Three 2018 Business Continuity Predictions

From hurricanes Harvey, Irma and Maria to the WannaCry ransomware attack, business continuity planners around the nation had several opportunities to put their plans to the test in 2017. In 2018, three words will influence business continuity planning: community, reputation and collaboration. Here are three of our predictions for the upcoming year.

The Increase in Billion-Dollar Weather Events Will Require Businesses to Focus on Community




WildfireThe 2017 hurricane season proved to be the costliest one to date. Total property losses and economic impact from Harvey and Irma alone are expected to climb as high as $200 billion. The impact of California’s wildfire season isn’t much less — $180 billion — and even before December’s wildfires, 2017 has already made a record as the costliest and deadliest wildfire season in California’s history. According to predictions by Allianz, these billion-dollar disasters will be the new normal.

This new reality will force businesses to consider the impact of disasters on their communities and, in turn, the success of their organizations. If a disaster devastates a region, businesses will have to respond to the needs of the people living in that community — in some cases, both customers and noncustomers alike.

After Hurricane Harvey, for example, First Community Bank in Rockport, TX deployed a Mobile Banking Center, out of which it provided critical services like check cashing and internet access. The bank also met some more basic needs by providing water and meals. By contrast, other financial institutions in the same city remained abandoned, sending the message that they were not able to be there for their customers. Many of these customers, in fact, ended up at First Community Bank instead of driving to an alternate branch location.

In the long term, more businesses will need to look outside their own business continuity strategies and invest in community resilience. Jeff Schlegelmilch, the deputy director of the National Center for Disaster Preparedness at Columbia University’s Earth Institute (NCDP), says investing in community resilience "is not just a moral necessity. Spending on community resilience is also a sound business decision.”
Flooded town
In the wake of large-scale disasters, government agencies will not have the resources to facilitate recovery on their own. After 2017’s barrage of disasters, FEMA’s chief announced that staff were engaged in the longest activation in the agency’s history and were “tapped out.” FEMA’s administrator commented that FEMA was not designed to be the first or only agency responding to a disaster scenario — but it often is. In Canada, British Columbia’s public safety minister described a similar challenge. The government’s emergency systems worked well, but the “‘sheer scale’ of the spring floods and then forest fires overwhelmed the provincial government.”

As billion-dollar weather events increase, businesses will be forced to consider how they can contribute to the community’s resilience. By focusing on serving the community, businesses will in turn protect the long-term success of their organizations.

Customers Will Judge a Business’s Values by How It Responds to a Crisis



A business’s reputation has always mattered, but it matters now more than ever before. Customers expect businesses to take a stand for their values, and customers are scrutinizing them to make sure their actions are consistent with their messages. If there’s any discrepancy, social media will highlight that gap. Social media’s role in the rapid dissemination of information — both good and bad — is a key factor in shaping a business’s reputation.

Going forward, the odds of facing large-scale, highly publicized incidents, like hurricanes or data breaches, are increasing. In many cases, this means that executives and business continuity planners will be faced with an ethical dilemma when developing and evolving their business continuity strategies. They’ll have to ask themselves:


1. Do we do what’s best for the community, stakeholders and greater good?
OR
2. Do we do what’s best for the bottom line?

Case in point: First Community Bank prioritized option 1, using its resources to help residents jumpstart the recovery process. The neighboring businesses chose option 2. They closed their doors, which left many residents without services they needed and ultimately negatively impacted the businesses' reputations and ROI.

"Values play a bigger role than ever before in corporate reputation. "When a business responds to a crisis like a devastating disaster or data breach, it reveals its core values — and that could make or break its reputation.

It’s not just the business reputation as a whole that matters, however. In a global survey of executives, respondents estimated that nearly half of a company’s value was attributed to the CEO’s reputation, and they expected this link to strengthen over the next few years.

When a business experiences a crisis such as a data breach, how the CEO responds will have a huge impact on consumers’ perception of the business. Plus, more executives will be held personally responsible for breaches. In fact, a bill has been proposed that could send executives to jail for up to five years for not reporting a breach in a timely manner — which certainly won't do any favors for a business’s reputation.

In the upcoming year, we’ll see businesses renewing their focus on communicating their values through reputation management and corporate social responsibility, though many will treat these as separate endeavors from business continuity. Forward-thinking businesses will bolster their reputations by treating business continuity and crisis management as strategies for building the business and protecting its future.


The Public and Private Sectors Will Collaborate More



Public-Private Sector CollaborationAs threats of all sorts — from the aforementioned billion-dollar weather events to cyber threats such
as ransomware and phishing attacks — target both private and public organizations, the two sectors will share resources and collaborate to mitigate threats affecting the nation. As the Department of Homeland Security says, “Neither government nor the private sector alone has the knowledge, authority, or resources to do it alone.”

Both sectors, in fact, have more in common than it might seem. Consider these words from Ron Ross, National Institute of Standards and Technology (NIST) fellow: “All of us are kind of in this shared space. We all use the same commercial products, whether they’re operating systems, database management systems, cloud services….” While Ross was speaking of IT infrastructure, the same concept applies to how organizations respond to events happening in the physical world, such as acts of terror or severe weather events. These events often affect a private-sector business (or businesses) but require public-sector resources, usually law enforcement and first responders.

NIST Special Publication 800-181 recommends the following:

“Establish relationships, if applicable, between the incident response team and other groups, both internal (e.g., legal department) and external (e.g., law enforcement agencies, vendors, public relations professionals).”

This advice is useful for both cyber and traditional business continuity interruptions. Earlier this year, we wrote about one practical way to engage the public sector in your business continuity and crisis management efforts. To improve cybersecurity across industries and sectors, the Department of Homeland Security has established public-private partnership councils and offers information on cybersecurity training and exercises.

In speaking about the aftermath of the 2017 hurricane season, Schlegelmilch (mentioned above), also called for public-private partnership, though he acknowledged that there are still some hurdles to be cleared. Cross-sector collaboration will be a years-long journey, but dialogue about forming
relationships across industry and public-private boundaries will continue into 2018.

To hear more predictions, tune in to our Disaster Recovery Journal (DRJ) webinar on January 24.

Webinar: How Cybersecurity Trends Will Affect BC/DR in 2018

Popular Posts