Your organisation can’t just go dark to your customers if you suffer a data breach or technical outage. Your ability to respond to business resiliency challenges could define your success in situations that aren’t just possible but certain. Something will happen at some point that challenges your company’s revenue, productivity, and reputation. The question isn’t “if”—it’s what, when, and how you’ll respond.
Business resilience is defined by PwC as “the ability of an organisation to recognise, rapidly respond to, and recover from changes in the environment and their resulting risks.” Today’s IT managers cut their teeth on the concept of business continuity planning, a strategy focused on carefully planned responses to disasters, like earthquakes. Business resilience is the next logical step—a strategy-based mindset focused on adapting and seizing opportunities in the face of challenges that may blindside you.
Adapt your business to become resilient
Server outages, power outages, hardware issues, human mistakes—all these causes of downtime happen on a regular basis, and they can be expensive. By one estimate, a single hour of downtime costs more than US$100,000 (S$131,000) for 98 percent of businesses, with costs ranging from US$1 million to US$5 million (S$1.31 million to S$6.56 million) for 33 percent of organisations.
Recently, Amazon Web Services suffered total outage for a staggering four hours. The issue was caused by an “authorised team member” who made a minute code error, removing a massive set of servers. In follow-up interviews with the media, Amazon’s press team admitted one contribution to the delayed restoration was the web hosting giant’s failure to complete a full reboot of the service in several years.
The AWS outage was dubbed the “$150 million typo”—and a powerful illustration of just how expensive a single mistake can be. For organisations of all sizes, whether they rely on AWS or not, the recent outage is an important lesson in why preparing for business resilience challenges matters—and how easily disaster can occur.
1. Low productivity and lost revenue
If you don’t know exactly how much an hour of downtime would cost your business, you’re still operating in the old-school mindset of disaster recovery. Per Forrester VP Stephanie Balaouras, there are three key steps to shifting your mindset away from disaster recovery and toward resilience:
- Calculate the cost of an hour of downtime
- Measure end-to-end availability
- Match business objectives to technologies
Your customers and CEO don’t really care that your organisation’s SLA with your cloud provider offers a minute chance of failure. That said, suffering an outage is on the top of their “definitely not acceptable” list. By quantifying the impact of an outage, your organisation will be prepared for productive conversations around better resiliency—and, more importantly, to ask for money to cover virtualisation investments.
Investment in technologies, like virtualisation, replication, and continuous data protection, isn’t as cheap as non-investment—but it’s rarely as pricey as the cost of downtime and time to availability. For organisations subject to SLA penalties in case of downtime, creating a culture of resilience planning is crucial.
2. Reputational damage
Any form of outage or resilience risk can result in costly reputational damage—especially the risk of a cybersecurity incident. One recent study that followed the organisation TalkTalk found that a data breach is among the most impactful forms of reputational damage a company can suffer. Even worse, the study definitively found that not every organisation can bounce back from a security incident. Depending on your response and surrounding factors, you may never have the opportunity to win back your customers’ trust.
While technical safeguards play an important role in protecting against reputation damage, PwC research also advises the creation of accountability for optimal reputation resilience. Working with individuals in communications and other executive functions to create a plan for customer and employee communications in case of disaster gives your organisation a way to respond that salvages potentially damaged relationships.
3. Noncompliance with regulations
No one wants to talk compliance ever, and there’s good reason behind that. Per the Singapore Business Review, compliance programs have greatly expanded in size in the last decade. While organisations are stepping up their game, it’s not always enough. The cost of fines handed out for noncompliance has grown drastically, too.
Resilience planning is a naturally adaptable mindset at the core of reducing compliance risks. By shifting the way your IT team thinks about compliance—from a checklist mindset to the understanding that complex IT environments can change hundreds of times an hour—you can better prepare to avoid costly compliance penalties. Creating human accountability for constant compliance is important, as are technologies that make security a priority, including real-time security incident event management (SIEM) technologies and self-healing printers that won’t go unpatched and put your network at risk.
Inevitably, your organisation will suffer some type of incident or breach one day. Whether you experience a simple human mistake or massive security attack, your uptime and communications continuity will be challenged. It’s the nature of today’s security threat vector and complex networks. Embracing the principles of business continuity is important, but understanding business resiliency challenges can help you position your firm to bounce back in a worst-case scenario. By planning for the human, technical, and risk-related aspects of any kind of disaster, you can minimise the damage to your productivity, reputation, and compliance.