By Bob Jensen
Senior US Government Offical
Nearly all businesses and government organisations agree that it is necessary to be prepared for unexpected events, both small and large, that may impact and disrupt daily operations. However, when it comes to having the right kinds of plans in place to ensure their organisation can handle an incident, the fact is most are woefully unprepared.
What are the key plans an organisation needs to have in place?
In order to adequately protect themselves in the event of an unexpected emergency, organisations should have four key plans in place:
a business continuity plan (BCP);
a crisis action plan;
a crisis communication plan; and
a cyber-security crisis response plan
Business continuity plans
Most larger organisations have put business continuity plans (BCPs) in place, but a survey in 2012 by a major US insurance company found that about half of all small businesses were operating without a BCP and many thought that simply having insurance was enough to protect them in case of a crisis.
Even for those organisations with a BCP in place, many of the plans were inadequate. Some only focused on IT and technology, some only covered a single worksite of the business, while others had never been shared with key staff.
Crisis action plans
A major public relations firm survey found that nearly 35% of respondents didn’t have a crisis action plan in place. Even for those who did have a plan, many weren’t adequate, nor were they reviewed or exercised regularly.
Only about 20% of responding companies were well prepared for a crisis, even though a majority of companies agreed they were vulnerable to a wide range of events from criminal actions resulting in technical disruptions.
Crisis communication plans
Even fewer companies had crisis communication plans that supported the crisis action plans. The aim of crisis communication plans is to have clearly defined processes for identifying and reporting a crisis, as well as clearly defined roles, which will help organisations to manage a crisis if it occurs.
Cyber-security crisis response plan
Cyber threats are evolving into one of the biggest potential risk areas for businesses, ranking much higher than natural disasters and terrorism.
Yet surveys conducted recently show that 60% of respondents only had a partial process in place for cyber defence and 11% reported no process at all. Overall, only 15% reported they were well prepared for a data breach.
While 56% of larger businesses had a cyber-security crisis response plan, very few of them were integrated with their crisis communication plans and most were more technically focused.
Small businesses, which are being hit at a growing rate by cyber attacks, were even less prepared, with only 10% having an internal IT manager focused on technological issues and very few having a cyber-security plan of any kind.
Bob Jensen’s keynote tour takes place nationally in February and March. Dates and bookings here.