For every company, there is a fiduciary duty on behalf of the officers and board members to exercise due diligence and safeguard the company’s assets and the ability of those assets to produce future returns for investors. This initiative is becoming more prevalent in legislation, regulation, standards and best practice guidelines across industries. In order to fulfill this fiduciary duty, companies need to hope for the best and plan for the worst – in other words, every business needs a business continuity plan.

Pull out a copy of your plan (if you have one), dust it off, and actually read it (I have always found it helpful to read it through the eyes of a potential buyer of the firm or investor.) In the majority of cases it will cover eventualities such as damage caused by fire, theft or even flooding. It may even include a section on external threats, i.e., terrorist attacks and other disaster eventualities. Some plans even cover for overcoming a power failure, where to resource external staff and crisis management, etc.

What does it say about suffering a cyber-attack? My bet is that most don’t.

In this day and age, most companies, irrespective of whether a single office or a large international conglomerate, are reliant on computer systems to function. If attacked tomorrow, you might be shut down. No company, not even American Express, is immune.

An attacker isn’t just interested in stealing information or funds. Organizations are experiencing attacks designed to wreak havoc and shut the business down. Any company can and will be a target sooner or later. Furthermore, it isn’t just anonymous cyber terrorists waiting to pull the trigger, disgruntled employees could pose just as much risk to systems, and sometimes, IT systems simply fail.

The opportunity cost of closed doors is, on average, 5x greater than the recurring cost of business continuity measures. For an online retailer it’s obvious: If customers aren’t able to make purchases, there’s the immediate loss of revenue. For a large manufacturing company, if its IT network fails and production has to shut down for 24 hours, the costs will soon mount potentially into the millions. The expense isn’t limited to the immediate problem of restoring services or production – there’s the lost time, unbilled hours, ongoing costs of rebuilding confidence in the customer base and potentially amongst shareholders, plus the knock on effects such as an increase in insurance premiums. The costs quickly mount.

The AT&T Business Continuity Study 2010, reported:

• Three-quarters (77 percent) of companies indicate that employee use of mobile devices plays a major/minor role in the business continuity plan;

• Half have virtualized their computing infrastructure, with less than four out of ten (38 percent) having implemented a business continuity plan for the virtualized infrastructure;

• 84 percent of all companies surveyed have e-mail or text messaging capabilities to reach employees outside of work, and three-fourths (73 percent) have systems in place that enable most employees to work from home or remote locations.

Your technology approach has many responsibilities with one main, overriding objective – to deliver the best service possible. Every homeowner knows that with a home, the first check you write is for the mortgage, and the next check is the insurance premium. The same principle applies here. You have to have a way to keep the doors open for business.

-Chris Kemp