- Major Studies
Restoration of information systems in the event of a disaster is an essential element of risk management. At the same time, having IT systems recovered without restoring business operations is of little value. Therefore, companies need a comprehensive business continuity plan that ensures that the business itself will survive in the event of a disruption, with key business functions, as well as IT functions, re-established.
Nevertheless, many business leaders neglect the importance of a formal business continuity plan. As show in Figure 3 from our full report, Business Continuity Planning Adoption and Best Practices, only 27% of organizations plan for business continuity formally and consistently.
Business continuity is the overall program to ensure that critical business functions will be available to employees, customers, suppliers, regulators, and other entities that must have access to those functions. There are many major activities and subsets—including disaster recovery planning, work area recovery, and data backup—that comprise business continuity planning.
“If a disaster happens, or even a high-profile ransomware attack, a run-of-the-mill disaster recovery plan is not enough,” said Tom Dunlap, director of research for Computer Economics, an IT analyst firm based in Irvine, Calif. “A broader business continuity plan should also address the potential loss of key people, disruption of customer or supplier operations, and failure of logistics providers.”
Furthermore, the business continuity plan must be maintained and tested as part of everyday business operations. Failure to do so may lead to a complete business breakdown, if key players in the plan have not practiced the execution, or if the plan does not hold up under the stress of real-world events. Even if an organization survives, there is likely to be significant disruption and financial loss. Taking a short-sighted view may mean that IT systems may be recovered, but the organization itself may not survive.
IT leaders should keep in mind that business continuity planning is an iterative activity to determine what processes should be used to re-establish key business functions. The plan should be continually refreshed as the business changes. Ideally, the business continuity plan should be embedded into how the organization does business on a daily basis.
In the full report, we first look at adoption trends for business continuity planning by organization size and sector. We also discuss the elements that every business continuity plan should contain, and steps IT organizations should take in establishing such plans.