Business Continuity Budgets and Resources: The Costs of Not Doing It the Right Way

Even in the best of times, good business practices call for scrutinizing budgets. And now, after the effects of the pandemic, many organizations may be hyper-focused on those numbers, looking for cost-savings measures to help ensure resiliency during challenging times.

While maintaining an accurate and realistic budget for your business continuity program is important, dismissing business continuity needs as non-essential or “just-not-right-now” can have devastating impacts on your organization’s ability to survive a disruption—or disaster.

If you’re facing this scenario, how can you convince your executives the resources you’re requesting aren’t just wish-list items, but essentials for ensuring operational resilience today and in the future?

Instead of focusing on the why you’re asking, flip the script. Demonstrate what could happen to your organization if you don’t make much-needed investments to ensure you have an efficient and effective business continuity and operational resilience program.

And, if you’re having this conversation with your executive leadership teams or key stakeholders, remember, you want to speak a language they understand, so it’s important to align your business continuity conversations with organizational goals and objectives. Often times, nothing emphasizes this more clearly than the dollars and cents of it all.

So, let’s take a high-level look at the potential financial impact of ignoring or tabling business continuity for your organization through a few industry statistics to help give you a foundation to build your use case.

Disruption Costs

Few disruptions, no matter how short lived, are cost-free. Even if the disruption spans just a few hours, there are related costs—from your staff response time to a slow-down in services or product availability.

The larger—and longer lasting—the disruption, the costlier it may be for your organization.

When you don’t have effective business continuity, disaster management, or crisis response plans in place, those costs can compound as your teams struggle to identify the cause, make plans on the fly to address it, and lose time thinking through the issue during the crisis instead of activating well thought-out plans before a disruption happens.

There are a number of factors that can impact these costs, and many of those depend on your organization’s specifics, for example:

  • How large you are,
  • Where you’re located
  • Disruption type
  • Cascading effects
  • Strength and effectiveness (or lack of) of your response and recovery plans

Here’s an example: Let’s say your disruption is a data breach and you did not have any business continuity or cybersecurity plans in place to address vulnerabilities and repair security weaknesses.

On average, it takes most organizations about 280 days to discover and contain a breach. The costs of a single breach, depending on the size of your organization and the data you handle, can easily reach into the millions of dollars when you account for response and recovery costs and potential compliance, regulatory, and criminal or civil penalties and fines that mount with a breach.

The average cost of a data breach is almost $4 million dollars, with the United States leading the way as the most expensive country, where a data breach can easily exceed more than $8 million dollars.

When you look at numbers this large—that are truly this realistic for many medium and large-scale enterprises—it makes resource and financial support requests for building and maturing your business continuity practices a lot more digestible.

Here’s another example: This time, the disruption is a natural disaster.

A significant weather event, let’s say a tornado, destroys your primary operations facility, damages infrastructure for weeks, destroys employees homes, and prevents your most critical employees from getting to work, completely preventing you from functioning at all for days, and then moving forward, you’re at minimum operational capacity for an extended time.

While your organization may think you’re covered with a variety of insurance policies, the hard reality many experience is there are often many operational needs and functions insurance can’t cover so you’re left footing the bill for unexpected or unanticipated costs that your business continuity program could have identified and addressed before the disaster occurred.

Globally in 2020, natural disasters topped losses of more than $210 billion dollars—costs for a range of events from flooding to hurricanes to wildfires. That’s a significant jump from the previous year at $166 million.

Remember those insurance-assurances we just talked about? Of the $210 billion in losses in 2020, only $82 billion of that was insured.

The United States, like those costs for breaches, led the world in 2020 with six out of 10 of the costliest natural disasters happening here, totaling $95 billion of those loss costs.

Even just a short-term loss of IT and telecommunication services could quickly add up for your organization.

According to BCI’s Horizon Scan Report 2020, the average cost per incident of the loss of these services alone is more than $225,000. In some areas, these types of outages can happen several times throughout the year. If this is the average per-event expense expectation, you can use it as a quantifier to support your business continuity planning by demonstrating how your program can ensure you have back-up IT and telecom plans when this occurs.

To look at that from an individual location level, here are a few things to think about adding to a ticker-tape of costs when talking with your executives about the importance of business continuity planning:

  • If a disaster destroys your primary facility and you do not have a plan to move critical operations to another (or multiple) locations, what is the cost per day, over an extended period of time, for your organization?
  • Can you quantify that in terms of loss of current and future customers?
  • What is the impact of that natural disaster on your supply chain?
  • What is the cost, both short- and long-term, on losing access to critical supply chain resources as you recover?
  • Quantify costs of responding-as-you-go during a crisis (for example, facilities, technologies, infrastructure, employee time, delays on response and approvals, etc.) to response expenses using a well-tested and exercised plan.
  • What could the financial impact of a natural disaster be if you quantify the short- and long-term loss of services on your organization’s brand and reputation?

It’s also a good time here to remind you not to forget about the indirect costs as you build these impact numbers.

These are just a few of the many examples you can use to demonstrate how much more devastating—both financially and from an operational level—it can be for your organization if you don’t invest now, and steadily, into developing and maturing your resilience practices to thwart these massive expenses.

Do you need help developing and quantifying a use case to support investments into your business continuity and operational resilience programs?

DOWNLOAD NOW

Goodbye, uncertainty. Hello, confidence.
Castellan brings every aspect of business continuity and operational resilience together in one place, so you can stop hoping and start knowing.

Now you’re ready.TM

Ready for some hands-on help? Let’s discuss how to best achieve your business continuity goals.
BOOK A MEETING