As the business continuity profession enters its 40th year, it is good to reflect a bit on the past — yet much more important to look forward into the future.
A 2023 report from the Business Continuity Institute, “Evolution of the Resilience Profession over the Next Five Years,” provides a look into the BC profession from several views. The report also addresses technology disaster recovery and resilience.
This article will examine some of the business continuity trends addressed in the report as well as several others. Below, IT pros will find guidance on how to prepare for these trends and how organizations must evolve in the coming years.
1. Remote work entering hybrid phase
In 2020, spurred on by the COVID-19 pandemic, many employees began working at home or in alternate offices to minimize their chances of getting the virus. Advances in technology, such as VPNs, made it relatively easy to link into a corporate infrastructure to perform previous duties.
The trend today is to encourage remote workers to return to the office. In the future, the emerging hybrid balance between office and remote is likely to continue. More importantly, experience from COVID-19 demonstrates that organizations can increase their continuity and resilience after a disruptive event through remote working.
2. Supply chain disruptions
Once again, the COVID-19 experience demonstrated how important supply chains are to an organization. It also showed how fragile those chains can be, which is why supply chain continuity has become a significant concern at senior management and board levels. Protection of supply chains starts with defining them and identifying potential points of failure or disruption. Organizations must also work with suppliers to establish policies and procedures to recover disrupted supply chains and to identify alternate chains if a primary chain is seriously damaged.
3. Impact of climate change
Despite what various pundits might say, the global climate is changing, and these changes have an effect on business continuity. Severe weather in the western U.S., for example, has caused flooding, mudslides and wildfires. Once such events start, it is difficult to stop them. The key for the future is to establish alternate venues for work, and remote working is a basic component of that strategy.
While making a physical move to a safer location is certainly a strategy, the costs can prohibit such a decision. As long as the internet is available, along with wireless communications, the impact of weather-related events can be mitigated once the people issues have been addressed.
4. Disruptions to critical infrastructures
Recent vandalism to electric substations demonstrates the fragility of the U.S.’s critical infrastructure. Reports of damaged water mains that are 100-plus years old are frequently in the news. Despite the acknowledgement from many sources that the nation’s infrastructure is seriously at risk, efforts to strengthen those resources must increase in the coming years.
5. Outsourcing business continuity training
As more people discover the BC profession, there is an increased need for relevant training. Professional accreditations are often the first path to a career in BC, and these are likely to continue. Academic education in the profession has evolved slowly and must increase in the coming years to ensure a steady supply of trained professionals.
6. Ransomware defense
Often seen as another silo in the corporate ecosystem due to the severity of the attacks, ransomware prevention and mitigation are now board-level concerns. Many resources are available, both on-site and cloud-based, to prevent ransomware attacks, as well as the many other types of cyber attacks. Existing silos for BC and cybersecurity must come down, and the two disciplines must collaborate more to protect and recover data.
BC in its early days was more hands-on, with Excel being a popular way to implement various BC activities, such as risk assessments and business impact analyses (BIA). Over the past 20-plus years, advances in technology — especially cloud-based as-a-service systems — have greatly automated the BC process. Owing to the complex nature of activities such as BIAs, technology does indeed make a difference and is likely to be embraced by more organizations in the coming years. Cloud-based business continuity-as-a-service offerings are likely to gain in popularity.
8. Increasing agility with new tools
The ability to respond quickly to a variety of disruptive incidents is a key result of agility in BC. As business continuity software becomes more sophisticated, and increasingly uses AI and machine learning, users can increase their agility when dealing with a variety of scenarios. In fact, scenario-based testing is an important business continuity trend that builds on an Agile technology framework.
A growing number of BC systems today use AI elements. Imagine taking historical data on hundreds of disasters, identifying what worked and what didn’t, and then using that data to form a strategy with policies and procedures that builds on the expertise of many events. This is one example of how AI can be used to build better BC and DR plans, and ultimately increase an organization’s resilience.
9. Organizational resilience
Resilience builds on the work established through business continuity and disaster recovery (BCDR) initiatives. It takes these elements and identifies ways to make the organization more adaptable to disruptive scenarios. Further, resilience creates organizations that can quickly reshape and refocus their operations in the aftermath of an event. The goal is to make the entire organization even better equipped to deal with future events.
10. Increased strategic role in organizations
BCDR and resilience are rarely board-level activities. It took the COVID-19 pandemic to underscore the importance of these disciplines. But now, with less focus on pandemic-related activities — with perhaps the exception of in-office versus remote work — BC must not return to its former place as a minor activity. Smart business leaders will recognize the strategic importance of BC and ensure it has an ongoing role in the organization’s success and its reputation.
Sometimes an organization has a chief continuity officer or chief resilience officer, but these are rare exceptions. BC has traditionally been part of IT and many other corporate departments. In the coming years, business continuity and its related disciplines must have a seat at the board and not as a guest.
11. Third-party BC vendors
Third-party organizations, such as software companies, consultancy firms and cloud-based services, are likely to increase in acceptance by organizations of all sizes. BC-as-a-service offerings help an organization up its game with regard to BCDR and resilience. With proper due diligence, users can deploy BC tools — along with DR, data backup and recovery — quickly and cost-effectively. Another important action is to find out the responsibilities of the third party versus what the customer must do, especially in a disruptive event. A thorough service-level agreement is a mandatory requirement.
12. Breaking down silos
This business continuity trend is perhaps one of the most important long-term strategies. Properly done, eliminating silos among various activities can help foster collaboration, cooperation and information sharing, each of which is essential for an organization’s survival.
“Evolution of the Resilience Profession over the Next Five Years” can be viewed here.