Top 10 Reasons Not to Have a Business Continuity Plan

Call them what you wish – justifications, rationales, excuses; there are plenty of reasons that organizations large and small fail to create or maintain Business Continuity Plans.  Even having a BC program doesn’t assure that development of Plans across the enterprise gets full cooperation.  Maybe you’ve heard some of these justifications in your own organization:

1.       We don’t have the time

Martin Van Buren, the 8th President of the United States, said “If you don’t have time to do the job right the first time, when will you find time to do it again?”  If you don’t do it at all, you won’t need to do it again, will you?  Problem solved.  Just make sure your resume is up-to-date.

2.       It costs too much to create/maintain

Life insurance is expensive too (and is just as unlikely to ‘pay off’ in the near future) but that doesn’t stop people from buying it.  Why?  Because it’s the right thing to do; the insured will never see a benefit, but they have the peace of mind that their beneficiaries will have some protection.  But if you believe you’ll live forever, there’s no point, right?

3.       Senior Management doesn’t care

Having a “C” in front of their title doesn’t make anyone infallible.  Every business has priorities.  If maximum short-term profit is the primary goal of an organization, there’s little point in swimming upstream against it.  On the other hand, what’s the point of a Chief Risk Officer, if not to mitigate risks?

4.       Nothing has ever happened – and isn’t likely to happen

You don’t have to be a student of statistics to understand that this attitude is simply wrong.  The likelihood of something disrupting your business has no correlation with time.  Just because it hasn’t, doesn’t mean it won’t.

5.       We’ll trade the risk – for the cost savings

If your business horizon is this year (or this quarter) forgoing the cost of building a Business Continuity Plan produces a ‘win’ each time nothing happens.  A disruption somewhere down the line may wipe out all those “savings”, but in the meantime, who doesn’t want to be a winner?

6.       We back up our data so we’re safe

Your data is safe.  Unfortunately, your employees may not be able to get to it, and your customers may not be able to get to you.  That’s only a short term problem.  Those customers will become someone else’s customers pretty quickly.  Problem solved!

7.       Everybody has a laptop; they can work from home if necessary

If every employee can reach your data with only a password, you’re inviting thieves to steal everything of value.  If your Information Security people have assured more secure connectivity, there are additional considerations: Will your network support that much external traffic?  How will employees collaborate?  How long can you sustain work-from-home?

8.       We have disruptions all the time.  We know how to deal with them.  We don’t need a Plan.

How you’ve dealt with all those disruptions–consciously or not – is a Plan.  All you’ve neglected to do is document it.  If the people who normally ‘deal with’ those disruptions aren’t available, wouldn’t it be nice if those thrust into those roles could benefit from all you’ve learned in past disruptions?  But hey, that’s their problem, right?

9.       We hired a consultant to create one.  We update the contacts every year – so we’re prepared.

Whew!  Glad we remembered to update those phone numbers; otherwise we wouldn’t be able to call our employees, vendors and customers to let them know we’re temporarily out of business.

10.   What’s Business Continuity Management?

Never heard the term?  OK, that’s possible.  Never thought about preparedness?  You back up your data (even though it may only be to tape); what are you doing about protecting the rest of your business?  Oh, you have annual fire drills?  Good for you.

These are a few examples of why organizations don’t plan.  There are plenty more.  All seem plausible to the holders of those opinions.  As long as no disruption occurs, those opinions look pretty smart.  But looking smart and being prepared isn’t the same thing.  Ocean liners rarely sink, but they still carry lifejackets for every passenger.  Automobiles seldom crash, but every seat has a seat belt.  Because the stakes are high, the cost of preparedness won’t seem so large when something disrupts day-to-day operations.  And it will.

SHARE:
Jim Mitchell

Jim Mitchell

A frequent speaker at Business Continuity conferences, many of Jim Mitchell’s blogs can be found elsewhere on eBRP’s website and has published articles in DRJ, Continuity Insights and Continuity Central. Jim has more than 20 years of experience in Business Continuity; if you don’t agree with his opinions – he won’t be surprised.

Related Posts

A Toolkit to Build Enterprise Resiliency

A Toolkit to Build Enterprise Resil...

A well-rounded Enterprise Resiliency Toolkit (𝗧𝗼𝗼𝗹𝗸𝗶𝘁) would provide key tools…
Enterprise Resiliency: Navigating Through Disruptions

Enterprise Resiliency: Navigating T...

In today’s threat landscape, the ability of an organization to…
Orchestrating BC/DR Testing: Virtual – Emergency Operations Centers

Orchestrating BC/DR Testing: Virtua...

  Enhancing Planning and Logistics Management  Coordinating BC/DR tests involves…
Insights into creating a successful Disaster Recovery Test – Part 2: Preparation

Insights into creating a successful...

Insights into creating a successful Disaster Recovery exercise – Part 1: Objectives

Insights into creating a successful...

Aligning Cyber Incident Response Planning with Your BC/DR Program

Aligning Cyber Incident Response Pl...

Cyber disruptions – and their impact on both reputations and…
What Can You Do when your BCM software Relationship Falls Apart

What Can You Do when your BCM softw...

“This isn’t working.”  “I’ve changed.”  “I don’t see a future…
Aligning BC/DR to CSIRP Challenges

Aligning BC/DR to CSIRP Challenges

The immediate reaction to a cyber-security incident is the FUD…
Technology Modeling – the eBRP Way

Technology Modeling - the eBRP Way

Definition: Technology modeling is a point-in-time snapshot of an Enterprise’s…
eBIA – The eBRP Way

eBIA - The eBRP Way

Definition: A Business Impact Analysis (BIA) is the cornerstone of…