2017 is done - what do we do differently in 2018?

With 2017 behind us and a new year just begun, we consider which business practices we want to continue and perhaps which need to be done differently.   As ghoulish as it may seem, part of my planning includes learning more about how many disasters happened during the past year, problem trends, and how well businesses are prepared for recovery.
 
In a report from FEMA, I found the number of major disasters declared over the past five years:
 

Year # % change from previous year
  2017     135                  +32%
  2016   102                +29%
  2015   79                 -5%
  2014   84                 -12%
  2013   95  
 
These numbers account for such things as weather disasters, floods, terrorist attacks, and those caused by human actions.  Digging a little deeper, I wondered how many cyber/data breaches happened during 2017, or at least those deemed big enough to be reported.  Here’s the list I found:
 
E-Sports Entertainment Association, Xbox 360 ISO and PSP ISO, InterContinental Hotels Group, Arby’s, River City Media, Verifone, Dun & Bradstreet, Saks Fifth Avenue, UNC Health Care, America’s JobLink, FAFSA: IRS Data Retrieval Tool, Chipotle, Sabre Hospitality Solutions, Gmail, Bronx Lebanon Hospital Center, Brooks Brother, DocuSign, OneLogin, Kmart, University of Oklahoma, Washington State University,  Deep Root Analytics, Blue Cross Blue Shield/Anthem, California Association of Realtors, Verizon, Online Spambot, TalentPen and TigerSwan, Equifax, US Securities and Exchange Commission, SVR Tracking, Deloitte, Sonic, Whole Foods Market, Disqus, Hyatt Hotels, Forever 21, Maine Foster Care, Uber, Imgur, TIO Networks, eBay, Alteryx
 
That’s more than 40 companies - not a good trend.   It also leads to the questions, "Is my business vulnerable?" and  "What can I do about this?"  
 
Here are some quick tips that I gleaned from a recent article from EverBridge:
 
Question your approach
Justification for the effort to define a recovery strategy on what is arguably a rare occurrence is a difficult task.  Rather, look at the need from a value-based perspective for being able to recover, such as:
1.      Regulatory compliance
2.      Competitive advantage
3.      Brand and reputation recognition
4.      Knowledge capture
5.      Increased robustness
 
Benchmark
Find out what others in your industry are doing and from there address the question, “What is right for us?”  Not all companies need sub-second recovery… Some companies really can convert their entire work force to remote workers…   Your solution needs to be tailored to your needs.
 
Work Out
Simply, plans are worthless if you don’t exercise them on a regular basis.  Leading standards on continuity planning refer to having regular exercises that increase in scope and complexity over time.  Of course, “How often?”  is a key question.  Two exercises a year is thought to be a good benchmark for exercises, with one being a tabletop exercise and the other a more in-depth simulation.
 
Some food for thought:  As you continue through your planning process, include your business recoverability and resilience as part of the discussion.  Being prepared for “what if” scenarios is critical for long-term success.  
 
Huber Advisors is here to help with that planning.  We can advise on how to start the process yourself, as well as engaging with your organization to facilitate the creation of strategy and recovery plans.  Call us at 651-429-9991 or e-mail at This email address is being protected from spambots. You need JavaScript enabled to view it.  and we can help you Be Ready for Anything!