Call them what you wish – justifications, rationales, excuses; there are plenty of reasons that organizations large and small fail to create or maintain Business Continuity Plans. Even having a BC program doesn’t assure that development of Plans across the enterprise gets full cooperation. Maybe you’ve heard some of these justifications in your own organization:
1. We don’t have the time
Martin Van Buren, the 8th President of the United States, said “If you don’t have time to do the job right the first time, when will you find time to do it again?” If you don’t do it at all, you won’t need to do it again, will you? Problem solved. Just make sure your resume is up-to-date.
2. It costs too much to create/maintain
Life insurance is expensive too (and is just as unlikely to ‘pay off’ in the near future) but that doesn’t stop people from buying it. Why? Because it’s the right thing to do; the insured will never see a benefit, but they have the peace of mind that their beneficiaries will have some protection. But if you believe you’ll live forever, there’s no point, right?
3. Senior Management doesn’t care
Having a “C” in front of their title doesn’t make anyone infallible. Every business has priorities. If maximum short-term profit is the primary goal of an organization, there’s little point in swimming upstream against it. On the other hand, what’s the point of a Chief Risk Officer, if not to mitigate risks?
4. Nothing has ever happened – and isn’t likely to happen
You don’t have to be a student of statistics to understand that this attitude is simply wrong. The likelihood of something disrupting your business has no correlation with time. Just because it hasn’t, doesn’t mean it won’t.
5. We’ll trade the risk – for the cost savings
If your business horizon is this year (or this quarter) forgoing the cost of building a Business Continuity Plan produces a ‘win’ each time nothing happens. A disruption somewhere down the line may wipe out all those “savings”, but in the meantime, who doesn’t want to be a winner?
6. We back up our data so we’re safe
Your data is safe. Unfortunately, your employees may not be able to get to it, and your customers may not be able to get to you. That’s only a short term problem. Those customers will become someone else’s customers pretty quickly. Problem solved!
7. Everybody has a laptop; they can work from home if necessary
If every employee can reach your data with only a password, you’re inviting thieves to steal everything of value. If your Information Security people have assured more secure connectivity, there are additional considerations: Will your network support that much external traffic? How will employees collaborate? How long can you sustain work-from-home?
8. We have disruptions all the time. We know how to deal with them. We don’t need a Plan.
How you’ve dealt with all those disruptions–consciously or not – is a Plan. All you’ve neglected to do is document it. If the people who normally ‘deal with’ those disruptions aren’t available, wouldn’t it be nice if those thrust into those roles could benefit from all you’ve learned in past disruptions? But hey, that’s their problem, right?
9. We hired a consultant to create one. We update the contacts every year – so we’re prepared.
Whew! Glad we remembered to update those phone numbers; otherwise we wouldn’t be able to call our employees, vendors and customers to let them know we’re temporarily out of business.
10. What’s Business Continuity Management?
Never heard the term? OK, that’s possible. Never thought about preparedness? You back up your data (even though it may only be to tape); what are you doing about protecting the rest of your business? Oh, you have annual fire drills? Good for you.
These are a few examples of why organizations don’t plan. There are plenty more. All seem plausible to the holders of those opinions. As long as no disruption occurs, those opinions look pretty smart. But looking smart and being prepared isn’t the same thing. Ocean liners rarely sink, but they still carry lifejackets for every passenger. Automobiles seldom crash, but every seat has a seat belt. Because the stakes are high, the cost of preparedness won’t seem so large when something disrupts day-to-day operations. And it will.
