Business resilience - continuity

Business continuity is about taking responsibility for your business and enabling it to stay on course, whatever it has to face.

Any incident, large or small, natural, accidental or deliberate, can cause major disruption to your business. If you're not prepared, your business could suffer loss of income, reputation or customers; you might face legal or regulatory penalties - or even a complete failure of the business.

Business continuity begins with identifying your key products and services and your most urgent activities. Once you've established this, it's about devising plans and strategies to enable you to continue your business operations and recover quickly and effectively from any type of disruption. It gives you a solid framework to lean on in times of crisis and provides stability and security.

Understanding your organisation - the business impact analysis

A business impact analysis identifies the activities in your business operations that are key to its survival. You should consider things such as:

  • the records and documents you need everyday
  • the resources and equipment you need to operate
  • the access you need to your premises
  • the staff skills and knowledge you need to run your business
  • external stakeholders you rely on or who rely on you
  • any legal obligations you must meet
  • the impact of not carrying out critical business activities
  • how long your business can survive without performing these activities

As part of your business impact analysis, you should assign a ‘recovery time objective’ to each activity. This is the time from an incident happening to the time that the critical business activity must be fully operational to avoid damage to your business.

Why have business continuity plans?

  • to ensure critical elements of the business can continue to operate during a disruption
  • to maintain public and customer confidence in the business's ability to cope with adverse circumstance
  • to potentially save on costs by planning ahead
  • to protect the interests of staff, suppliers and customers
  • to restore 'business as usual' as quickly as possible
  • to establish roles and responsibilities for key staff and your business

Emergencies can develop suddenly and without warning. If you're not prepared your business might suffer loss of income, customers, reputation or worse. The risks to your business can be considerably reduced by taking the time to complete a business continuity plan.

What should your business continuity plan contain?

  • updated list of all key contacts (including out of hours) for staff, clients, contractors, insurer, etc
  • roles and responsibilities - identify who will lead the response to any periods of disruption, and identify a deputy in their absence
  • call cascade tree... make clear who will contact who
  • procedures... state clearly what the business will do, where it will go, etc

As the risks to your business change, so too will their potential impacts. When you update your risk management plan, you will also need to conduct a new business impact analysis.

Please visit North Yorkshire Local Resilience Forum for more information on completing a business continuity plan.

Don't forget to keep a copy of your plan offsite - the building may not be accessible.

Business continuity card

Cyber insurance

Almost every company relies on computer systems for some aspect of running their business, and a failure of these systems can be catastrophic. You need to consider network security and protection as well as your physical assets.

Cyber risks include:

  • ‘rogue’ employees stealing data
  • negligent employees sending incorrect data, losing hardware etc
  • hackers
  • malware / virus
  • a ‘denial of service’ attack, when a hacker or virus stops you from accessing some or all of your computer systems
  • inadequate security resulting in data breaches
  • intrusion into the business through an employee's social networking account
  • employees accessing company data through their own smartphones or tablets

A cyber attack results in both direct and indirect costs:

  • loss / damage to computer network assets
  • business interruption and extra expense
  • reputation damage following loss of data or failure of service
  • compensation, civil damages
  • regulatory awards and fines, plus defence costs
  • customer care

Who is at risk?

Any company dealing with electronic data is at risk. The common perception is that small = safe; however, 40% of all cyber attacks are directed at firms with fewer than 500 employees.

For more information on protecting your business can be found on GOV.UK website.