them prevent a disruption in the past year, compared to only 40% who weren’t able to prevent a disruption based on preparation.
Obviously, the pandemic led the list of event response for most organizations in 2020, taking human/business disasters to the top of the list for reasons they deployed response/recovery teams during the year, followed next by natural disasters, and then technical disasters.
Here’s a quick roundup of the top five events that led to business continuity response and recovery plan initiation last year:
- Pandemic/disease: 79%
- Power outages: 49%
- Hurricanes: 38%
- Fire/wildfires: 35%
- Cyber-attacks: 29%
Of these events, 92% of organizations say they were prepared for a pandemic/disease related event, with the remaining top five events they were most prepared for as fire (not natural) (90%), ice storm/winter weather (89%), hurricane (86%), and health/safety issues (85%).
Yet, some of these same surveyed organizations experienced events they weren’t ready to handle, with disgruntled employees leading the list of least-prepared for events at 18%, followed by civil unrest/political instability (8%), brand/social media damage (8%), supply chain disruption (7%), and workplace violence (6%).
And unfortunately, for those both prepared and those unprepared, many events in 2020 weren’t just one-and-done. As pandemic impact lingered, some organizations had disruptive events that happened 10 times or more within the year such as protests, software issues, civil unrest, supply chain disruptions, and power outages.
Small Teams, Big Responsibilities
While business continuity, crisis management, and operational resilience teams tackled the pandemic and other business disruptors throughout the year, many did so with small teams. About 44% of respondents said they only have one or two dedicated, internal personnel and 63% said they have no additional support through external contractors or consultants.
And many organizations, even those with limited resources, still aren’t buying into outsourcing their resilience programs as a managed service. Some of that hesitation could be because of a mixed understanding of what business continuity actually looks like as a managed service. Some organizations think it’s just software; others think it’s checklists and playbooks.
About 30% of respondents said they’re not sure about an outsourced approach, but about 12% are currently investigating it as an option with 9% considering it as a solution to their programmatic needs.
Increased Involvement From Executive Leadership
While teams are small in many organizations, following pandemic response, business continuity and operational resiliency planning are now getting more attention from executive leaders. As a result, teams are stepping up their communication with their executives and key stakeholders, seeking ways to speak a common language that supports their resilience programs while demonstrating their planning and response tactics contribute to overall organizational success.
Last year, more than half of organizations, 55%, indicated they can employ real-time reporting on event-driven risks for critical responses.
Executive leaders are becoming more involved in resilience related events, too, with these top five events driving more executive engagement:
- Pandemic/disease: 89%
- Cyberspace attack: 38%
- Health/safety issues: 33%
- Protests: 33%
Interestingly, the events that reflected the most increase in executive leadership were also the same events that respondents said had the most significant estimated financial loss and the most employee impact.
Technology and Communication
Limited resources continue to be a challenge for many business continuity teams and we’re seeing them lag behind in some areas of technology adoption compared to teams in other disciplines.
In fact, the report said that less than a quarter of “mature” or “very mature” organizations have mobile options to access their business continuity plans. And for less mature organizations, even more of them don’t have access to mobile options (51%).
What’s interesting here is that even though these organizations haven’t adopted a business continuity solution with mobile or off-line access options, most say if they experienced an event, they’d most likely use mobile phones for communication (86%) with 78% saying they’d choose to communicate via text messages.
Lack of technology adoption is only one of many challenges teams face for crisis communications. Regardless of program maturity, here are some of the common communication issues teams face today:
- Muddled work streams don’t have clear owners, clear expectations, or timelines
- No notification or activation clarity
- Lack of agreement on transparency level for crisis communications
- Inability to focus on the strategic (what to do devolving into how to do it)
- No definitions about what relative success looks like coming out of a crisis
Increasing Program Maturity and Related Impact
The maturity levels of respondent programs varied this year, but we are seeing some increased maturity for crisis management, crisis communications, and business continuity. This may be spurred in part by pandemic response successes where more teams are beginning to see why it’s important to invest in areas of risk mitigation to help decrease the full impact of future disruptive events.
Only half of respondents would rate their programs today as “mature” or “very mature” with equal focus on crisis management, business continuity, and crisis communication. About 17% rank their programs as “immature” or “very immature” with equal focus.
These “immature” and “very immature” programs are taking note, however, with 58% of respondents saying their organizations are in the process of developing end-to-end program reviews/refreshes.
What may be speaking a language that more executives understand is the ability for teams today to correlate losses with disruptive events and what we’re seeing now is an increasing correlation between program maturity and organizations’ financial losses.
According to the report, for respondents who noted $10 million or more in losses from a single event last year, they had immaturity in their program’s tenure as well as the volume of plans and processes they had never exercised.
The Event Impact Management Report also takes a closer look at the scope of pandemic response on the industry last year, which we’ll break down in an upcoming blog, so keep an eye out for it.
There’s a lot more information in this year’s Event Impact Management Report that you won’t want to miss. Would you like a free copy to review? You can download it here. Have more questions? Contact a Riskonnect advisor today, and we’ll be happy to help.