There has been a revolution in government and corporate views on planning and preparedness in recent years. For the first time ever, Business Continuity Planning is becoming institutionalized in both the public and private sectors of the United States. Government agencies and companies alike are now making the investment necessary to maintain ongoing Continuity Planning support and are viewing this as an essential component to public sector / business resilience.
The 911 Effect
Since the terrorist attacks of September 11, 2001, multiple Presidential Directives have highlighted an increased emphasis on Homeland Security, and explicitly mandated that the United States Government improve preparedness across the entire Public Sector. We have since also seen primetime television ads urging businesses to prepare, and the relatively newly formed Department of Homeland Security has incorporated both public and private sector preparedness into its operational mission. That said, it took several years to see results, but starting with the formation of DHS in 2003, a new culture of preparedness began to take hold.
The Business Case for BCP
Today, even as we remain in the midst of a Global recession, fears of corporate meltdown as a result of failure to effectively manage disruptive events is also driving Corporate Executives to budget for planning and re-weigh the importance of advance planning. Why now? Well, today we have multiple examples of otherwise stable companies that lost millions as a result of not making the upfront investment in creating adequate operational, infrastructure, and technological redundancies. A poorly fleshed out response can quickly cost a large enterprise millions in productivity and value, a particular concern for publicly traded companies. Conversely a strong continuity strategy can mitigate those losses and even lead to increased market share at the cost of ill-prepared competitors.
A 911 Case Revisited
One firm, Cantor Fitzgerald, lost 658 employees in the September 11, 2001 attacks on the World Trade Center. While the firm lost two-thirds of its workforce, and endured scars that will last a generation, their investments in disaster recovery and business continuity allowed them to survive this tragedy. Within a week of the disaster, the company was able to bring its trading markets back online, and its CEO, who lost his own brother in the attacks, vowed to keep the company alive. After a difficult 3 years of rebuilding, Cantor Fitzgerald again started realizing growth. Some might argue that the tragedy of 911 strengthened the company’s core, with management making the commitment to aid the relatives of those that passed for the foreseeable future and to keeping going at all cost. The company certainly proved to have the resilience to go forward valiantly and once again prosper within a few short years.
That said, there is little doubt that without effective continuity plans the company would have had a very different fate.
In a 2002 study, the research firm, Gartner, reported that 40 percent of small-and midsized companies that experience a sudden misfortune, will go out of business within five years. A more recent article by Yatish Mishra, published by the Disaster Recovery Journal estimated that 94% of businesses that suffer a large data loss go out of business within 2 years.
On top of potential for lost productivity and reduced revenue, companies without continuity plans face potential lawsuits from shareholders for failing to meet their fiduciary duty to avert foreseeable adverse impacts.
Government agencies and corporate executives alike are finally seeing that the cost benefit analysis weighs heaving in favor of continuity planning. This is leading to increased spending on preparedness and raises the potential for increased collaboration, coordinated responses, and economies of scale in planning. All told, in the coming years we will likely see that the majority of Government and medium to large companies develop sophisticated strategies that incorporate a range of data, voice, infrastructure, and functional redundancies, and which incorporate strategies such as telework, to ensure a scalable level of continuity, regardless of the size and scope of the disruptive event.