Our commentary below discuss the business case for business resilience from the perspective of IT. We draw much of the information within this commentary from an article published in January 2014 by IBM’s Global Technology Services Team. That article is entitled “Building the business case for continuity and resiliency, The economics of IT risk and reputation and their importance to business continuity and resiliency professionals – Implications of the IBM Global Study on the Economic Impact of IT Risk”. The excerpts are denoted by an asterisk.
“The days when continuity professionals focused exclusively on getting computers up and running after a major disaster are over. Continuous availability is now a requirement of enterprise-wide business continuity and resiliency practices. Prevention, not reaction, is the focus and disaster recovery is just one part of the picture. As a result, today’s continuity and resiliency professionals have a vastly expanded scope of responsibilities — including ensuring system viability and compliance, evaluation of vendors, data backup and storage, managing budgets and setting priorities, to name just a few.
No matter which responsibility you are attending to on any given day, you need keep an eye on cost. According to continuity and resiliency respondents to the IBM Global Study on the Economic Impact of IT Risk, business and IT disruptions that result from IT failures will cost an organization $19.5M over the next 24 months.
Building the business case for improved continuity and resiliency efforts has been difficult, because detailed benchmark time and cost data has not been available—until now. The IBM Global Study on the Economic Impact of IT Risk is among the largest of its kind, surveying a total of 2,316 IT professionals, 1,069 of them business continuity specialists.
Each business continuity specialist answered detailed questions about the types of failures their organization experiences and the causes of these failures. Their responses, featured in this analysis report, can give you the benchmark data you need to add depth and breadth to your existing IT risk management strategy, demonstrate the business importance of IT continuity and resiliency and, ultimately, build the business case that can help justify the budget and resources you need for success.
Benchmarks for business cases
The business case for improved continuity and resiliency is built upon one proven truth—that continuity and resiliency efforts have a business value that go far beyond the back office and affect everything from employee productivity to corporate and brand image. It makes good financial sense, then, to invest in designing robust continuity and resiliency protections into IT systems up-front, rather than paying to mitigate and correct failures when they happen.
Here is what your continuity and resiliency peers have to say about costs, causes and risk factors, as revealed in the IBM study. When combined with the $19.5M potential price tag for mitigating and correcting failures as they happen, these findings can provide the concrete proof points that previous business cases have been lacking.
The state of business continuity today
There has been a major shift in the focus of business continuity and resiliency efforts in the past few years. No longer is the focus on disaster recovery and reacting to problems quickly. Now, disaster recovery is just one part of the larger continuity and resiliency picture, and the focus has shifted from reactive to preventive.
Many organizations’ business continuity and resiliency programs still have a way to go, however. Only 20 percent of continuity and resiliency professionals say that their business continuity management program or activities are fully mature, while 13 percent were unable to determine maturity. Reputation and brand damage is the single highest continuity and resiliency cost category, but only 35 percent of continuity and resiliency professionals say their organization’s leaders recognize that IT risks affect brand image.”*
We at ThinkGRC are committed to providing services with regard to both Risk Management and Business Resilience. As the IBM article reports, now more than ever is the time that businesses must begin to focus and commit resources to these two key areas. Let us at ThinkGRC help to align your business on the path to mitigation of risks and the evaluation of you business resilience posture and resilience score. We can help prepare your business for the unknown challenges ahead.
We’d like to end with a quote from Paige A Poore, Director, Worldwide IBM Business Continuity:
“Business continuity today is all about continuous availability and proactive techniques to protect that availability, no matter what happens.”
—Paige A Poore, Director, Worldwide IBM Business Continuity