Reputation is a business continuity resource

Adam Zuchetti writing for My Business (Australia) on 17 November 2017 noted: “CBA’s apology a sign of real leadership at last”. The CBA is the Commonwealth Bank of Australia and one of Australia’s ‘Big 4’ banks. Adam noted: “After a string of scandals which have led to a major shareholder class action, CBA executives have finally taken responsibility for the bank’s failures and apologised to those affected.
The world began to spin when the news came through….that Australian bankers actually apologised for poor conduct.

At its annual general meeting (AGM), Commonwealth Bank chair Catherine Livingstone and outgoing CEO Ian Narev both apologised to shareholders for the spate of recent scandals, which they attributed to a ‘deficiency’ in compliance.”

Warren Buffett has reported noted: “It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you’ll do things differently.”

Business continuity planning can assist businesses to prepare for reputational damage through crisis communications planning and other strategies that need to be in place before like the CBA, your business is reported ‘on the front pages’ of Australian media.


Posted in B4Crisis | Leave a comment

Report following WannaCry & NHS ‘attack’

Sharing Charlie Maclean-Bristol, Training Director, FBCI, FEPS post on “10 Lessons from the report on the NHS Wannacry cyber attack. Charlie has distilled 10 lessons from the UK National Audit Office investigation into the “WannaCry cyber attack and the NHS” published this week which are:

1) Are you sure that your IT department has the skills, money, expertise, knowledge and leadership to ensure that your organisation is not vulnerable to an attack?
2) Unless your systems are patched and up-to-date, you are vulnerable to an attack. This is basic IT management!
3) 44 organisations reported disruptions, although they were not affected by WannaCry, because they shut down emails and other systems as a precaution. In this incident, more organisations were impacted by closing down and isolating their systems, compared to those actually affected by the virus.
4) Even if the attack didn’t have a direct impact on people’s lives, the indirect impacts were still huge. It was estimated in the report that 19,494 operations were cancelled.
5) “Plans had not been tested at a local level and it was not clear who should lead the response”. Exercising your cyber plan is essential to ensure that everyone is aware of their roles and responsibilities.
6) The response was made more difficult, as the main communications channel was shut down or affected by the virus.
7) There was no clarity about who the incident should be reported to.
8) The mitigation is very simple, are you doing the basics to protect your organisation?
9) Costs can be huge in response to a major breach and, according to the Financial Times, the cost of the Moller-Maersk cyber incident was $300m.
10) NHS England had identified 1,222 pieces of equipment which had been affected by the ransomware; this was 1% of all their equipment. Some of them had Windows XP embedded within the piece of equipment as their operating system. As the internet of things becomes wider, are you aware of operation systems used by equipment and how to patch and update the software?

Posted in B4Crisis | Leave a comment

Cyber-security highlighted in business continuity threat assessments

Cyber-security threats are the highest priority in most, if not all, business continuity threat assessments. The recent attack has reminded us how vulnerable many of us and our business are:

Sharing the Guardian’s closing summary of today’s main developments in the ransomware attack of Friday 12 May 2017:

* Amber Rudd, the UK home secretary, said after chairing a meeting of the government’s emergency Cobra committee that 48 of the 248 NHS trusts in England were affected by Friday’s cyber-attack, with all but six now back to normal.
* Companies and organisations in almost 100 countries, including Nissan’s plant in Sunderland and Renault factories, were affected by the cyber-attack.
* Theresa May said there was “no evidence” that NHS patient records had been compromised in what Europol has described as an “unprecedented” attack.
* Labour has accused Jeremy Hunt, the health secretary, of ignoring “extensive warning signs” that could have prevented the attack on the NHS.
* The UK-based cybersecurity researcher who halted the global spread of the ransomware attack by registering a garbled domain name hidden in the malware has warned the attack could be rebooted.
* The criminals behind the cyber assault appear to have raised just $20,000 (£15,500) from their demands for bitcoin in return for decrypting files, experts told the Guardian.


Posted in B4Crisis | Leave a comment

BCI Australasia Summit, 3-5 May 2017, Sydney

The BCI (Business Continuity Institute) Summit program has been released for Thursday 4 and Friday 5 May 2017 at the SMC Conference and Function Centre, Sydney with training workshops scheduled on Wednesday 3 May.

BCI Australasian Summit Home Page

The 2017 BCI Summit Australasia Business Continuity & Resilience Conference & Exhibition theme focuses on the building blocks of Resilience – encompassing real world wisdom, thought provoking comment and case studies.

Presentations will focus on the “top risks” exposed in the 2017 BCI Horizon Scan report, the world’s number one report on what you, the practitioner, the professional and senior business leaders see as “concerning”. Understanding the threats and the building blocks that, together, will help us manage those threats, will truly help us in Building Resilience. It will cover both cyber and non-cyber risks, and is guaranteed to appeal to a diverse audience of all experience levels.

Go to the Summit website for full details of the terrific program, pricing, training workshops, accommodation deals and more.

Posted in B4Crisis | Leave a comment

BCI World Conference, London, 7-8 November 2017

The Business Continuity Institute (BCI) is pleased to open submissions for the 23rd annual business continuity conference in London, 7-8 November 2017, Novotel London West, United Kingdom. (I attended to 2014 BCI World Conference in London to learn and network.)

BCI World is a market leading, international event in business continuity and resilience. The conference attracts delegates from around the world and from a wide range of backgrounds. In 2016, the event was attended by professionals at all stages of careers and included consultants, managers with resilience and BC programmes in early stages of developments through to C-suite attendees with extremely mature programmes which are deeply embedded.

In 2017 we will be especially pleased to hear from you if you have an interesting experience to share whether it is a success story or a cautionary tale!

The BCI are seeking experiences and expertise in the following topics:

Engaging the C-Suite
What the cyber expert thinks you should know
Tales from the trenches – your stories and experiences
Communications under pressure
Human elements of business continuity and resilience
Integrating protective disciplines
The psychology of business continuity and resilience
Terrorism – where next? – Threats and counter-responses
Winning internal commitment to business continuity and resilience
Business continuity for non-specialists
Tools and practicalities – sharing good practices


Posted in B4Crisis | Leave a comment

Selling Business Continuity Management to the C-Suite

Sharing Charlie Maclean-Bristol, Director of Training, UK Business Continuity Training, talking about the importance of senior manager buy-in within business continuity.

In my last job, before PlanB Consulting and Business Continuity Training, I was working for a consultancy in Perth. I worked closely with the organisation’s salesman and we were often on the road together selling business continuity. This salesman had sold everything to everyone and had ‘been around the block’ several times. He always told me that business continuity was the easiest sale he had ever had to make. If business continuity is such an easy sell, why is selling business continuity to senior managers even an issue?

Last week was ‘business continuity awareness week’, and as such we saw a whole series of articles on the business benefits of business continuity (details of the articles can be found by clicking here). Over time, the reasons for carrying out business continuity have included trying to scare senior managers with the personal impact on them if they get their crisis response wrong. Examples of this can be found within articles by Paul Robertson FBCI entitled, ‘Return on investment for crisis management’ or, perhaps, ‘Dear Chairman, how much do you like your job?’

Other reasons can be found within articles such as, ‘Supply chain resilience – The case for understanding the ROI in resilience’, by David Window, which looks at the return on investment in mitigating supply chain risks. Other articles put forward a straightforward business case for the savings which can be made by implementing business continuity. There are also a number of articles highlighting the additional risks that will be identified by implementing business continuity. The organisation will then have the ability to take measures and invest to mitigate them.

Researching the web and doing a simple Google search will provide lots of other advice on selling the benefits of business continuity to senior managers. Fran Howarth, in her article on the March 24, 2016, ‘How to Sell Business Continuity to Your C-Suite’, discusses three ways to sell business continuity.

1. Use the information from your BIA to make senior managers aware of the impact of an incident occurring.
2. Build relationships with key stakeholders by taking time to explain the benefits of business continuity. This will create buy-in by senior managers.
3. Get creative when presenting information including the use of internal case studies so that the business benefits are presented in an appealing way to the C-suite.

I would agree with her on all these points!

If all the business benefits are categorised for business continuity, why are senior managers not convinced? The BSI, in their whitepaper for business, ‘Beyond Recovery – The broader benefits of Business Continuity Management’, put as one of their bullet points in the executive summary:
“It is time for the ‘C-suite’ to wake up to the full range of BCM benefits and the true ROI the discipline offers”.

My own experience is that you cannot persuade people to invest in business continuity if they are not already convinced. By way of an example, I have a good personal friend who is Commercial Director of a large firm close to where I live. Due to the nature of their operations I knew that they really needed business continuity. For years I had tried to persuade my friend to have us in, even to do a gap analysis, to look at their risks but had no luck. About a year ago their board said that they should carry out business continuity, and now we are working with them. Absolutely nothing to do with my persuasion!

I am sure all of us have tried to persuade potential clients or a friend or colleague, of the benefits of business continuity and have had the familiar argument that ‘it would never happen’ or ‘we have x y z in place’ and the conversation goes nowhere. Even if we bring out our best arguments I just think that people who can’t see the benefit of it, cannot in the short term, be persuaded that it is worth doing. Senior managers need to make their own journey and have a change in mindset to be convinced. I think that as business continuity becomes more mainstream, with more and more businesses undertaking it, we will see a growth in the number of senior managers getting on board.

As we know, it is almost impossible to implement business continuity in an organisation, either from the bottom or middle up as you need the buy-in and support of senior managers. If you are not getting the buy-in or they are not persuaded don’t waste your time trying to convince them. It is a wasted effort. Coming back to my salesman, it can be the easiest sale, because when senior managers are convinced they want it, they want it now! So perhaps if you are not getting senior management buy-in, you should move on and find an organisation which appreciates the work you are doing and sees the benefit of implementing it.


Posted in B4Crisis | Leave a comment

Free webinar on business continuity management

To be or not to be in business after a crisis is the title of my forthcoming free webinar on 21 June 2016 with the MILE Madinah Institute.

Business continuity is often mistakenly thought of as a cost to business rather an essential investment in your business’s ‘survivability’. Swiss RE reported in 2015 worldwide losses expected to reach USD$85B with approximately 26,000 deaths and insured losses estimated USD$32B. Some of the big disasters in 2015 included: The earthquake in Nepal in April, which killed more than 8,800 people and damaged or destroyed nearly 900,000 buildings. In August, an explosion in Tianjin (China) rocked the city within 170 dead and global supply chains disrupted. Diseases such as the Zika virus, avian influenza and MERS continue to circulate. Cyber-attacks, terrorism and severe weather increased droughts, flooding, heatwaves and wildfires.

How would your business survive these challenges, if similar events impacted on your operations?
Yes, most businesses have business interruption and other insurances. Check the fine print. You will be alarmed to discover the length of time between an adverse event taking your business offline and payment. What will you do in the interim? This is where business continuity can help you and your business ‘to keep on keeping on’, when your business will likely have negative cash flow and too many unanticipated outgoings.

Other benefits of business continuity management include:
* Competitive advantage.
* Regulatory compliance.
* Brand and reputation protection.
* Risk identification.
* Operational improvements in your ‘business as usual’
* Knowledge capture
* Cost savings and
* Increased robustness and business resilience.

Please join the free webinar on learn more about business continuity management and its advantages for your business.


Posted in B4Crisis | Leave a comment

6 reasons why u should make a business continuity plan

Sharing Rinske Geerlings’ award winning blog. Rinske is an MBCI, the Founder, MD and Principal Consultant at her firm “Business as usual”:

If you’re an SME, you’re busy making money and keeping daily business under control. The last thing you need is another task, creating something that you may never need to use. But there are many immediate benefits and important reasons for creating a business continuity plan (BCP). Here are six that will more than justify the effort of creating one:

1. Stay out of legal trouble

A number of industries require their players to have a BCP, either due to Government regulations or contractual obligations. Typical examples of regulated industries are the financial industry (through the Central Bank Business Continuity standards), certain time-critical Government functions, as well as supply chain driven industries such as the oil and gas sector and the manufacturing industry. This means that if you operate in any of these industries, having a tried and tested BCP is a ‘must’ if you do not want to risk losing your customers and/or your license to operate.

2. Gain competitive advantage and increase your revenue

Having a well developed and tested BCP can mean you get the business instead of a competitor.

Many regulatory standards and commercial agreements now include a ‘third party business continuity’ requirement. This means that an organisation’s critical suppliers need to have a BCP. So even if you’re a catering supplier, a construction company, a transport supplier or a cleaning company, you can be critical to your customers. And they will be keen to review your risk management capability and disaster response options. So be smart and proactively communicate your continuity ability on your website and in your business proposals.

And BCPs are not just valuable to businesses whose customers are other businesses (B2B). Even consumers can be interested in your ability to continue providing products and services ‘no matter what happens’. Imagine you’re operating a small tourism business and entire families join you on your trips. Why not proudly tell them about your alternate guides, drivers, communication tools, emergency health provisions, accommodation options and transport facilities in case any of a disruption. Why not use the existence of your BCP to convince your customers that they (and their kids) are in good hands? This strategy can be applied to numerous sectors, in particular those where health and wellbeing are at stake, such as private hospitals, food suppliers, security providers and utilities.

3. Appeal to investors

Investors are concerned about your business being sustainable and your ability to continue to operate should adverse events occur.

One of the tools you can use to convince investors that you will stay ‘afloat’ in the event of a flood or other disruption, is a properly developed and tested business continuity plan. In fact, the U.S. Securities and Exchange Commission prescribes asking for a BCP by any investment advisers as a compliance requirement (see footnote 22). Hedge Fund investors have been pushing for years for business continuity plans to be in place prior to a fund’s launch.

4. Reduce your insurance premiums and/or get better coverage (or any coverage at all!)

According to a survey amongst brokers and insurers by the British Insurance Brokers Association (BIBA), 61.6% of interviewed insurers and brokers confirmed that companies, by having a BCP, will benefit from getting additional types of insurance, and as a result, comfortably opening new markets. If an SME, for example, is looking to include larger clients in its portfolio, it is required to show strength and seriousness in their management processes to the insurer (e.g. its ability to deliver on any obligations arising from larger contracts), so the insurer will cover them for related risks.

The BIBA survey also shows that 55.7% of the responding insurance firms offer discounts on premiums, if a client has a BCP. Additionally, they pointed out the unacceptable risk of not having a BCP when wanting to access insurance products. In total, 83.3% of the respondents said they would either offer a discount or improvement of the terms of business interruption policies, if companies had a BCP.

5. Be prepared for the big disaster, therefore also for the small disasters

Having detailed plans in place for the ‘big bang’ makes you stronger against the far more regular, minor mishaps of everyday life. Your responsiveness to small incidents will improve exponentially, considering your staff will have a stronger ‘what if’ mindset, making themselves and the company more resilient. Plus, having your contingency procedures kept updated and accessible from one central place (i.e. your BCP), will enable you to get ready quicker in the event of such smaller, regular mishaps without having to hunt around for the relevant response procedure.

6. Fill the gaps left by your insurance policy

Most businesses care about their people and about the future of their business. Not knowing what threats are around the corner (and not knowing in what forms they may present themselves) can be very stressful. Knowing that your insurance policy covers you for some unforeseen circumstances can partially alleviate that stress. But not every risk is insurable!

For example:

Your SME has certain assets, tangible or intangible, that are not covered by any insurance, simply because there are no policies for every single threat or every single asset (for example, your reputation).
Insurance policies often include force majeure clauses, meaning that for certain threats the insurer doesn’t pay.
Long waiting periods and/or ‘no claim’ requirements limit your ability to insure your business from day one,
It takes ages before the approval occurs and/or the physical pay-out hits your bank account.
By having a business continuity plan, arrangements can be made before a disaster hits that would minimise its adverse impact. These arrangements might include having reciprocal arrangement in place with a business who can service your customers while you recover, or who can provide you with the tools and equipment you need. You might also look at ensuring the key information you need to continue your business is accessible in the event of an IT disaster, such as storing a copy of your customer details and order information offsite or ‘in the cloud’.

Setting up and running a business is not easy. After surviving the avalanche of getting licenses, paying for the set-up of equipment, allocating roles and responsibilities, marketing the products/services and establishing systems required to run business functions, SMEs face new challenges, pressures and deadlines every single day.

Even more reason to protect your business and ensure its survival and make sure you didn’t waste all that time, effort and money. Especially if your business is part of a supply chain, or customers can choose between you and your competitors, or if the business is taking off and growing. You need to have a plan. One that will help you even if you don’t experience a disaster.


Posted in B4Crisis | Leave a comment

Influenza Zika Pandemic Everbridge webinar

Everbridge EMEA (marketing Mass Notifications systems) also offers free webinars and white papers including their recent welcome input on Zika and influenza pandemic information and advice on preparations.

The Zika virus, a mosquito-borne virus linked to neurological birth disorders, is becoming a problem worldwide. In fact, the World Health Organization recently announced that the outbreak was a “public health emergency of international concern.” [1] Zika has already spread to “25 countries and territories in Latin America and the Caribbean” and “more than 30 Americans have been diagnosed with Zika after returning from visits to countries with Zika outbreaks.” [1] Source [1]

With Zika dominating the headlines recently, we wanted to take a look back at our previous Influenza and Pandemic Preparedness panel webinar. Our expert panelists brought us through the steps that organization leaders in the public, private, and healthcare sectors are doing to keep their staff, employees, and residents saf
If you’re interested in learning more about the panelists or wish to hear their answers to more questions about pandemic preparedness, you can watch the full webinar here. Source

Please remember The Centers for Disease Control and Prevention (CDC) is a federal agency that conducts and supports health promotion, prevention and preparedness activities in the United States with the goal of improving overall public health. Also the Australian Government Department of Health provides up to date information too at

B4Crisis hopes this information helps you and your organisation to prepare you, your business, community and family for the possibility of Zika virus spreading beyond the current limited number of cases identified in Australia from people returning from affected areas.

Posted in B4Crisis | Leave a comment

Business continuity video

In 2015, I recorded this video with Suzanne Kiraly, Digital Consultant with Cre@tive Know How. We were developing a seminar on resilience, risk and business continuity management with Rod Farrar, Managing Director, trainer & consultant, Paladin Risk Management Services. The seminar and workshops to be held in Canberra didn’t proceed, but the ideas shared about business continuity might still be of interest to some of you.

Posted in B4Crisis | Leave a comment