We do a business impact analysis. We identify risks. We put in place a business continuity management program. Presto chango, we achieve comprehensive business resiliency.
To put it baldly, “Yeah. Right.”
That may have been true in the days when the risks we contended with were statistically predictable, quantifiable, and insurable. Things like fires, hurricanes, earthquakes, floods, and power failures. But today, the risk landscape is highly ambiguous and amorphous. How do you even begin to quantify:
- Cybercrime, terrorist, and denial of service attacks?
- Wireless device security loopholes?
- Global supply chain and business partner connectivity concerns?
- Public cloud infrastructure risks?
- Human capital dependencies?
- I have news for you: if our risk landscape has changed, then our business continuity management approach had better change right along with it. Otherwise, resiliency is nothing more than a pipe dream.
The demand for business continuity management program transformation
Business continuity management historically has focused on protection: protect your people, protect your assets, protect your information, protect your revenue. Essentially, dig in and prepare for a siege.
But in today’s world, protecting what you have isn’t going to get you where you need to be. In every area of business, companies are being forced to proactively meet customer and business demands in new and innovative ways. In marketing, that has involved a shift from huge mass-market campaigns to micro-personalized outreach. In software development, it often requires leaving behind sequential waterfall design methodologies and embracing incremental agile approaches. What about for business continuity management?
For IT and business continuity management, transformation in the 21st century means stepping outside of the traditional risk-averse mindset to take on a deeply proactive approach that extends across the entire business. Such an approach recognizes that business resiliency – the ultimate goal – means much more than keeping the lights on or even keeping the data flowing.