FEATURE
cybersecurityeurope
Understanding revolutionary shifts in Business Continuity Planning is key to an understanding of the changing nature of enterprise cyber risk.
AS A PROCESS, BUSINESS CONTINUITY PLANNING CONCERNS THE CREATION OF SYSTEMS OF PREVENTION AND RECOVERY TO MANAGE LIKELY THREATS to an organisation. Such systems can be designed to deal expediently with a wide range of threat types other than cyber; but increasingly, Business Continuity plans are put in place primarily with the cyber exigencies in mind. As well as prevention and defence, the aim of a Business Continuity plan is to enable ongoing operations before and during commencement of Disaster Recovery. The terms ‘Business Continuity’ and ‘Disaster Recovery’ are sometimes synonymised, but in fact, they apply to two distinctively different processes. Business Continuity has a wider scope, and refers to the procedural actions that an organisation’s chief officers take during a disastrous disruption to normal operations, and ensure that routine operations will continue even as that disaster unfolds. Disaster Recovery, meanwhile, should be deemed a subset of the Business Continuity plan. It involves the restoration of critical ICT support systems, and getting them back to normal running a fast as possible. Although different, both types of plan should be harmonised and, to an extent, integrated. Business Continuity plans should scope any event that could negatively impact operations, such as cyber attack, supply chain attacks, loss of or damage to critical infrastructure, natural disasters (floods, storms), and other emergencies, like fire. As such, a Business Continuity plan is itself a subset of enterprise BRIEF
BUSINESS CONTINUITY PLANNING MARKET VALUE 2020-2029 According to forecasts from Persistence Market Research, the Business Continuity Planning solution market will grow at a CAGR of ~13% between 2020 and 2029, and is estimated to reach a global value of ~€1.44 by the end of the 2020s.
58
As a process, Business Continuity meant to manage likely threats to with a wide range of threat types in place primarily with the cyber aim of a Business Continuity plan of Disaster Recovery. The terms Business Continuity an two distinctively different process actions that an organisation’s chi and ensure that routine operati should be deemed, meanwhile, a critical ICT support systems, and different in application, both typ Business Continuity plans should cyber attack, supply chain attack storms), and other emergencies enterprise risk management; how and Disaster Recovery processe Strategy. Generally, most larger or Business Continuity Officer (or ev necessarily entail c-suite-level p profiles, will not usually have a ded per se. Into the 2020s, it seems i cyber governance, they will also Continuity planning. Their input Continuity parameters, such as M long could an organisation surviv are usually not best placed to giv That said, traditionally ‘Business deeper relevance as more organ cloud-based platforms is key to su – where an organisation owns its premises physical harm, such as their applications and data, it co another. For some senior executiv insights into the way their organi Sponsored by Zerto, a white pape many senior executives have nev they are faced with a Digital Trans and data are accessed. With the m beyond the incumbent IT depart application ownership and manag provider. Responsibility for the a among the extra parties. The complexity of this task ‘requ recover business-critical data’, ID nature of business are increasing Business Continuity plan must co of response to a disruptive or offe plans. Very often with a cyber a limited the deleterious impacts o This calls for a communication p to determine who bears responsi it will be delivered. The Business with the support of Sungard AS) cyber security incident from the I software, also likely to be mana technology experts play a cen responsibility in the communica effective way. The Business C responsibility is challenging, as sh do not believe they communicat challenged are organisations w approved by senior executives be of minutes could mean the differ
