International political instability, cyber-attacks and terrorism are at the top of the list of external forces that are affecting Australian businesses’, regardless of where the event originates or plays out. Take the recent cyber-attack on Maersk as an example. The world’s supply chain was instantly halted and at the mercy of one company’s cyber posture and resilience.
In many cases, these events are almost impossible to anticipate, but even when they are “known unknowns,” the anticipated impact is far from guaranteed. The damage is even more unpredictable, as the financial costs could potentially be compounded by long-term damage to your business’ ability to function.
There are, however, a number of measures an organisation can take to ensure it’s in the best possible position to mitigate any long lasting effects.
The first step is to identify potential threats. In today’s fluctuating business environment, it’s essential for business leaders to arm themselves with the knowledge of the potential threats their organisation faces and the impacts on business operations that those threats, if realised, might cause. While it will be almost impossible to be able to anticipate the exact nature of the threat – will a cyber-attack lead to your e-commerce website being shut down, will confidential information go missing etc. – having a basic understanding of the possible threats from a business continuity perspective will allow an organisation to act more nimbly and confidently should disaster strike.
Secondly, individuals must be given the responsibility of monitoring these potential threats. With many unforseen parties and factors involved, it is essential for a business to ensure clear lines of reporting, delegation and managerial oversight, as well as effective lines of communication to all stakeholders. These individuals should also be capable of devising a response plan no matter what the threat is and asking questions (Is this threat manageable? Is there more that could be done today to lessen the effects in the future?)
Thirdly, businesses need to consider a broader response framework to identify, assess, monitor and plan for the impact caused by the threat landscape. Regular reviews, consultations, information sharing and updates are essential to ensure that the process runs as smoothly and efficiently as possible. These steps can help ensure organisations are prepared on the day of a potential threat or crisis. Loss of revenue, public and employer liability or evacuating an office or factory can all present serious business continuity challenges.
Finally, businesses are made of people. It’s the people that must commit to the process, and own the response. It can be tempting when dealing with the day-to-day pressures of a job to deprioritise a task such as this. After all, there are only so many hours in the day and working on tasks with an impending deadline will inevitably be viewed as more vital than planning for an event which, in all likelihood, may never occur. Strong leadership and commitment is key.
Aon is constantly researching these threats (see the Global Risk Management Survey) and assisting businesses navigate through times of uncertainty through providing business continuity and crises management consulting and insurance and other specialist solutions.