Corporations and other large organizations are sitting on more data than ever before, and their lines of business are more reliant on it than at any point in history. And if the last decade has taught c-suites anything, it’s the negative impact data loss or theft can have on an organization. Preventing it must play a role in business-continuity preparation.
For too long, though, the plans that business-continuity professionals develop have been developed in silos, by individuals who are often overly constrained by the organizations that employ them. They are limited to designing simple IT recovery checklists for use in disasters, and then trying to oversee them when trouble strikes.
The day of the scripted scenario-based disaster response is over. Business continuity isn’t a plan—it’s a way of organizing. It’s a way of thinking.
Today’s business-continuity professional needs authority and organizational buy-in like never before. She needs to stop developing standalone plans and start developing a holistic, company-wide portfolio. She obviously needs to be plugged into corporate networks and data, but she also needs the freedom to build cross-functional teams across IT, operations, internal and external communications, the xCom, and more.
For that to happen, senior management needs to stop thinking of business continuity as a role, and start thinking of it as a foundational business concept, like profit-and-loss. Just as every department employs someone with some level of financial responsibility, every department should have someone who wakes up everyday thinking about what to do if critical assets and resources are lost.
Does that mean data-reliant companies need a chief continuity officer? Maybe, depending on how complex their corporate structures already are. It might be enough for them to pair their top risk managers with business-continuity leaders who not only see the big picture from a data-and-networking standpoint, but who have the authority to execute an all-hands solution when—and not if—the time comes.
Finally, corporate leaders should stop focusing solely on the cost of data theft or loss, and start considering the concrete benefits that come with a reputation for ironclad reliability. In this day and age, there is an undeniable marketing benefit in the swift containment of digital loss or intrusion. Risk professionals need to understand that if they’re pitching the boss on making a significant business-continuity investment.