Turbotodd

Ruminations on tech, the digital media, and some golf thrown in for good measure.

Posts Tagged ‘disaster recovery

Managing & Mitigating Risk: The 2011 IBM Global Business Risk & Resilience Survey

with one comment

Once again, IBM has published a global business risk and resilience study, this year in partnership with Economist Intelligence Unit on behalf of IBM.

The study was conducted in June of this year, and included responses from 391 senior executives…Thirty-five percent of the respondents were C-level executives…About 39% were from North America,38% from Western Europe, 20% from Asia Pacific, and 3% from Eastern Europe.

Companies with less than U.S. $500M in revenue comprised 39% of the responses, and 48% of the respondents hailed from companies with more than U.S. $1 billion in revenue…The survey also covered a gamut of industries, including financial services (16%), IT and technology (16%), professional services (13%), manufacturing (8%) and healthcare (7%).

Click on the image to enlarge. The IBM Global Risk & Resilience Study revealed that to date, companies around the world are focused heavily on building out their resilience and risk plans, as well as putting the supporting technologies and processes in place to get them into effect.

Before I dive into the results, here’s the setup: Global organizations are increasingly emphasizing business resilience; that is, the ability to rapidly adapt to a continuously changing business environment. Resilient corproations are able to maintain continuous operations and protect their market share in the face of natural or man-made disasters as well as radical changes in the financial or economic climate. They are also equipped to seize opportunities created by unexpected events.

So, the question is, are they?

It’s a mixed bag.

The research suggests that more and more businesses will adopt a more holistic approach to risk management in the next three years ass they deal with growing uncertainty and the increasing interconnectedness of the varied risks they face.

That’s the good news, aspirational though it may be.

But in terms of today’s reality, the study indicated that only a minority of companies (37%) has implemented an organization-wide business resilience strategy…with 42% saying they’ll do so in the next three years.

Almost two-thirds (64%) say they have a business continuity plan of some sort, and a robust 58% have dedicated contingency plans for dealing with a variety of risks.

That’s the topline…now on to the deeper dive:

  • Larger organizations are more likely than smaller ones to have an integrated strategy.  They, of course, typically have more to lose, and complexity increase’s an organization’s exposure to risk. Larger firms are more likely to have assigned overall responsibility for enterprise risk management to a single executive (which means, of course, direct accountability). Still, there is a contingent of small companies that have adopted integrated strategies. These companies also rank highly with regard to indicators of success such as revenue growth, profitability, and market share.
  • Continuity, IT and compliance risks remain in the foyrefront, but companies are diversifying their strategies to build business resilience. Nearly 40% of respondents say their organization regards business continuity as primarily an IT issue. However, when they’re asked to name their “primary risk management concern,” some name more than one, including disaster recovery (47%), IT security (37%), and regulatory compliance (28%). Though most have started by addressing the largest threats first, they increasingly are expected to turn to such things as communications and training programs designged to build a more resilient culture overall.
  • Business resilience planning increasingly involves specialists from across the organization, yet CIOs and IT pros remain the most prominent stakeholders.  Hey, what happened to sharing the love…and the risk??  Because a culture that imbues responsibility for risk management at every level enables companies to respond to changes and unexpected events. A solid majority of respondents (60%) say that business resilience is considered a joint responsibility of all C-level execs. Yet as IT penetrates more deeply into every aspect of company operations, CIOs and IT pros remain key players in building more resilient organizations. Fifty-six percent of respondents say the CIO collaborates with top IT strategists much more frequently than three years ago.

Click on the image to enlarge. Silos, budget and predicting ROI were cited as the biggest barriers in the study to adopting an holistic approach to business resilience and risk.

How Can I Better Manage Risk Moving Forward?

In most organizations, improving business resilience requires a shift in corporate culture because that is what shapes values and behavior. If a company’s culture blends risk awareness with other corporate values, then people instinctively know the right thing to do when confronted with an unexpected situation, and that reduces risk.

Understanding these principles is a good first step, but in interviews, executives are clear that buy-in from the top is essential to foster broad organizational change. Promoting holistic risk management concepts to peers and employees is also critical.

Taking an incremental approach with broad participation in strategy development can help, because it is easier to promote change if a new initiative is not seen as being pushed by one particular faction.

Senior-level commitment and adequate resources are also needed to develop comprehensive communications and training programs to support integrated risk management. One of the distinguishing features of the most resilient companies is that they are much more likely than other firms to have developed a communications strategy to push the message of resilience out to every corner of the organization.

Companies that embrace these measures are more likely to create an effective business resilience plan. This will provide a robust foundation on which to build a long-lived competitive position supported by end-to-end risk management.

Go here to download the full report.

Don’t Let Your Business Become A Disaster

leave a comment »

This year seems as though it’s been nothing but a series of disasters.

Literally.

The Japan earthquake and tsunami.  An horrific season of tornadoes across the south and mid-west.  Amazing drought throughout Texas, where agricultural losses are upwards of $3B.  And our most recent friend, Hurricane Irene, which visited devastation up the mid-Atlantic and, incredibly, leaving Vermont and Connecticut more harmed than anyone would have estimated.

IBM recently announced six tips that individuals and businesses can use to help prepare their IT environments for natural disasters and a wide range of other threats.

It just goes to show, you can never be ready enough for acts of God.

That includes individuals and businesses which are dependent on their IT environments for conducting their business and ensuring continuity through one of these disasters.

In preparation for Irene, we saw many people in high risk areas rushing around to buy emergency supplies like flashlights, water, and wood to board up their houses.  But how many considered the preparedness of businesses and government agencies?

Given these impending natural disaster and other top causes of disasters like power outages and network failure that disrupt the flow of information, businesses and individuals should also be assessing their business and disaster recovery plans in advance of disaster scenarios, when things are calmer and they can focus on sensible risk mitigation.

In today’s on demand environment, it’s critically important to rapidly adapt and respond to risks, as well as opportunities, to maintain continuous access to data for personal and business reasons.

IBM recently offered up a few tips on disaster preparedness:

  • Validate your data backup plan – Verify that your data is out of harm’s way and/or is accessible to your recovery location. Consider using a cloud service to store key data and allow your organization more flexibility to respond to changing conditions with minimal interruption to the business.
  • Consider employees and the personal impact of a disaster – A company’s most important asset are their people, but the most important asset for people are their families. Consider how you would move them and their families if required, think about providing financial support to your employees during a crisis event, and consider offering counseling to help them deal with the aftermath of the crisis.
  • Develop various ways to communicate with employees, partners – After people, the next most important element is communication. Communications efforts must be timely, clear and honest, as miscommunication can make a disaster even worse. Consider how you would communicate with your employees, partners, clients, media, industry, and vice versa, what training you have provided, what tools are you using and — very important — test the communications plan.
  • Think about the “domino effect” when considering business risk – Years of experience monitoring regional disasters has shown that these events often create other events. For example, a hurricane normally has high winds and heavy rains that can lead to flooding, structural damage, power outage, telecommunication and/or travel disruptions.
  • Plan for catastrophic events that could last a while – For example, businesses must consider the impact if the duration of the disruption to the facility, network, technology, or people is longer than a period of three days, one week, etc. Over the past decade, we have seen more devastating disaster events with a longer term duration and financial impact. Companies need to consider their options if their primary environment or key people are not available for more than two weeks.
  • Think broadly – Each company is part of a supply chain or network. While you may do everything right, if you have a critical partner, supplier, vendor or provider of service, your preparedness is only as good as those other businesses. As part of your disaster recovery plan, ensure everyone upstream and downstream from your business is also prepared.

With more than 40 years of experience keeping businesses up and running, IBM uses its software, hardware and services expertise to help clients and individuals across the globe to protect their data.

IBM helps them to manage risks, protect valuable business assets, comply with standards and regulations, and continue business operations.

“People and businesses are relying on technology now more than ever, which creates an urgent need to protect critical data and keep IT systems up and running when a natural disaster or other unexpected outage occurs,” said Rick Ruiz, general manager of IBM’s Business Continuity and Resiliency Services. “In these situations, it’s clear that those who have moved from the old model of ‘experience and react’ to a new one of ‘anticipate and adjust’ will fare much better.”

Visit this site to learn more about IBM’s Disaster Recovery Services.

Written by turbotodd

August 30, 2011 at 3:36 pm

%d bloggers like this: