An eye to the future of business continuity!

Last week I had the pleasure of speaking on the 'Investing in Resilience - Business Continuity' webinar hosted by the Business Continuity Institute. One of the questions raised was 'Where do you see the Business Continuity industry within the next 5 years'. Below I set out my thoughts on this and why I think we need a balanced perspective...

Let me start by saying that I have been in the Business Continuity industry for over 20 years. During that time I have witnessed many major incidents and events, and it has taught me to always expect the unexpected and that anything and everything is plausible! What you planned for, won't be the thing that happens.

Mega trends have been on the horizon for many years. These include:

• Rising/aging populations
• Climate change
• Energy crisis
• Wealth distribution and poverty
• Rising crime
• Mass migration
• Trade conflicts
• Technological advancement

The 2019 World Economic Forum Global Risk Report highlights that the

Highest impacting threats are:

• Geopolitical (weapons of mass destruction)

Highest probability threats are:

• Environmental (extreme weather, climate-change mitigation or natural disasters)
• Technological (data-fraud, data theft and cyber-attacks).

These are all things that have been talked about for many years and will continue to feature high on the risk agenda, and potentially with more extreme consequences as the population continues to grow, and demands access to more resources.

One area that is having a profound impact on the future of business continuity is the advancements in technology, and this is an area that I focus on in this article. As well as challenges, it also provides many benefits.

In addition to the World Economic Forum Global Risk Report, the BCI Horizon Scan has repeatedly called out IT disruptions, cyber-attacks and data breaches as being the biggest threats to organisations right now.

As risk professionals we automatically look at the negative impact of threats, but we must also consider the opportunities that technology provides for advancing the human race.

So lets first consider some of the risk factors.

Digital technology is disrupting the way we live. We are no longer just talk about the 'Internet of Things', but the ‘Internet of Everything’

We live in a society where we expect everything to be 'always on, always connected, always available'. There are now more digitally connected devices in the world than there are people.

With each connected device, the risk of cyber-attack and data breach increases, as does the will and determination of threat actors. This can range from a teenager experimenting with technology in their bedroom, right through to state-sponsored attacks designed to infiltrate networks and cause mass disruption on a large scale.

Advances in innovative technology such as robotics and artificial intelligence are being developed on an unprecedented scale. This is leading to questions on trust, transparency and ethics with regards to the volume of data that is collected and processed and how it may impact on human rights. There are calls from regulators to implement codes of conduct that ensures that technology is deployed in the right way, and for the right reasons.

This is leading organisations to think beyond just typical risk factors, and consider how technology can used as an enabler for brand protection, and how it can be used to drive real business benefits and market trust.

Opportunities

The ability to connect any device, anywhere in the world means that many companies are now embracing smart workplace technologies which enables greater collaboration and sharing of information. This is encouraging more companies to adopt flexible working practices for their employees.

It also reduces the dependency on physical buildings and infrastructure. Therefore traditional workarea recovery - which involves moving people on mass between locations in the event of a major incident - may no longer be required, or certainly not on the scale needed previously

As the cost of networks and server infrastructure has got cheaper, the ability to host data in multiple locations including cloud platforms has increased. This includes having multiple data vaults and backups, as companies look to limit the impact from physical and logical disruptions. As technology becomes more accessible then smaller companies are also able to benefit from cloud-based services, rather than build their own.

These advances in technology are also driving down Recovery Time Objectives (RTOs), which provides measurable improvements in business continuity capability, as downtime is significantly reduced.

So how can we continue to reduce the risk and enable the opportunities?

If we consider that economic, environmental, geopolitical, societal or technological threats will continue to evolve on a global scale. That we should ‘expect the unexpected’ and that ‘anything is plausible’, then we need to consider how we navigate the changing landscape.

Threats need to be reviewed continuously to establish if the response and mitigation is still valid, especially since what is acceptable today, may not be tomorrow. This includes changes in legislation as well as changes in cultural norms and values. This requires resilience in the face of adversity.

A resilient organisation provides longevity, stability and engenders market trust.

It is not enough for an organisation to be resilient whilst all others are failing. The resilience of an organisation must also consider the resilience of the communities it serves and have a deep appreciation of the complexities of the supply chain.

Organisations must therefore consider how to react to a range of scenarios to enable it to achieve its objectives. Return on investment becomes one of keeping the company viable despite the threats that it is facing on a daily basis, and taking advantage of the opportunities as they arise.

Traditional risk functions such as Business Continuity, Disaster Recovery, Cyber Security, Physical Security and Health & Safety, need to be viewed as complementary and must be advanced.

Within each of these capabilities are great problem solvers, analytical thinkers and strategists, often with in-depth knowledge and understanding of the business, the sector they operate in and the threat landscape; but they must also be adaptive and reactive to change. Not every change is negative and some can deliver positive outcomes.

Rather than turning away from the biggest threats to cause a disruption, it should be tackled head on. This entails continuously building and stress-testing the response to build confidence in the capability, that engenders trust in the brand.

Even after 20 years, I’m still learning, adapting and approaching the changing landscape with a balanced point of view, and challenging the status quo.

Now I'd like to hear from you...

What do you think are the challenges and opportunities that the Business Continuity industry can expect over the next 5 years? Let me know in the comments below

Many Thanks

Sarah