The business case in the private sector
The efficacy of business continuity in private enterprises is highly variable. We will now consider why individual companies should have effective Business Continuity Management (BCM) and why they should be part of wider arrangements.
We have already established that BCM involves planning for any potential disruption by identifying potential threats and analysing their impact on operations, products, services, and processes. This should ensure that the business can provide a minimum level of acceptable service or operation in the event of an incident.
Business continuity management supports an organisation in reducing damage and restoring the business after an interruption, therefore minimising economic loss.
This Forbes article titled ‘Why companies need a business continuity plan’ provides a nice summary of why a private sector organisation should consider developing a business continuity plan, with particular reference to the risk posed by cyber-attacks.
Failure to protect your own assets, systems and processes will have a resultant impact on your customers, but there is also an increasing expectation that BCM will protect the community affected by the impact of the incident on the business.
In February 2019, one of Ocado’s (the online supermarket) warehouses caught fire. It took firefighters four days to put out the blaze, which resulted in the temporary evacuation of 100 nearby residents, disruption to customer deliveries and a knock-on impact on sales. See this article from the BBC for more detail.
The failure of a business can have a wider and lasting impact on a community in a physical sense. For example, the collapse of a Tailings dam in Brazil, which killed 169 living near the dam, and in the case of the collapse of Enron (2001) or Northern Rock (2007), which both led to large job losses and affected individual investors.
Increasingly, organisations also need to address the efficacy of their approach when an incident involves common resources such as energy, water, transportation and communications or multiple organisations. As a result, the work of UNISDR and their Global Platform for Disaster Risk Reduction on the role of private sector organisations has highlighted agendas, including the private sector progressively aligning risk reduction efforts and developing business practices, fostering new opportunities for public-private partnerships.
Further encouraging this broader approach within the UK, Business in the Community, a business-led organisation dedicated to responsible business, promotes the view that being a resilient business is part of being a well-functioning and responsible business (Tankard 2018).
Business in the Community defines a responsible business as:
‘One that puts creating a healthy community and a healthy environment at the centre of their long term strategy to achieve long-term financial value.’
Carry out some of your own research and find an example of a company that does not meet the BITC definition of responsible business. Share your findings with your fellow learners and explain your reasoning.
Skroupa, C.R. (2014) Why companies need a business continuity plan. [online] available from https://www.forbes.com/sites/christopherskroupa/2014/08/22/why-companies-need-a-business-continuity-plan/#4ede55b65f15 [07 May 2019]
The BBC (2019) Ocado Warehouse Fire in Andover Finally Out [online] available from https://www.bbc.co.uk/news/uk-england-hampshire-47168430 [07 May 2019]
Tankard, H. (2018) Cyber Attacks Happen to Big Businesses: Would your Business be Ready for a Cyber Attack? [online] available from https://www.bitc.org.uk/media-centre/blogs/cyber-attacks-happen-big-businesses-would-your-business-be-ready-cyber-attack [07 May 2019]
BITC (n.d.) What is Responsible Business [online] available from https://www.bitc.org.uk/what-responsible-business [07 May 2019]
© Coventry University. CC BY-NC 4.0