BC’s Big Four: The Most Disruptive Problems in Business Continuity
In business continuity, there is a gap between perception and reality in terms of what kinds of problems cause most of the disruptions. In today’s post, we’ll look at BC’s Big Four: the four actual, real-life problems that happen most often and cause most of the disruptions to companies’ operations.
Related on BCMMETRICS: Shark Attacks vs. Sunburn: Preparing for the Most Likely Problems
What are the most common problems leading to interruptions of organizations’ operations and the implementation of their business continuity plans?
It would be understandable, based on news coverage, if you gave such answers as tornadoes, hurricanes, terrorism, and incidents of workplace violence.
In fact none of those is common as a factor causing impacts to business.
However, another factor that gets a lot of attention in the media is one of the Big Four. Can you guess which? Think Equifax, TJX, Yahoo, and Facebook, to name a few. That’s right: Data breaches.
As you can see, there’s a bit of a misalignment between the problems that get the attention and the ones that cause the problems. It’s not a complete gulf, however.
Here are the four problems that cause most of the disruptions to organizations and are most likely to lead to impacts in terms of revenue, reputation, and their ability carry out their mission.
Problem 1: Data Breaches
We just mentioned it so we must as well get right to it: at the present time, data breaches are the most common source of disruptions to business.
This is both the most common threat category and the one with the most potential to impact an organization’s financial situation and reputation.
Data breaches are happening so frequently nowadays that we no longer talk about if your organization gets hit, but when it will.
If you aren’t convinced, check out this Wikipedia list of the most significant data breaches of the last fifteen years.
Every organization—particularly small businesses with little to no network protection—will inevitably experience some type of data breach in the future. Not only will cyber attackers try to hack into your environment directly, they may also employ ransomware attacks and phishing attempts to access your data.
Problem 2: Human Error
This category is about the mistakes people make at work that cause serious repercussions for their organizations.
There is some overlap between this and the previous category because most data breaches happen because someone made a mistake (for example, by providing their credentials to a phishing email).
The more dependent an organization is on technology and tech workers, the more vulnerable it is to experiencing significant losses due to human error.
These kinds of errors are almost impossible to prevent. Ultimately people have to implement technology, and we are not perfect beings.
What kind of errors are we talking about? Common ones include simple programming mistakes, making errors in calculation, sending the wrong set of documents, ordering the wrong product, implementing the wrong code, not testing something correctly, and missteps brought on by the complexity of massive technological systems.
For a case study, see Boeing’s problems with the 737 Max airliner.
Problem 3: Human Availability
It would be hard to imagine a more low-tech, slow-motion type of problem than that of human availability, but the damage this one causes is dramatic.
This is about the right people not being available at the right time to keep key operations going, with the result that they grind to a halt.
This is a problem where there is usually plenty of opportunity ahead of time to arrange protections, and yet companies don’t do so and then get burned.
We talk a lot in BC and IT/disaster recovery about single points of failure (SPOF) in technology. There is also such a thing as a human single point of failure.
This issue is especially relevant for organizations that have a very lean workforce.
When a regional call center that employs 150 people has 10 who can’t come to work, that’s not a big deal. If that call center has two people and one can’t come in, that is a big deal.
Another vulnerability at many companies is when critical knowledge is possessed by only one person. Have you ever had to call someone during vacation because that person was the only one who knew how to do something? If so, that is a problem that should be addressed as soon as possible.
Finally, many types of common, weather-related disruptions such as floods and snowstorms impact individuals as well as businesses. You can bet that in the event of such an emergency, most people will take care of themselves and their family before going to work.
Problem 4: Internal Risk
Some businesses perform functions that are inherently high risk. Examples include airlines, transportation, healthcare organizations, and manufacturing plants.
Problems occur when the people employed in these enterprises become accustomed to the risk inherent in their industry. When this happens, they sometimes stop exercising the heightened degree of caution their work requires. The inherent risks of the activity can then flare up and catch everyone by surprise, causing devastating damage and disruptions.
For those businesses with risk-based functions, the stability of the organization at the leadership level is a critical consideration.
Being Prepared
The Big Four of business continuity problems—data breaches, human error, human availability, and internal business risks—should definitely have a place in your business continuity risk assessment matrix. You should devise recovery plans for each of them. It might not be possible to avoid these problems. It is possible to be prepared for them.
The biggest problems tend to be self-inflicted errors.
The above business continuity threats may not always make the news, but their impacts are real—and happening every day to companies like yours.
Further Reading
For more information on this and other hot topics in business continuity and IT/disaster recovery, check out these recent posts from MHA Consulting and BCMMETRICS:
- Shark Attacks vs. Sunburn: Preparing for the Most Likely Problems
- Weighing the Danger: The Continuing Value of the Threat and Risk Assessment
- Beyond Hurricanes: 4 Examples of Recent, Real-Life Business Emergencies
- America’s Red Zones: Where Natural Disasters Cluster and What It Means for You
- For Want of a Nail: The Importance of Meticulous Execution in BC and IT/DR
- Once Upon a Time: Organize Your BC Data So It Tells a Story
Richard Long
Richard Long is one of MHA’s practice team leaders for Technology and Disaster Recovery related engagements. He has been responsible for the successful execution of MHA business continuity and disaster recovery engagements in industries such as Energy & Utilities, Government Services, Healthcare, Insurance, Risk Management, Travel & Entertainment, Consumer Products, and Education. Prior to joining MHA, Richard held Senior IT Director positions at PetSmart (NASDAQ: PETM) and Avnet, Inc. (NYSE: AVT) and has been a senior leader across all disciplines of IT. He has successfully led international and domestic disaster recovery, technology assessment, crisis management and risk mitigation engagements.
