Business Continuity Planning - There's a science to it

Apr 15, 2020

Imagining the worst

If Covid-19 has taught us one thing, its to expect the unexpected.

The problem with 'expect the unexpected' is that it's a bit of a cliché. We know that the unexpected is something we probably should expect – just in case it happens. Expecting it sounds like the wise thing to do. We should be on the lookout for it in the off chance it was to eventuate. Just in case.

The thing is that most of us tend to understand ‘unexpected’ to mean ‘unlikely’, ‘improbable’, ‘anomalous’, almost ‘doomsday theory worthy’. Why get too hung-up on the unexpected? Why invest too much time and resource into planning for it?

To most of us, the ‘unexpected’ is also ‘unknown’. It’s hard to picture; hard to imagine. And the very idea of imagining it can run counter to our nature. Most of us don’t like to imagine a worst-case scenario; to envisage a catastrophe. It’s unpalatable, unnerving, dystopian. And most of us are just not very good at it. Gaining currency in the wake of the 9/11 attacks on the US, ‘failure of imagination’ describes an inability to imagine the possibility of a low-probability outlier event occurring. The 9/11 Commission stated, “the most important failure [concerning the attacks] was one of imagination – a failure to envisage what worst-case scenarios might look like and to plan accordingly. Expecting the unexpected has thus tended to be held up as a great principle, but at the same time it’s tended to result in some pretty average Business Continuity Planning. Organisations the world over have tended to pay lip-service to BCPs. The tick-a-box approach has resulted in Business Continuity Plans designed to do not much more than survive the first six-monthly desk exercise and then gather dust in a filing cabinet. Expecting the unexpected – really expecting the unexpected – means planning for it… really planning for it. It means designing a BCP that can be picked up and run with in the off chance that it actually needed to be used. BAU is dead Business-as-usual is our comfort zone. It is our happy place. It is what we tend to plan for. It is what we expect. Unfortunately, it no longer exists. At least not as it did. We operate within a post-BAU world.

Pandemic, climate change, cyber threats, biosecurity scares, fake news, regulatory uncertainty and lone wolf terror… there is no such thing as ‘business as usual’, and the ability to anticipate, react and adapt, to triumph over events or situations that could affect your organisation’s success, should be a key part of your strategy. Business Continuity Planning is the process of creating systems of prevention and recovery in the case of the ‘unexpected’. Optic Security Group is a market leader

in security, threat detection and risk mitigation planning, incident response and resilience. Working with your internal teams and suppliers or partners, we can work with you to build up a view of your critical operations and help you formulate a business continuity plan so that your organisation is prepared for worst case scenario. We follow an Enterprise Security Risk Management (ESRM) approach, which seeks to understand your organisation and your business goals, how you value your assets, and what you need in order to succeed when BAU falls out from under you – when the world your organisation faces is one that you couldn’t have expected. If you’d like to know more about how we can help your business continuity planning, DM me via LinkedIn or email me at jason.cherrington@opticsecuritygroup.com, and take a look at our Business Continuity Planning brochure. Stay safe,

Jason Cherrington, Group CEO, Optic Security Group