The nature of businesses across various industries has changed drastically over the last few decades. It is becoming more aggressive given the demands to be up and running continuously. While this is happening, new and previously unconsidered risks are emerging all the time and growing equally fast. Even the most risk-aware organisations are likely to experience low-probability but high-impact events that can fundamentally change businesses and even entire industries.
An established statistic states that 75 per cent of the companies in existence today will face an incident in the next 18-24 months, which could potentially shut down the company. According to Gartner, roughly 80 per cent of the companies facing major challenges will either shut down or go bankrupt in the following 24 months. Organisations are potentially facing closure from cyber-attacks, significant loss of business due to negative publicity on social media such as Facebook and YouTube. The negative impact to the brand image of United Airlines due to a music video on YouTube (United Breaks Guitars by Dave Carroll) is a case study studied across organisations on how even a single conversation on social media can adversely impact the reputation of established, old world economy companies.
Unfortunately, many companies never take the time to develop robust business continuity plans. Moreover, organisations face the challenge of not knowing where to begin and when to create or update plans. While organisations incorporate business continuity and disaster recovery strategies into their Information Technology (IT) budgets, the plan should attend to the human and processes side of the business as well.
These challenges are beyond just the financial or operational risks. To be sure, the primary goal of risk management should always revolve around protection of customer data, organisation assets, workers and the environment. It includes technology, process and people. All these are critically important for the functioning and survival of the organisation.
Given the aggressive and challenging work environments that exist today, organisations must implement smart and effective solutions to allow the workforce to continue operations during a disruption, and access data securely at any time, from any location. Business Continuity Planning, for instance, is a tool, which details how employees will stay in touch and keep doing their jobs in the event of a disaster or emergency, say, a major fire breakout in the office.
It is critical then that organisations focus on comprehensive plans capturing detailed process workflows, people's role and responsibilities, critical data, software and machines. Once done, this needs to be regularly updated.
In all this, technology innovation is playing a vital role. Several companies - from start-ups to big companies - are bringing out invaluable products to mitigate the increased risks in such a volatile, uncertain, complex and ambiguous environment. There are companies focusing on computer virus threat detection and prevention areas to monitor the world's network traffic pattern to raise preventive alarms before the attack can happen and offer speedy solutions just in case your organisation is victim of it.
Then there are other organisations that are educating the businesses and also providing solutions in the area of people, processes and technology. Several companies are bringing out technological features such as continuous data protection/replication, single click restore, automatic failover to other servers, data replication at hardware array level etc. There are solutions available in the market to monitor all your data centres and offer companies a detailed dashboard report indicating the health of the systems, disks etc. For the record, hardware vendors are already manufacturing the systems with built in strong security, fault tolerant, resilient systems.
Apart from technology, process and people are the two other critical aspects in risk management. To run smoothly, efficiently and continuously, organisation should plan for various triggers, even look for ways where processes can run normally from remote locations. Ditto for people: Are people in the organisation are safe and traceable? Which people will perform what role during a crisis? How will appropriate alerts reach employees? Organisations must ask relevant questions and find solutions beforehand especially given that technologies are advanced where organisations can plan this, track and simulate the situation in advance.
As the complexity of threats increase, the future of Business Continuity Management / Information Technology Disaster Recovery is in automation. It is no longer possible to work on traditional methodologies. Attacks and incidents never seek appointment and given our business environment, disaster recovery managers do not have the luxury of addressing issues during office hours. Business heads who are in the role to mitigate risks and ensure business continuity need automation for real-time visibility, availability check, manageability into their systems and people via mobility.
Though managers are integrating solutions into their enterprise risk management programmes, their adoption in Indian organisations is extremely low. While several MNCs in India that are headquartered in developed markets have an edge over others, a small subset of Indian companies with global aspirations, and specifically those in the BFSI sector are moving towards business continuity management systems. Some players in the Indian pharmaceutical sector are becoming early adopters, primarily by mandates from the FDA. Large Indian enterprises and SMEs, however, still need to develop in the area.
Rohil Sharma
CEO,Perpetuuiti TechnoSoft Services
CEO,Perpetuuiti TechnoSoft Services