Few companies were braced for the terrorist actions of September 11, 2001. Networks housing vital customer and financial data were severed without any secondary systems to take up the slack. Telecommunications connections were silenced. Supply chains were broken by the transportation gridlock. In all, according to Lloyd’s of London, as much as $10 billion in corporate losses from the World Trade Center attack was related directly to business interruption.
|“CEOs, under the gun to better control corporate financial activities, will increasingly be held responsible for risk management. These trends will be the dominant drivers of business continuity programs.”|
That sentiment is beginning to change. With regulators and insurers pressing ahead with policies forcing companies to take more aggressive action to protect themselves, their customers, their shareholders, and their communities, senior executives are placing renewed emphasis on business continuity planning as well as on building enterprise resilience. Business continuity planning aims to prevent or minimize damage from disruptions in operations. “Enterprise resilience” is Booz Allen Hamilton’s term for the integrated management of a company’s risk exposures wherever they might exist, whether in operations, technology, or even the business model itself.
Raising the Stakes
There are many reasons executives shy away from taking on a comprehensive overhaul of their company’s management of security risks. Some are concerned that it will be too expensive to tackle; others feel it’s too complex and overwhelming to fully understand; and many CEOs think that such an undertaking is nothing more than a technology issue and delegate it to IT departments. Such attitudes prevent companies from looking at the organization as a whole, a mistake because business continuity affects virtually every aspect of a company’s operations.
|“Enterprise resilience is Booz Allen Hamilton’s term for the integrated management of a company’s risk exposures, whether in operations, technology, or even the business model itself.”|
Actually, they may have no choice. Increasingly, insurers are beginning to require that companies increase investment in protection against disruptions before they will offer coverage for losses. Regulators overseeing critical industries closely tied to the welfare of the economy and consumers, such as financial services, are taking the same stance. In August, the Board of Governors of the Federal Reserve, the Securities and Exchange Commission, the Office of the Comptroller of the Currency, and the New York State Banking Department issued a joint draft white paper covering ways to strengthen the resilience of the U.S. economic system. This report, which is out for public comment, covers the actions that key banking, brokerage, and consumer finance companies need to take to bolster their ability to resume critical business activities in the event of future wide-scale disruptions. As company boards demand greater accountability from chief executives after the debacles at Enron, WorldCom, Qwest, and others, CEOs, under the gun to better control corporate financial activities, will also increasingly be held responsible for risk management. These trends, we believe, will be the dominant drivers of business continuity programs during the next several years.