In 2018, Atlanta, Georgia experienced a ransomware attack that crippled the city government’s computer system. The attack negatively impacted city services such as utilities, as well as court and police records. City workers had to complete paperwork by hand and without the information they needed to ensure the utmost accuracy. By the end of the cyberattack, Atlanta lost more than $17 million, although the ransomware program requested just $52,000 in compensation. Because of outdated software programs and several other IT vulnerabilities, the city did not have a business continuity plan to avert the major crisis.

Around the same time of the Atlanta ransomware attack, a German telecom business demonstrated how a well-thought-out business continuity plan can prevent a significant crisis from causing serious financial damage. When employees of the German telecom business discovered a fire encroaching on one of their facilities, they activated the company’s incident management system to alert other employees and first responders. The quick response to a major crisis resulted from the implementation of a highly effective business continuity plan.

Not every organization faces a cyberattack or a fire that threatens a building. However, few organizations came out of the COVID-19 pandemic unscathed from the financial damage caused by the virus. The pandemic emphasized the need for organizations to create, and when necessary, implement business continuity plans.

What is a Business Continuity Plan?

A business continuity plan describes the processes and procedures an organization should follow in response to a major crisis, whether the crisis is a physical disaster such as a hurricane or a technological disaster such as the cyberattack that shut down Atlanta city services. Organizations of all sizes need to create a business continuity plan for responding to a significant disruption that places a tremendous burden on operations.

The pandemic underscored the importance of preparing for the unpredictable by establishing backup systems, implementing remote work strategies, and identifying crucial business functions. Each business faces different risk levels from different threats, but the most common types of business disruptions come from health, cybersecurity, and natural disaster crises.

How Does Your Organization Establish a Resilient Business Continuity Plan?

Establishing a business continuity plan is all about preparing your organization for the worst-case scenarios after a major crisis hits. A business continuity plan represents a critical component of running a successful organization if it includes the following actions.

Set Objectives

Despite the publicity given to cybersecurity attacks like the one that negatively impacted Atlanta, a business continuity plan should cover every department of your organization. This means identifying the objectives of all business functions, such as operations, marketing, accounting, and human resources. The primary goal is to minimize the disruptions caused by a major crisis. Each department should identify the objectives that apply to their unique needs.

Target Essential Business Functions

One of the most important reasons for establishing a resilient business continuity plan involves determining how to provide certain services during an emergency. For example, how should your business respond to a severe product shortage? Although the negative health consequences dominated the pandemic discussions, other issues arose such as acute product shortages caused by supply chain disruptions. When a disaster adversely impacts your organization, does it have sufficient inventory to ride out a prolonged supply chain disruption?

Create an Emergency Response Team

Responding to a major crisis such as a pandemic requires the leadership of the most experienced managers of your organization. An emergency management team takes over control of the decision-making process for your organization after a major crisis hits. Designate one of the experienced managers as the leader of the emergency response team to ensure making quick decisions that lead to minimizing the impact of a business disruption.

Complete a Risk Assessment

When confronted with a major crisis, your organization must prioritize the most damaging threats to business operations. Your organization determines what happens if it has to reduce, alter, or eliminate certain essential functions. One of the most effective types of risk assessments is called a Business Impact Analysis (BIA), which is a tool that helps predict the negative consequences of disruptions to the most important business functions and services.

Implement a Communications Plan

Due to the crippling impact of the City of Atlanta ransomware attack, employees did not learn of the attack for several hours or even a couple of days after it happened. The city did not have a communications plan created to spread the word about the ransomware attack. Your organization should create a communications plan that informs your team members about a major crisis. Develop a strategy to access the company website and social media accounts, as well as implement a communications plan that includes sending text messages.

The Bottom Line

Be Prepared.

Murphy’s Law states that “Anything that can go wrong, will go wrong.” Your organization needs to adopt another law that states “When a major crisis hits, we know how to respond.” Creating a business continuity plan that addresses the negative impact of a major disaster helps your organization respond promptly to the worst-case scenario. Even if you have a resilient business continuity plan in place, ensure your organization can recover from a major disaster by purchasing enough insurance.