Skip to content

Business Continuity and Crisis Response: What Is Your Plan?

Published
Feb 7, 2020
Share

At some point, all organizations are faced with challenges that necessitate a robust business continuity plan coupled with a sound crisis response strategy.  Organizations must be ever aware of the impact that events such as data breaches, natural disasters and other adverse events can have on their reputation and ongoing viability as an enterprise.  To stay ahead of the curve, business leaders need to be proactive at identifying and developing plans to navigate their organization through a potential crisis. 

To increase the likelihood that plans developed to deal with and respond to a crisis are successful, close coordination between those involved with governance, the executive officers and the board of directors must be present.  The foundation to getting started is through the creation of a well-documented disaster recovery, incident response and business continuity plan.  By using a data breach as an example, the importance of having a strong foundation in the event of a crisis becomes apparent.  

Through June 30, 2019, there were over 3,800 data breaches reported -- an increase of 54% over 2018.[1]  Typically, a data breach will result in the loss of secure, confidential information that will commonly contain “personally identifiable information” (PII), which can include an individual’s name, address, Social Security number, banking information and email address.  For instance, TrueDialog, a leading SMS texting solutions company, due to a data breach created by the exploitation of a database left password-unprotected, exposed and made accessible their customers’ confidential data.[2]  What steps should a company take when such an event takes place?  To help answer that question, let’s focus on actions to prepare, react, respond and recover from a business crisis.

PREPARE

Gaining the recognition of the importance and necessity of formal disaster recovery, incident response, and business continuity plans of an organization’s senior leadership and board of directors is crucial when getting started.  To successfully design these plans, management must have a strong understanding of its business environment, its critical infrastructure and the potential internal and external factors that could affect systems, data and assets.  By working together, realistic and achievable goals can be established when a crisis occurs. 

REACT

Formal, documented crisis response plans assign responsibilities to key stakeholders throughout the organization.  Before the crisis response plan becomes actionable, an organization must identify the cause of the crisis.  Once the root of the crisis is successfully identified, management can make sure the disaster is contained.  Prior to resuming all business operations, it is crucial for management to determine that the incident is contained and data, assets and other critical information are safely protected.

RESPOND

After assessing the severity of the effect that the crisis has had on external stakeholders, it is essential to communicate that information with affected parties.  In some instances, it may be determined that data breaches did not result in compromised PII; even so, management can utilize the breach as a learning experience to bolster the formally documented response plans.

RECOVER

The ability to quickly recover back to status quo and avoid severe financial and reputational losses is critical.  Crisis response plans should be continuously tested to ensure an organization can recover from a crisis in a timely manner.  Lessons learned and efficiencies identified through the periodic testing of crisis response plans should be the focal point of making continuous updates to the plans.  Management should stay up-to-speed by distributing up-to-date incident response policies to key stakeholders within the organization, ensuring current policies are followed during the time of crisis.  In addition, organizations should take the time to reassess the adequacy of their plans when breaches occur at other companies; by doing so, organizations will often identify improvements to their own plans.

[1] James Sanders, “Data Breaches Increased 54% in 2019 so Far,” TechRepublic, 15 August 2019.

[2] Zack Whittaker, “Millions of SMS Messages Exposed in Database Security Lapse,” TechCrunch, 1 December 2019.

PRTS Intelligence Newsletter - Q4 2020

Contact EisnerAmper

If you have any questions, we'd like to hear from you.

Explore More Insights

a building with a tree growing on the roof
On-Demand Webinar

Navigating the SEC Climate Disclosures | Insights and Strategies

Read More
a laptop and a phone on a table
Article

Material Weakness in Internal Controls: The Real Impacts

  • SOX Compliance
Read More
a person using a phone
Article

The Critical Role of Risk Assessments for Public Companies

  • SOX Compliance
Read More
a close-up of a key chain on a keyboard
Article

The Evolving Landscape of Data Privacy in Higher Education

Read More
Article

An Outlook for Technology Trends in 2024

  • Technology
  • Artificial Intelligence
Read More
diagram
Podcast

Learning and Leveraging AI with Jordan Wilson

  • Artificial Intelligence
Read More
a group of computer servers
On-Demand Webinar

IRS Enforcement of Digital Assets is on the Rise | Tax Guidance and Expectations

  • Tax
Read More
Article

Top 10 Common Cybersecurity Mistakes in 2023

Read More
diagram
Podcast

The Art of Organizational Change w/ Ahmad Fahmy

Read More
chart
Article

Identity Access Management

Read More
a person in a garment holding a gun
Article

Organizational Risk to Using Generative AI: Hallucinations in LLM Chatbots

  • Artificial Intelligence
Read More
a close-up of a computer
Article

Eight Key Takeaways from Workiva Amplify 2023

Read More
View All Insights

Receive the latest business insights, analysis, and perspectives from EisnerAmper professionals.

Subscribe