Companies rely on BCM, but still too few on supporting tools
Preparing for emergency situations is vital for a company's survival in light of current challenges such as supply chain problems, power shortages or the threat of cyber attacks. Do companies use business continuity management (BCM) for preparedness and if so, how? The results of the survey conducted by Swiss Infosec AG and its sister company Swiss GRC fortunately show that BCM has arrived in companies. However, one value is surprising: only just 23% of the survey participants have BCM supported by tools.
The list of risks that seriously threaten the existence of a company in extreme cases is long. To prepare a company for the worst case scenario, the establishment and operation of a business continuity management is the first choice. A BCM ensures that critical business processes and key functions remain available in emergency situations or are available again in time, i.e. before the damage becomes unacceptable.
Identified sensitive business processes and known dependencies
The survey, in which 118 companies from a wide range of industries participated, delivers encouraging results. In particular, when it comes to identifying the most sensitive business processes (87% of the companies have identified them) or ensuring that companies are aware of the most significant dependencies on third parties, e.g. suppliers (91% of the companies are aware of them), the companies are very risk-aware. 77% of the companies have also specifically drawn up plans to be able to respond to the occurrence of risks in a prepared manner. This is seen as a strong sign by the BCM specialists at Swiss Infosec AG and shows that the benefits of the BCM management discipline and its necessity have been recognized.
Risk management and business continuity management move closer together
The actual risk management performs valuable (preliminary) work for the establishment and operation of a BCM. It identifies and names risks and estimates the probability of occurrence and the extent of damage. Based on these findings, emergency plans can be drawn up more efficiently and adapted more easily in the event of changed or new risks. Almost 70% of the companies consciously exploit the proximity between risk management and BCM and have risk management and BCM work closely together to control identified risks.
And what about employee awareness of BCM?
Developing emergency plans is one thing. However, it is important that employees actually know the emergency procedures in order to act correctly in emergency situations. In the survey, at least 2/3 of the companies state that their employees are aware of the emergency procedures, 20% deny this and 14% are not sure. This is where BCM specialist Reinhard Obermüller from Swiss Infosec AG sees potential for optimization: "Behavior in emergency situations must be practiced and addressed again and again. Especially when new employees join the team. Emergency plans are of little use in a drawer."
Use of BCM tools still expandable
Business continuity management tools provide organizations with a comprehensive platform to develop, implement and manage their BCM strategies. However, only just 23% of organizations are taking advantage of BCM software solutions. Besfort Kuqi, CEO of Swiss GRC AG, is not surprised, given his experience in the GRC environment: "It is unfortunate that many organizations are not taking advantage of GRC tools to improve their risk management and BCM. Particularly in times of heightened uncertainty, it is critical for organizations to maintain a comprehensive, consistent, and up-to-date view of their risks and opportunities and use this as a basis to strengthen their resilience capabilities. Those who have worked consistently with GRC tools know the added value and the many benefits."
Source: Swiss Infosec
