Business continuity management is not a new concept – it’s something organizations have been assessing for decades or even centuries.
At the time of the Industrial Revolution, merchants would have been concerned with maintaining the supply of raw materials if their ships sank. During the Second World War, businesses would have worried about surviving if they were bombed, or if rationing impacted their supplies. Today, organizations face the challenge of tackling digital data breaches and terrorist attacks.
Yet there are some risks that haven’t changed throughout history - natural disasters like hurricanes, fires and floods can, and do, still stop companies in their tracks. Whether it’s the 18th or the 21st Century, the cost of any threat that could compromise a business can potentially be devastating.
However, the way threats are managed, and the development of business continuity plans, has changed dramatically over the years.
The shift towards organizational resilience
Over the last two decades, there has been a fundamental change in the way businesses view continuity management. Rather than handling business disruption on an ad hoc basis, or when disaster occurs, organizations are increasingly developing business continuity plans, ensuring they are more proactive in managing potential risks.
Ransomware – a present and future threat
Just like any business, technology doesn’t stand still, it is constantly evolving and changing. Likewise, malware such as ransomware and worms are keeping pace with technological advancements, and they pose a real threat. For instance, ransomware attacks skyrocketed in 2017, with WannaCry crippling thousands of businesses, while the Petya crypto-virus knocked out the likes of multinational shipping firm Maersk, British advertising company WPP and pharmaceutical company Merck. The losses from the WannaCry attack have been estimated to be as high as $4 billion worldwide.
With increasingly sophisticated ransomware appearing all the time, the emphasis in terms of business continuity will be on the creation of plans that consider the implications of a cyber-attack and how organizations will respond to them.