Your organisation can’t just go dark to your customers if you suffer a data breach, natural disaster, or technical outage. Your ability to respond to business resiliency challenges could define your success in situations that aren’t just possible but certain. Something will happen at some point that challenges your company’s revenue, productivity, and reputation. The question isn’t “if”—it’s what, when, and how you’ll respond.
Business resilience is defined by PwC as “the ability of an organisation to recognise, rapidly respond to, and recover from changes in the environment and their resulting risks.” Today’s millennial IT managers cut their teeth on the concept of business continuity planning, a strategy that focused on carefully planned responses to disasters, like earthquakes. Business resilience is the next logical step: a strategy-based mindset that focuses on adapting and seizing opportunities in the face of challenges that may blindside you.
Resilience: You can’t afford the alternative
Server outages, power outages, inclement weather, hardware issues, human mistakes—all these causes of downtime happen on a regular basis, and they’re a serious hit to business budgets. By one estimate, a single hour of downtime costs more than £74,000 for 98 percent of businesses, with costs ranging from the £0.7 million–£3.7 million for 33 percent of organisations.
Recently, Amazon Web Services suffered total outage for a staggering four hours. The issue was caused by an “authorised team member” who made a minute code error, removing a massive set of servers. In follow-up interviews with the media, Amazon’s press team admitted that one contribution to the delayed restoration was that the web hosting giant hadn’t completed a full reboot of the service in several years.
The AWS outage was dubbed the “$150 million typo”—and a powerful illustration of just how expensive a single human mistake can be. For organisations of all sizes, whether they rely on AWS or not, the recent outage is an important lesson in why preparing for business resilience challenges matters—and how easily disaster can occur.
Challenge #1: Lost revenue and productivity
If you don’t know exactly how much an hour of downtime would cost your business, you’re still operating in the old-school mindset of disaster recovery. Per Forrester VP Stephanie Balaouras, there are three key steps to shifting your mindset away from disaster recovery and toward resilience:
- Calculate the cost of an hour of downtime
- Measure end-to-end availability
- Match business objectives to technologies
Your customers and CEO don’t really care that your organisation’s SLA with your cloud provider offers a minute chance of failure. That said, suffering an outage is on the top of their “Oh Hell No” list. By quantifying the impact of an outage, your organisation can be best prepared for productive conversations around better resiliency—and more importantly, to ask for money to cover virtualisation investments.
Investment in technologies like virtualisation, replication, and continuous data protection isn’t as cheap as non-investment—but it’s rarely as pricey as the cost of downtime and time to availability. For organisations subject to SLA penalties in case of downtime, creating a culture of resilience planning is crucial.
Challenge #2: Reputation damage
Any form of outage or resilience risk can result in costly reputational damage—especially the risk of a cybersecurity incident. One recent study, that followed the organisation TalkTalk, found that a data breach is among the most impactful forms of reputational damage that a company can suffer. Even worse, the study definitively found that not every organisation can bounce back from a security incident. Depending on your response and surrounding factors, you may never have the opportunity to win back your customers’ trust.
While technical safeguards play an important role in protecting against reputation damage, PwC research also advises the creation of accountability for optimal reputation resilience. Working with individuals in communications and other executive functions to create a plan for customer and employee communications in case of disaster gives your organisation a way to respond that salvages potentially damaged relationships.
Challenge #3: Noncompliance
No one wants to talk compliance ever, and there’s good reason behind that. Per McKinsey, the compliance environment—or the volume of regulations organisations are subject to—has drastically increased in the past eight years. While organisations are stepping their game up, it’s not always enough. The cost of fines handed out for non-compliance has grown drastically, too.
Resilience planning is a naturally adaptable mindset that’s at the core of reducing compliance risks. By shifting the way your IT team thinks about compliance—like from a checklist mindset to the understanding that complex IT environments can change hundreds of times an hour—you can better prepare to avoid costly compliance penalties. Creating human accountability for constant compliance is important. So are technologies that make continual compliance possible, including real-time security incident event management (SIEM) technologies and self-healing printers that won’t go unpatched and put your network at risk.
It’s pretty much inevitable that your organisation will suffer an incident of some kind in the next 12 months. Whether you experience a simple human mistake or massive security attack, your uptime and communications continuity will be challenged. It’s the nature of today’s security threat vector and complex networks.
Embracing the principles of business continuity is important, but understanding business resiliency challenges can help you position your firm to bounce back in a worst-case scenario. By planning for the human, technical, and risk-related aspects of any kind of disaster, you can minimise the damage to your productivity, reputation, and compliance.