How resilient will your business be in the event of a disaster?
For business in the 21st century, the phrase “worst-case scenario” has been redefined. Climate change is triggering severe weather events and wildfires that endanger facilities and employees. Added to that, there are cyber breaches, pandemics, terrorist attacks, and even war. It’s clear that unprecedented global and local events are threatening companies as never before. Today, even a minor unforeseen engineering issue can cause devastating manufacturing consequences if supply chain problems delay delivery of a vital equipment part.
And disasters cause downtime, which can result in significant daily revenue losses. How long can your business afford to endure an interruption? How prepared is your business to withstand or to fully recover from any one of many possible catastrophes?
Whatever the potential threat - extreme weather, global health crises, or equipment failures — Chubb risk managers agree that to ensure business resiliency, you need to have a business continuity plan.
Your business continuity plan (or BCP) is an individualized, documented series of actions to be taken when a catastrophe strikes — be it an emergency evacuation, a cyber breach, or something else.
A BCP ensures that protocols, procedures, contact lists, and other resources are at your fingertips at a moment’s notice. It is designed to:
It’s simple: planning = resilience.
Companies that have a BCP in place have a much better chance of mitigating and surviving the effects of disastrous events on humans, facilities, and finances. It can help minimize dangers to employees, enable operations to continue, protect a company’s revenue, reputation and competitive advantage, and control recovery costs.
Business continuity planning in five steps
The following elements can help ensure you get your BCP off to a good start:
• Buy-in from top management. Make sure senior-level executives understand the benefits of having a BCP and are committed to providing ongoing support. Use relevant data — for example, about climate change — to help make your case.
• A designated lead. This person will be responsible for overseeing the development process.
• A diverse core team. Include representatives from each critical business area, such as production, IT, human resources, marketing/communications, quality control, risk management, and finance. Key vendors and suppliers can also provide useful input.
Your business operations are unique. It’s essential to identify and rank both general risks and potentially ruinous hazards that are most likely to threaten your company’s resiliency.
Each potential threat has its considerations. For example, if a facility handles flammable materials or is in a geographic area with an increased risk of tornadoes, then plant construction is critical. If your business handles sensitive customer data, then cyber breaches are of utmost concern — and so forth.
After a thorough assessment, it’s time to make contingency plans to minimize the impact of your key risks. Depending on your needs, this can mean safeguarding a hardcopy data backup offsite, keeping a list of alternate vendors for critical parts, or having a process in place to move your entire operation.
What will you do when there’s an earthquake or a bomb threat? Before life- or health-threatening situations occur, have these key emergency protocols in place:
• Employee communication channels. Assign leaders and make sure all staff understand disaster response procedures.
• Evacuation plans. Conduct regular inspections to ensure access is not blocked; determine whether additional security measures might be needed.
• Training sessions. Conduct regular drills to prepare employees while assessing and improving response times.
Detail your company’s critical business functions and identify what will be required to restore such areas as sales, production, and operations to pre-disaster levels.
Make sure these steps are supported by a financial plan, including recovery budget requirements and a list of available assets (such as emergency funds, secured credit lines, and insurance policies).
Neither your business nor its potential threats are static — so neither should be your BCP. Be sure to review and update your plan regularly.
Given the importance of comprehensive BCP to a company’s post-disaster survival and recovery, the best time to develop one is when you start your business. The next best time is today.
Creating a BCP is a multi-faceted process that requires institutional attention and resources. For help with your business continuity analysis and planning, we offer a comprehensive Business Continuity Planning Guide. We provide risk management tools and resources geared to specific, most relevant business hazards that may be applicable to you, such as floods due to changing weather patterns; internet of things technology failures; or supply chain interruptions caused by more frequent and severe natural hazards, pandemics, and civil unrest. Proper planning and documentation of best practices can help ensure that your business will be resilient in the event of a disaster.
For more information, contact Chubb Risk Engineering Services.
No part of this article may be reproduced in any written, electronic, recording, or printed form without written permission of Chubb.
@2022 Chubb. The contents of this document are for informative purposes only and do not constitute advice. Please review the full terms, conditions and exclusions of our policies to consider whether they are right for you. Coverage may be underwritten by one or more Chubb companies or our network partners. Not all coverages and services are available in all countries and territories. Chubb® and its respective logos, and Chubb. Insured.SM are protected trademarks of Chubb.
Contact us to find out how we can help you get covered against potential risks