strategy+business is published by PwC Strategy& LLC.
or, sign in with:
strategy and business
(originally published by Booz & Company)


A Five-Step Business Continuity Plan for CEOs

Straightforward planning makes business continuity less of a mystery and management burden, and more of a strategic priority and opportunity.

Few companies were braced for the terrorist actions of September 11, 2001. Networks housing vital customer and financial data were severed without any secondary systems to take up the slack. Telecommunications connections were silenced. Supply chains were broken by the transportation gridlock. In all, according to Lloyd’s of London, as much as $10 billion in corporate losses from the World Trade Center attack was related directly to business interruption.

“CEOs, under the gun to better control corporate financial activities, will  increasingly be held responsible for risk management. These trends will be the dominant drivers of business continuity programs.”
In some ways, the lack of preparedness was not surprising — after all, the unthinkable occurred that day. But what is remarkable is that the events of September 11 apparently have done little over the past year to heighten many chief executives’ concerns about their company’s business continuity — short-term or long-term — in the face of disruption, let alone disaster. In a Booz Allen Hamilton and Roper ASW survey of Fortune 1000 chief executives conducted two months after last year’s terrorist actions, fewer than half said they were evaluating alternative plans for business continuity to protect against an unexpected break in their distribution channels. Overall, the data suggested that CEOs were generally satisfied with their organization’s ability to respond to security threats, to handle disruptions to their business, and to support their relationships with business partners.

That sentiment is beginning to change. With regulators and insurers pressing ahead with policies forcing companies to take more aggressive action to protect themselves, their customers, their shareholders, and their communities, senior executives are placing renewed emphasis on business continuity planning as well as on building enterprise resilience. Business continuity planning aims to prevent or minimize damage from disruptions in operations. “Enterprise resilience” is Booz Allen Hamilton’s term for the integrated management of a company’s risk exposures wherever they might exist, whether in operations, technology, or even the business model itself.

Raising the Stakes
There are many reasons executives shy away from taking on a comprehensive overhaul of their company’s management of security risks. Some are concerned that it will be too expensive to tackle; others feel it’s too complex and overwhelming to fully understand; and many CEOs think that such an undertaking is nothing more than a technology issue and delegate it to IT departments. Such attitudes prevent companies from looking at the organization as a whole, a mistake because business continuity affects virtually every aspect of a company’s operations.

“Enterprise resilience is Booz Allen Hamilton’s term for the integrated management of a company’s risk exposures, whether in operations, technology, or even the business model itself.”
But the terrorist actions, as well as pervasive cyber attacks, to which companies are always susceptible, have raised the visibility and escalated the discussions of business continuity. And as more examples come to light of companies routinely being threatened by IT systems disruptions or service denials — perhaps because of hackers, poorly designed networks, or the lack of planning to safeguard the most critical elements of the organization — it’s likely that chief executives will begin to view the matter as less of an aberration and pay more attention to it.

Actually, they may have no choice. Increasingly, insurers are beginning to require that companies increase investment in protection against disruptions before they will offer coverage for losses. Regulators overseeing critical industries closely tied to the welfare of the economy and consumers, such as financial services, are taking the same stance. In August, the Board of Governors of the Federal Reserve, the Securities and Exchange Commission, the Office of the Comptroller of the Currency, and the New York State Banking Department issued a joint draft white paper covering ways to strengthen the resilience of the U.S. economic system. This report, which is out for public comment, covers the actions that key banking, brokerage, and consumer finance companies need to take to bolster their ability to resume critical business activities in the event of future wide-scale disruptions. As company boards demand greater accountability from chief executives after the debacles at Enron, WorldCom, Qwest, and others, CEOs, under the gun to better control corporate financial activities, will also increasingly be held responsible for risk management. These trends, we believe, will be the dominant drivers of business continuity programs during the next several years.

Follow Us 
Facebook Twitter LinkedIn Google Plus YouTube RSS strategy+business Digital and Mobile products App Store



  1. “Security Concerns Prominent on CEO Agenda,” by Mark Gerencser and DeAnne Aguirre, s+b enews, 02/12/02. Click here.
  2. “Security and Strategy in the Age of Discontinuity: A Management Framework for the Post-9/11 World,” by Ralph W. Shrader and Mike McConnell, s+b, 1Q 2002; Click here.
  3. “From New Economy to Siege Economy: Globalization, Foreign Policy, and the CEO Agenda,” by Jeffrey E. Garten, s+b, 1Q 2002; Click here.
Sign up to receive s+b newsletters and get a FREE Strategy eBook

You will initially receive up to two newsletters/week. You can unsubscribe from any newsletter by using the link found in each newsletter.