Business continuity maturity and operational resilience took the spotlight in 2020 as organizations scrambled to get their plans in order and updated with pandemic response policies and procedures.
But has this extra attention helped increase continuity program maturity and the ability to address operational risks?
In the “State of Business Continuity Preparedness” survey conducted by the Disaster Recovery Journal (DRJ) and Forrester during the last quarter of 2020, businesses weighed in on their management activities and priorities for 2021.
Let’s look at some key findings:
Getting buy-in for business continuity program development, enhancements, or participation is a common struggle. During a year that put the value of continuity and recovery preparedness in stark relief, executive support increased to 94% from a status quo of the high 80s in previous survey results.
Yet, less than half (38%) of respondents rated that support as “significant,” indicating there’s still room for improvement in helping leadership teams understand the strategic importance of business continuity and disaster recovery planning.
Business impact analysis and risk assessment are two foundations of effective business continuity management (BCM). Together, these steps help identify and prioritize your most critical and time-sensitive business processes, gauge their impact and map dependencies across your organization, and project the risks and consequences of those processes becoming unavailable.
With about 70% of organizations surveyed having conducted each as part of their planning processes, business impact analysis (BIA) and risk assessment have become fairly well-established foundations of BCM strategy.
While the prevalence of business continuity risk assessments (up from 57% in 2014) is a good sign, institutions that don’t regularly assess risk and use their findings to inform continuity and recovery priorities may discover that their planning has gaps and doesn’t align with the organization’s current risk landscape.
This could result in increased risk exposure, as a majority of organizations (61%) also felt that business continuity and operational risk levels are increasing, driven primarily by cyber threats, business complexity, and reliance on third parties.
The number of organizations using internal tools and manual management techniques (as opposed to software) has increased in recent years. The survey found that 64% of respondents are using document- and spreadsheet-based business continuity plans and management methods, up from 51% in 2018.
Aside from the real danger of “spreadsheet risk,” this shift represents a significant obstacle to maturity initiatives. Document-based BC plans can’t be kept up to date without significant employee effort, hands-on data aggregation and validation, and time-consuming manual processes for reporting, plan maintenance, and other key activities.
None of these tasks support an integrated, risk-based approach to continuity and resilience management. Instead, they’re likely to result in siloed, error-prone data and incomplete plans — not a recipe for a mature business continuity program.
So what should we make of this mix of progress and setbacks in pursuing business continuity maturity?
The pandemic has highlighted both the shortcomings and strengths that organizations balance in managing operational risk. But one thing is certain: there will be other unanticipated business disruptions.
A mature business continuity program supports organizational strategy and performance and fosters “true resilience,” which “isn’t about managing a particular instance of risk, but being ready for anything through the way you operate,” to borrow a definition from Google’s Will Grannis.
Financial institutions are clearly thinking about how to future-proof their continuity and recovery programs. Bank Director’s 2021 Risk Survey found that 84% of institutions have made or plan to make changes to their business continuity plan based on their experience during the COVID-19 pandemic.
If your institution is in a similar situation, make sure those changes aren’t just a temporary stopgap, but come out of strategic decisions that set your organization on the path to maturity for managing business continuity and other operational risks.
A consistent framework for continuity planning and risk management plays a key role in helping institutions navigate uncertainty and build resiliency. Learn about how the Quantivate Operational Resilience Solution helps accelerate program maturity, or explore best practices for BC planning and risk integration: