Unsure about implementing a BCMS? Here are a few things you should know

Business continuity is more important than ever. Security incidents are so widespread that it’s impossible to tackle them all, and sooner or later disaster will strike. When that time comes, you’ll need a system to mitigate the damage and ensure that mission-critical functions continue to operate.

Although most organizations are starting to recognize the importance of such measures, some remain apprehensive about implementing a BCMS (business continuity management system). If they’ve never been subject to a cyber attack or other disruption, they might assume that the chances of it happening are slim and that, therefore, a BCMS is an unnecessary expense.

Alternatively, they might overrate their ability to prevent incidents. Senior staff often fall into an ‘all or nothing’ approach to cybersecurity, dedicating most of their resources to prevention. Defenses are certainly important, but no one should rely on them being effective in every instance.

Investing in your future

A BCMS is essentially a form of insurance; you are preparing for a scenario that you hope never occurs. You’ll spend a lot of money and might wonder if it’s worth it, but when disaster strikes (and it will), you’ll not only breathe a huge sigh of relief – you might also have prevented your organization from going out of business.

Ponemon Institute’s 2017 Cost of Data Breach Study: Impact of Business Continuity Management found that, on average, a BCMS helps save organizations $650,000 per incident. This saving is largely because of the speed with which organizations can recover. The report found that a BCMS saves organizations 43 days in identifying a breach, and 35 days in containing it.

The report also quantifies other major benefits of implementing a BCMS. For example, organizations are 8% less likely to suffer future data breaches (31.8% compared to 23.9%). Implementing a BCMS will also mitigate the negative impact of a breach, with reputational damage reported 10% less often.

There is also evidence that the longer you keep your BCMS, the more comprehensive and effective it becomes.

It might sound like a BCMS is a financial black hole, but this overlooks what makes it effective. The additional spending is a result of identifying new areas that a BCMS could help with. For example, an organization might expand the number of threats its system covers or add processes to improve remediation. This means that the more comprehensive it becomes, the more helpful it is and the higher the organization’s return on investment.

Giving customers what they want

If you ask customers and clients what they want most from your organization, few would explicitly say “a BCMS”, but most would rank its benefits (i.e. guaranteed, uninterrupted service) very highly.

By implementing a BCMS, you can tackle this expectation head-on and demonstrate to customers that your organization can continue to operate in the face of major disruption.

Implementing a BCMS in line with the requirements of ISO 22301, the international standard that describes business continuity best practices, brings additional benefits. Certification to the Standard proves that your system is effective, gives you a competitive advantage and helps you comply with the EU General Data Protection Regulation (GDPR) and other laws.

To find out how you can implement an ISO 22301-compliant BCMS, take a look at our free green paper: Business Continuity Management – The nine-step approach. It explains:

  • How to implement a BCMS
  • The issues you need to consider
  • The roles that your employees will play
  • How to measure, monitor and review your BCMS

BCMS Webinar Series