Making the Case for ROI-Enhancing Business Continuity Management Software Capabilities
What happens when business continuity falls out of fashion?
Right now, business continuity is in fashion. Organizations, having performed post-mortems on their COVID response, reason that their preparations were inadequate; that they need to be more proactive in ensuring that mission-critical operations continue to work during unplanned disruptions.
It hasn’t always been like that. For a long time, organizations failed to resource business continuity programs adequately, viewing those programs as pure costs to the business.
And given the historical record, there’s every reason to believe that this thinking will remerge once the present crisis threat recedes.
What then should continuity practitioners do? Simply put, they will have to get comfortable making ROI-based business cases for business continuity management software and other resources.
Where’s the ROI?
This will require some subtlety.
Executives have long failed to prioritize business continuity, because benefits derived from the program tend to be less visible than those from other mission-critical units.
And so, practitioners will have to calculate the estimated cost of business continuity resources subtracted from revenue loss risked from unplanned disruptions.
Executives will press hard on which threats to take seriously, though. Likely to change over time, likely threats are those based on factors such as geography, industry, political and regulatory climate, customer base, etc.
Generic risk indicators are a good place to start. For instance, the most recent Allianz Risk Barometer[i] (2022) amassed a list of the top global risks. They include the following:
- Cyber incidents
- Business interruption, including supply-chain disruption
- Natural catastrophes
- Pandemic outbreak
- Changes in legislation and regulation
- Climate change
- Fire, explosion
- Market developments
- Shortage of skilled workforce
- Macroeconomic developments, e.g., monetary policies, austerity programs, commodity price increase, deflation, inflation
Unplanned cost estimates associated with these threats vary by industry, however. Unplanned cyber interruption in heavy industry, for instance, entails higher machine costs than in education.
Cross-industry estimates, though, can provide reliable data. Practitioners, for their part, can feed some of that data into ROI calculations. For instance:
- Server downtime. The hourly cost of server downtime tops $1 million for 44 per cent of enterprises.[ii]
- Data breach. In 2021, the cost of a data breach was $4.24 million, representing a 10 per cent jump in two years. Lost business (including increased customer turnover, lost revenue due to system downtime and the increasing cost of acquiring new business due to diminished reputation) constituted 38 per cent of the total, or $1.59 million.
- Among other business interruption incidents, Allianz estimates that:
- The average value of a fire/explosion-related insurance claim comes in around $6.7 million.
- The average value of a storm-related insurance claim comes in around $4.4 million.
- The average value of an earthquake-related insurance claim comes in around $1.6 million.
- The average value of a machinery breakdown-related insurance claim comes in around $.62 million
- The average value of a water damage-related insurance claim comes in around $.55 million
The business continuity software capabilities that give you the best bang for your buck
On the investment side, not all business continuity management resources enhance program ROI, especially software platforms that fail to scale with disruptive incidents and back down to business as usual.
Practitioners, therefore, must do their own due diligence to scout out the business continuity management platforms most likely to make their program run effortlessly and best engage stakeholders.
For this task, platform capabilities should work to automate key business continuity management functions. That will make business continuity planning and management easy by applying industry standards drawn from the latest versions of ISO 22301, ISO 22313, and ISO 22317.
And that’s not all. What other software capabilities matter? We suggest the following:
- Business impact analysis. Built-in BIA tools should provide a step-by-step process to identify critical activities, determine maximum periods of disruption, assess the risk and impact of disruptions, collect and document recommendations, and report across the business.
- Find gaps easily. The platform should be able to collect and aggregate data, to highlight any critical activities, processes, assets, and resources lacking recovery strategies as well as untested recovery strategies that put the business at risk.
- Monitor critical dependencies. The platform should be able to identify dependencies between business activities and supporting assets or vendors, to help stakeholders stay informed when an asset is at risk.
- A central location for all plans. BCPs, recovery strategies, and crisis response plans should all be developed, tracked, and reviewed within the platform to ensure optimal coverage.
- Battle-test your recovery strategies. The platform should also support tests and exercises to help response teams refine and improve strategies.
- Activities, process registers, and dependency dashboards. The platform should help practitioners and decision makers get a consolidated view of all business activities, critical dependencies, or the status of BIAs to stay up to date and make better informed decisions.
- Contact, asset, and vendor management. The platform should manage key details of staff, contractors, customers, suppliers, regulators, and external parties. That will help teams keep track of reliant activities and related recovery strategies at-a-glance, to know which ones are potential risks to the business.
- Monitoring dashboards. The platform should display key information where (and when) it’s needed via flexible dashboards, analytics, and reporting that caters to stakeholders.
Finally, business continuity is in vogue now. But executives have long doubted whether they’re getting their money’s worth.
Business continuity practitioners, as such, will have to get comfortable speaking the language of ROI, getting acquainted with how much unplanned disruption will cost the business.
From there, practitioners can make executive-targeted arguments for business continuity software solutions that help their companies get the best bang for their buck by running every aspect of the program effortlessly. For more on the software capabilities that will help your team scale up to any incident and back down to business as usual, download our Buyer’s Guide to Business Continuity Management Software.
[i] Allianz Global Corporate & Specialty: Allianz Risk Barometer 2022. Available at https://www.agcs.allianz.com/content/dam/onemarketing/agcs/agcs/reports/Allianz-Risk-Barometer-2022.pdf.
[ii] Laura DiDio, Tech Channel: The Cost of Enterprise Downtime. Available at https://techchannel.com/IT-Strategy/09/2021/cost-enterprise-downtime.