If (when?) your clients express skepticism about the risks their business faces, you might try offering up these numbers:
- Cyberattacks that target businesses nearly doubled between 2016 and 2017 , driven by an enormous spike in ransomware, including ransom denial-of-service (RDoS) attacks. Result: overall, the cost of a cyberattack has increased more than 27% from 2016 to 2017.
- 2017 was the most expensive year on record for natural disasters, due in significant part to extreme weather events across the U.S. that caused a total of $306 billion in damage. Last year saw 16 separate billion-dollar events, including three tropical cyclones, eight severe storms, two inland floods, a crop freeze, drought, and wildfire.
Even a single power outage can bring down an unprepared business. The good news is that the expert risk management and business continuity help your clients need is at hand.
To begin the discussion, try sharing these strategically-focused risk management and business continuity best practices:
1 Take the time to realistically assess enterprise vulnerabilities
In one recent survey, increased reliance on technology and business complexity ranked second and fourth as drivers of increased risk.
2 Understand the difference between disaster recovery and business continuity
A disaster recovery (DR) plan — which chiefly concerns the restoration of IT infrastructure and operations after a crisis — is just one part of a complete business continuity plan that addresses an organization’s ability to sustain operational continuity in the face of disruption.
3 Incorporate new (cloud) technologies
The cloud services your clients’ businesses depend on have a role in their risk management and business continuity planning .
For example, a hybrid cloud able to seamlessly unify on-site systems with your clients’ clouds can keep their data safe in a remote location to be recovered from anywhere. DRaaS (Disaster Recovery as a Service) provides a cost-efficient way to remotely preserve and protect their data using state-of-the-art technologies.
4 Pay attention to third-party risks
Your clients need to do more than rely on audits and their service level agreement negotiating skills. They should establish a formal program of joint business continuity plan testing with business-critical third parties.
5 Test the business continuity plan often
Most organizations test their business continuity plans only once a year , typically with only simple tests — and test frequency tends to decline as testing becomes more extensive. But for many, plans should be tested more often, and certainly after any organizational changes.
6 Get employees involved
This means your clients need to engage line-of-business managers and other key employees in risk assessments and business continuity plan development and maintenance. It also means your clients need to sufficiently train all employees, especially about cybersecurity hygiene and disaster event communication and collaboration.
7 Bring in expert help when it’s needed
A technology consultant with strong experience in risk management, business continuity, and cybersecurity can help you plan, develop, deploy, and maintain the business continuity plans your clients need, each one customized to the organization’s requirements and optimized to adapt and evolve alongside it.