Fall World 2016

Conference & Exhibit

Attend The #1 BC/DR Event!

Spring Journal

Volume 29, Issue 2

Full Contents Now Available!

Jon Seals

The Business Continuity Institute - Jun 20, 2016 10:23 BST

There has never been a more fascinating debate than that of the United Kingdom’s potential exit from the European Union, but what impact does this have on business continuity and the business community within the UK?

A lot of business continuity professionals compensate for the tangible disruptive events but how many have prepared for such an intangible event as the UK leaving the EU. If ever an event has highlighted the importance of business continuity within the Boardroom, then this is it.

In the ongoing programme of business continuity planning, business continuity professionals will recognise the significance of Brexit while conducting a strategic business impact analysis. The acronym PESTELO analyses the external factors which highlights the weaknesses and threats for an organisation under the political, economic, social, technological, environmental, legal and organizational components.

Brexit maximises the utilisation of PESTELO. It will define your organization’s beta Factor and how well prepared your organization is for this potential exit. It is the responsibility of the business continuity professional to reduce this beta factor by identifying the risks to critical processes and minimising the impact an exit will have.

Numerous political leaders within the EU and further afield have highlighted their scepticism and the potential pitfalls of the UK’s withdrawal. However the debate within UK industry and the discipline of business continuity is inextricably linked because the continuance of a business or industry may be dependent upon this result.

The UK fishing industry has suffered with EU regulation and might be more pleased with the exit. The threat of London being removed as the financial centre of Europe to Paris, Frankfurt or Dublin has been commonly discussed. The threat of global terror has reached unsurpassed levels. MI5 officers have publicly stated that it would make better sense if Britain remained in the EU. A dilution of coordinated efforts undermines the effect of intelligence. On the other hand, some experts within MI6 say that a departure would improve the nation’s security. The two leading security agencies with differing views probably sums up this conundrum.

Numerous economists have suggested that Britain is putting monetarily more into the EU than it is getting back. This may be the quantitative position but from a qualitative point of view the total return on its investment have economists’ opinions varying greatly. For example, the EU aggregation of bulk power has negotiated tariff agreements with China and the USA, so how would the UK fair as a standalone entity? The fact is that if the UK does decide to exit no one knows what the implications are and the debate will continue right up until the final hour. The UK’s debate surrounding the exit is maybe better positioned not necessarily as a risk but as an uncertainty. The critique of scenario analysis (or in the case of Brexit maybe better referred to as ‘alternative worlds’) will allow pessimistic, optimistic and likely outcomes however due to this uncertainty simulation analysis maybe better utilised in this example as numerous variables could be the determining factor in an organisations success or failure.

For business continuity professionals the systemic risk posed by Brexit means that each organization within the UK faces this uncertainty as well as its own unsystemic challenges. If you are an importing business, you are already feeling the loss in the drop of the pound. The multi-disciplined business continuity professional should be advocating to diversify their organization’s portfolio by aligning their thoughts with their procurement departments to maybe look for indigenous suppliers or alternative vehicles for obtaining these goods and services.

If you are an exporting business your pound has become more highly valuable. The business continuity professional should be advocating the maximax policy.

If the UK decides to remain within the EU our public services could be under further scrutiny with more countries joining the EU. The business continuity professional has to deal with the current status quo and possibly this immigration influx. Can our public services deal with this continuing growth?

The business continuity professional is now compelled to horizon scan not only the tangible factors but also the potential black swans such as Brexit in the future.

Whatever the UK decides to do, the business continuity professional will be facing challenges.

Padraig McGoldrick AMBCI is the Vice President of Corporate Services for First Derivatives

The Business Continuity Institute - Jun 17, 2016 17:13 BST


Small businesses are unfairly carrying the cost of cyber crime in an increasingly vulnerable digital economy, according to a new report by the Federation of Small Businesses, with firms collectively attacked seven million times per year, costing the UK economy an estimated £5.26 billion.

Cyber Resilience: How to protect small firms in the digital economy notes that, despite the vast majority of small firms (93%) taking steps to protect their business from digital threats, two thirds (66%) have been a victim of cyber crime in the last two years. Over that period, those affected have been victims on four occasions on average, costing each business almost £3000 in total. 

Almost all (99%) of the UK’s 5.4 million small firms rate the internet as being highly important to their business, with two in three (66%) offering, or planning to offer, goods and services online. Without intervention, the growing sophistication of cyber attacks could stifle small business growth and in the worst cases close them down.

Mike Cherry, FSB National Chairman, said: “The digital economy is vital to small businesses - presenting a huge opportunity to reach new markets and customers - but these benefits are matched by the risk of opportunities for criminals to attack businesses. Small firms take their cyber security responsibility very seriously but often they are the least able to bear the cost of doing so. Smaller businesses have limited resources, time and expertise to deal with ever-evolving and increasing digital attacks.”

The Business Continuity Institute’s latest Horizon Scan Report showed that small businesses are no different to larger organizations when it comes to determining the greatest threat they face – in both cases it was cyber attack and data breach.

The FSB report also found room for small firms to improve security. Currently just a quarter of smaller businesses (24%) have a strict password policy, 4% have a written plan of what to do if attacked online, and just 2% have a recognised security standard such as ISO27001 or the Government’s Cyber Essentials scheme.


Sorry to be the bearer of bad news but, no, cloud computing is not going to cure the common cold.

By any measure, the cloud has proved to be a boon for enterprise productivity and efficiency. By the end of the decade, Gartner estimates, it will be as rare to find corporate "no-cloud" policies as it is to encounter "no-Internet" policies today.

While this is a disruptive technology, the understandable excitement surrounding all things cloud has also fostered no small amount of hype.

It’s not the cloud that’s at fault here. While cloud computing justifies its reputation as a game changer, problems invariably will to crop up when companies don’t understand--or fail to have a realistic appreciation of--what cloud computing can and cannot do for them. The blunt fact is that the cloud can’t resolve all of a company’s IT problems; if that’s not made clear from the start, then prepare to hear about it from disgruntled customers suffering from buyer’s remorse. When reality sets in, clients are going to blame someone for selling them a false bill of goods, so make sure that it isn’t you!



The tech world evolves quickly. This shouldn’t be news to anyone who remembers when a 56k modem or a phone that let you play Snake was the cutting edge, but even if you’re the most up-to-date, tech-savvy person, it can be exhausting keeping up.

In today’s data-driven environment, it seems that there are new jargon and buzzwords cropping up all the time, that can leave many people confused. However, with almost every firm set to be reliant on IT and data some some degree, it’s vital that they understand what the key terms and trends are.

So here, in no particular order, are ten of the biggest buzzwords flying around the tech sector at the moment that you need to know about.



Organizations both large and small need to have business continuity plans in place to manage unexpected business disruptions. Whether these events are triggered by severe weather, civil unrest, product failure or any of a myriad of other factors, the time to figure out how to manage an incident is not when that incident occurs.

Getting Started – The Right Leadership Model

Typically, a Business Continuity Manager is identified to lead the planning and preparedness process, and one of that person’s first responsibilities is to assemble the right team and governance structure. For Business Continuity Management (BCM) to be effective, it is essential that the effort receives organization-wide visibility and senior management support. Studies have shown that BCM programs with executive sponsor and senior management advisory boards or steering committees in place are significantly more successful at meeting their recovery time objectives than those with less senior management support.



The sad truth, which was driven home again last week in Orlando, is that disasters happen with a fair amount of regularity. Whether manmade or natural, they have many things in common. One of the most important is that limiting human and business damage depends upon the quality of communications as the situation unfolds.

Two overlapping concerns are the need to have a robust communications infrastructure and a solid plan on how communications will be conducted. Earlier this month, the firm RockDove Solutions looked at the role of mobility in a crisis communications plan. The post said that more than half of companies – 55 percent – use emergency communications software. How to incorporate mobility into the plan, of course, is based on many unique elements. The crux of the piece is simply to get beyond the era of three-ringed binders. A secondary point is that mobile apps are a vital tool.

There is an important footnote in any discussion of emergency communications and mobility: Mobile networks often go down during emergencies. This problem may be receding as networks become more robust and the telecom industry and regulators come to grips with its pivotal role in such situations. Still, total reliance on the cellular network, however, still is not a good idea.



By now I’m sure you have heard the news that the Democratic National Committee (DNC) was hacked and files filled with dirt about Donald Trump were stolen. A Russian hacker has taken credit for the breach, and the files were leaked.

There are a couple of possibilities on how the hackers gained entry to the DNC network, according to Wired. One of the two groups allegedly involved in the hack prefers to use spearphishing campaigns, while the other tends to use spoofed websites to steal credentials.

I decided to write about this particular breach because I see it as a warning to businesses and organizations. The breach shows just how easy it is to fool users into making a mistake (clearly, someone didn’t verify the authenticity of a link before clicking on it), how easy it is for hackers to linger inside your system until they gather the information they want, and then when they have it, how easy it is to manipulate the information. As Eric Lundbohm, CMO with iSheriff, said to me in an email comment:



Friday, 17 June 2016 00:00

What Does A Cyberattack Really Cost?

The current market value put on the business impact of a cyberattack is grossly underestimated, according to a new report from Deloitte Advisory.

It finds that the direct costs commonly associated with data breaches, such as regulatory fines, breach notification and protection costs, and public relations costs account for less than 5 percent of the total business impact.

But the effects of a cyberattack can be even more far-reaching and last for years, resulting in a wide range of hidden or intangible costs related to loss of intellectual property, operational disruption, increase in insurance premiums, and devaluation of trade name.



These days, enterprise software implementation statistics are low. If a program does not have a passionate leader to champion the project and sell it to others, the chances of success start to decline. Forrester, an independent global technology and market research company, reports almost half of CRM rollouts fail—a dismal 49%. In addition, less than 12% of companies ever reach 75% adoption by target users—which means less than three-quarters of employees are actually using the software. Even in light of these murky statistics, at MissionMode, we know it is possible to be successful and have a positive experience that is better than the industry norm when implementing your Incident Management System IMS.

Understand How to Effectively Use IMS

Although IMS were initially adopted by public sector organizations, today they are used across a wide variety of industries, including private and not-for-profit organizations. These organizations are using IMS for many different types of events, all dependent upon their specific needs. MissionMode works side by side with clients bringing industry-specific knowledge to each deployment that addresses the unique applications that exist by sector. Browse the sectors listed below to better understand the many ways MissionMode Situation Center Suite can support your industry:



Recent federal government policy is targeting data centers that are consuming too much power, and seeking to block agencies from allocating money to new or expanding federal data centers, without approval from the Federal CIO himself. This new mandate, in development for several years, basically leaves no other option for federal agencies but to “go green.”

Here is a bit of background to help make sense of these new policies:

  • In 2010, the Office of Management and Budget (OMB) launched the Federal Data Center Consolidation Initiative (FDCCI) to promote the use of Green IT by reducing the overall energy and real estate footprint of government data centers, reducing the cost of data center hardware, software and operations.
  • In December 2014, the President, by signing into law the Federal Information Technology Acquisition Reform Act (FITARA), enacted and built upon the requirements of the FDCCI. FITARA requires agencies to submit annual reports to include: comprehensive data center inventories; multi-year strategies to consolidate and optimize data centers; performance metrics and a timeline for agency activities; and yearly calculations of investment and cost savings.

FITARA also requires the Administrator of the Office of E-Government and Information Technology, now the Office of the Federal Chief Information Officer (OFCIO), to provide public updates on cumulative cost-savings and optimization improvements, review agency data center inventories, and implement data center management strategies. This government framework helps achieve FITARA’s optimization requirements.