We have just published the latest version of our Cyber Resilience Report and one of the conclusions of the report was that business continuity professionals need to collaborate more with their cyber/information security colleagues. The report noted that if expertise and resources are pooled then resilience can be built in a much more coordinated way. That seems eminently sensible.
Going beyond just IT, in my own foreword within the report I mentioned that cooperation is key to building cyber and organizational resilience, and that different disciplines must come together, share intelligence and start speaking the same language if they want to build a safer future for their organizations and communities.
Is that stating the obvious? Is that something that is already happening? The BCM Futures Report we published last year along with PwC showed that 90% of business leaders believe that resilience is greater when functions such as risk management, business continuity, ITDR and security are joined up, but only 37% believe that these areas are appropriately joined up at the moment. That’s a significant gap between the two, a gap that we all need to put more effort into reducing.
When devising your business continuity programme, do you engage with the IT department on issues relating to cyber security? Do you work with facilities management on the response to your building being out of action? Do you engage with the security department on your response to a terrorist incident? Do you talk to your communications department on reputational issues? There is so much crossover in the work of a business continuity professional, that we need to make that crossover is being addressed. Otherwise it could lead to duplication of effort, or incomplete response plans.
Our current research project on megatrends looks at this issue in further detail, asking those working in the industry whether the different departments collaborate on both preparing for potential threats and responding to those threats materialising. From experience, and from listening to people within the industry, I very much get the impression that silos still exist, management disciplines still work in isolation, and lots more needs to be done. The initial responses to the megatrends survey seem to be quite mixed so far, and perhaps this is a fair reflection of the profession.
My challenge to those people working in the industry is to make sure you are engaging with the other management disciplines on a regular basis to ensure you are all coordinated, and are working together to improve the overall resiliency of the organization. The BCM Futures Report I mentioned earlier showed that about half of business continuity professionals already see this has becoming more important in the future, but I think we need to start increasing that percentage.
As an Institute, we need to do our bit too, so my challenge to us is to engage more with other professional associations working in the resilience space, and build relationships with these organizations from across the world. By working in partnership with others it will enable us to provide those in the resilience community with access to the right training, education and thought leadership.
As always, I would welcome your feedback. Are we already doing enough? Can we, or should we, be doing more? Please do share your thoughts.
Executive Director of the Business Continuity Institute.