Business resilience refers to an organisation’s ability to respond to all manner of risks – including cyber attacks and natural disasters – and adapt to the new environment following an incident.
Encompassing both business continuity and crisis management, business resilience provides a comprehensive approach to incident response that integrates with your organisational culture, offering greater assurance of robust resilience.
In an increasingly hostile environment, business resilience is a governance and risk management responsibility. Business resilience planning is therefore essential for any board seeking to survive and thrive in the ever-evolving threat landscape.
Business Resilience, Business Continuity or Disaster Recovery?
There is some overlap between the concepts of business resilience, business continuity and disaster recovery, but they can be differentiated as follows:
- Business resilience: Strategic risk management approach, unifying various disciplines into a single set of integrated processes, tailored to your organisational needs.
- Business continuity: Standardised process-driven approach that enables an organisation to continue operations while coping with a major incident.
- Crisis management: Addresses specific crises (both manmade and natural disasters).
For example, a crisis management event might trigger a business continuity event, but a crisis is not necessary for business continuity.
Why Business Resilience?
All organisations, whatever their size, sector or location, face business risks. Failure to prepare for such risks can cause long-term harm, with organisations suffering financial penalties and reputational damage.
- Natural disasters
- Economic disruption and market turbulence
- Terrorist-related incidents and disruption
- Cyber crime and cyber terrorism
- Civil emergencies, strikes, and similar action
- Pandemic threats, including SARS and Avian Flu
- Compliance failures
- Disruptive technological advances
- Technology failure
- Supply chain failure
Business Resilience Strategy
Given the range of risks faced by an organisation, a comprehensive business resilience plan is essential. It should include the following:
- A business continuity plan providing an organised, rehearsed response to all potential operational disruptions. Implementing an ISO 22301 BCMS (business continuity management system) is the most effective method to do this.
- A disaster recovery plan focusing on real disasters the organisation is likely to face.
- A value protection plan, ensuring shareholder value is preserved when faced with a disruptive event.
- An exploitation plan, enabling the organisation to identify and exploit commercial opportunities that may arise during a disruption.
Business resilience standards
There are three main standards for business resilience. One is international and two are American.
- ISO 22301:2012 is the international standard for a Business Continuity Management system (BCMS)
- ASIS SPC.1-2009 Organisational Resilience: Security and Resilience in Organizations and their Supply Chains
- NFPA 1600®: Standard on Continuity, Emergency, and Crisis Management is available to download here.
Speak to an expert
Please contact our team of experts for advice and guidance on our products and services.