Business continuity is all about an organization’s level of readiness to maintain its critical functions in the event of a crisis or disruption. What are the exact types of crisis that require an organization to have a business continuity plan for in the first place, though?
Not sure? Well, this is the article for you. We address the types of business crisis that necessitate business continuity and crisis management action.
To help guide you through, we first define what a crisis is.
What is a crisis?
So, what is a crisis?
Crises are unique, rare, unforeseen, or poorly managed events, or combinations of such events, that can create exceptional challenges for an organization.
Characteristic of crises is that they disrupt or affect the entire organization, transcending organizational, geographical, and sectoral boundaries.
Complex and inherently uncertain, crises can arise in a few ways, often crucial to the type of crisis management intervention needed to address them:
- Crises can arise suddenly.
- Crises can emerge from an incident that hasn’t been contained or has escalated with immediate strategic implications.
- Crises can occur when latent problems within an organization are exposed with profound reputational consequences.
And as this article will explain, the most common crises in business, i.e., natural disasters, cybersecurity breaches, supply-chain crises, etc. take place when all or some of these factors are in place.
Understanding that crises are unpredictable and impactful, organizations must prepare themselves accordingly, with a scenario-specific crisis management plan or playbook.
Just ask Silicon Valley Bank (SVB), one of the top crises of the last 12 months.
SVB failed to anticipate an economic downturn, one type of business crisis that demands a business continuity plan (BCP) to handle, and suffered a bank run that led directly to its collapse.
What could SVB have done, or other organizations do better? That’s where business continuity planning (BCP) in crisis management comes in.
Business continuity planning interventions, such as the BCP, help organizations build stocks of complete, unambiguous information to help them better respond in a crisis situation where information is by definition incomplete and ambiguous.
Business continuity planning also helps organizations develop predefined procedures and plans rooted in the values of the organization and sound crisis management planning structures before crises strike.
Seven types of crises to consider in business continuity planning
But what are the types of crisis to consider when preparing your business continuity plans? In this article, we isolate the seven crisis types that organizations should have a BCP to address.
They include:
1. Natural disasters
Natural disasters are perhaps the most common and mediatized form of business crisis, affecting all organizations and thus demanding companies to scenario plan for as part of business continuity management.
Why, exactly?
Well, natural disasters, including tornadoes, earthquakes, wildfires, flash floods, hurricanes, and more, are not just already commonplace. They’re also increasing in frequency, cost, and impact.
2. Cyber security breaches
Another fairly common type of business crisis, cyber security breaches are incidents involving the loss of control, compromise, unauthorized disclosure, unauthorized acquisition, or any similar occurrence where a person other than an authorized user accesses or potentially accesses personally identifiable information.
Although historically, the healthcare, financial services, and technology industries have been hardest hit by breaches. Most organizations nowadays sit on stocks of digital data and must, therefore, prepare irrespective of what sector they’re in.
3. Physical security incidents
Of course, many digital assets exist in physical space, as do the workers that man them. As a result, both are vulnerable to physical security incidents, another crisis type for which organizations need BCPs.
Variants of physical security threats include terrorist attacks, workplace threats, violence, theft, counterfeiting, sabotage, trespassing, activist disruption, vandalism, and contamination.
These incidents remain commonplace. For instance, anywhere between USD 300 million and USD 1 billion a year is lost due solely to the theft of equipment and other high-value materials, according to the National Insurance Crime Bureau in the U.S.
4. Economic downturns
As noted in the example of SVB, organizations remain vulnerable to economic downturns. These economic crises consist of events like strikes, market crashes, recessions, and labor shortages.
Most recently, coming out of the COVID crisis, organizations have been experiencing sharp inflationary pressure, which affected the price of the goods and services they procured.
Inflation also impacts their workers. Across the developed world, real hourly wages have fallen in many industries and economies as the cost-of-living increases.
This adds pressure on often-cash-strapped and crisis-wracked companies to pay workers more to make up for losses in purchasing power.
5. Public health emergencies
In the last few years, all companies have become intimately familiar with the next type of crisis, the public health emergency. These are disruptions stemming from disease or disorder, significant outbreak of infectious disease, or even bioterrorist attack that must be planned for.
In the case of COVID, for instance, public health emergencies pose direct safety risk to workers, which impacts the ability of companies to stay viable.
Public health emergencies also have a political angle, as governments can restrict the ability of organizations to work as they did before.
6. Supply-chain disruptions
Another overhang from COVID is the supply-chain crisis. But even as COVID ebbs, supply-chain disruptions are becoming a crisis type that deserves even more business continuity attention, particularly in the manufacturing and retail.
For instance, the Ever Given incident in 2021 was estimated to have shaved .4 per cent in annual trade growth and to have led to a near 50 per cent increase in the cost of renting vessels to ship cargo to and from Asia.
7. Legal and regulatory issues
The final crisis type we’ll discuss is the legal and regulatory or compliance challenge.
In field after field, regulators and policymakers are imposing new statutes with which companies must comply or face financial sanction. The sanction itself can represent a crisis for companies.
For example, penalties for data breaches in Australia are expected to increase dramatically. As a result of the Privacy Legislation Amendment Bill 2022, entities could be fined as much as AUD 50 million or 30 per cent of the adjusted turnover of the body corporate during the breach turnover period.
Compliance risk, therefore, must seriously be considered in business continuity planning, especially in heavily regulated sectors, e.g., education, transportation, and utilities.
Role of resilience management software in preparing for crisis
So, what can companies do? Well, they must take concrete measures to prepare for these crisis types, by building scenarios for each incident.
That’s not all, though. These plans and playbooks must be regularly updated and ready to be put into action when an incident strikes. Which is where business continuity and resilience management software comes in.
Platforms like Noggin are designed to help businesses stay ready, so they can avoid the surprises that come with tackling common crisis types. But don’t just take our word for it. See what Noggin Resilience can do for you - request a tailored demonstration today!