Business must plan for the worst and hope for the best

Business must plan for the worst and hope for the best 

By Jo Valentine Chief Executive London First (supported by the Continuity Forum)

The terrorist attacks of September 11th should have been a wake call for the business community in Britain and across the world. However, nearly four years on, national surveys show nearly 49% of all UK businesses lack plans to keep the wheels turning if the unthinkable happens. Astonishingly, that number has only improved by 5% since the 9/11 attacks. Where there are plans – mostly among the larger and more regulated businesses – one fifth have never been tested.

Why has business been so slow to get its act together?

We watched as the 9/11 attacks unfurled, we watched the Madrid Bombings, we watched, as there were targeted attacks on business overseas. But an attitude of “it could never happen to us” permeated the wider business community.

If nothing else good comes out of the tragic July attacks in London, perhaps at least they will dispel some of this complacency. After the first wave of attacks on July 7th, the heads of business found themselves doing role calls, realising they did not have correct contact details or effective cascade communications systems in place. With mobile networks down and intermittent land line access, many relied on television and radio to keep up to date with developments. It brought home the critical importance of having straightforward and simple continuity plans in place – something that all staff can understand.

This is not to detract form many of those organisations that are well prepared. But they are often highly regulated larger companies or those with strong international links. Particularly well prepared are what the Civil Contingencies Act terms “category 1 and 2 responders”, including emergency services, local authorities, utility companies, railways, airports and the Health and Safety Executive. Many such organisations also reaped the rewards of developing their IT contingency plans in response to the “millennium Bug” concerns in the late 90’s.

At the risk of hectoring, it is vital to stress that preparation really could mean survival. Those organisations that have prepared and exercised responses to disruptive incidents, such as terrorist attacks – although it is much more likely to be flooding or IT failures - are far more likely to survive.

The value of planning can be measured in lives saved and suffering minimised. It can also be felt that in the quiet collective resolve that has been growing across London in the past two weeks. A controlled response to random acts has given people the confidence not to give in to fear and to calmly go about their lives. The focus after these events should be on the individuals involved – that must always be the case. But every business throughout the world should also consider how it would cope if something like this happens at its front door.

Of course disasters cannot be prevented. We do not choose when or where they strike either. The impact is immediate. Best-laid plans go out the window and the aftermath threatens to wipe out years of hard work. That does not mean, however, that disaster must be followed by a desperate fight for commercial survival. Starting to make a business more resilient costs nothing. Its about asking the “what if” questions. What profits become losses in an unpredictable few seconds? What if the cash lifeline is cut and tomorrows growth is gone? In short, what is the worst thing that could happen and how likely is it?

The biggest challenge is for all small and medium enterprises – which in the UK employs half the workforce. They are the least equipped to shrug off the incident because of their size. While there are many factors that prevent planning in smaller businesses (not least, the availability of time), the main issues are poor understanding of the potential impact and, crucially, a lack of clear and simple information. Many businesses simply do not know where to start. This must now be a priority a priority for government and supporting agencies.

For those companies that have laid continuity plans, danger is complacency. A plan does not remove risk. It just provides the opportunity to manage it. Without training and testing, weak and unworkable contingencies can break a business as surely as having no plan at all. All businesses, no matter where they are located, must take action now.

Jo Valentine – Chief Executive – London First
Published  25th July 2005
Produced in association with the Continuity Forum.
*Research from the 2005 Business Continuity Survey, Continuity Forum, CMI and Veritas Software.

END
______________

If you have any comments on this article or would like to find out more about the work of the Continuity Forum please contact Sara McKenna or Russell Price at the Continuity Forum directly on 020 8993 1599 orinfo@continuityforum.org