- Security TWENTY
- Women in Security Awards
Companies are exposed to an increasingly complex array of risks, threats and uncertainties, which are only expected to accelerate in the years to come. Whether driven by technological developments, cybersecurity threats, data privacy concerns, or natural disasters, coping with accelerating change and the evolving threat landscape is no longer a business advantage, it’s a business necessity, writes Kathy Schneider, CMO at the IT recovery services company Sungard Availability Services.
Digital transformation, meanwhile, is accelerating expectations of pace and availability amongst end-users. The demand for always-on services to run and be available without fail 24/7 has created a series of resilience imperatives that companies, and the data centres supporting them, must account for.
To better understand the challenges companies face from unexpected disruptions, their impact on organisations, and how companies are preparing to handle them, we surveyed business leaders across the UK. Our findings reflect a C-Suite faced with a delicate balancing act in times of increasing technological and operational disruption.
The financial impact of technology disruptions in businesses today is clear, with UK respondents providing insights into the losses they have experienced annually due to downtime. The leaders we surveyed reported an average loss of £1.4m annually, with almost half (48 percent) stating technology expenditure had increased. Much of this increased expenditure will no doubt be attributed to data centres and the associated infrastructure, which sits at the very heart of business operations for most companies.
As well as the costs associated with having to repair what’s gone wrong and restore operations, the business leaders surveyed also understood the impact any break in service could have on customer loyalty and retention. In the UK, 72 percent agreed that their customers are more likely to seek a new supplier if they suffer a data breach or IT downtime. The same amount agreed customers are likely to walk away if they do not have a disaster recovery process in place. If an organisation cannot demonstrate that good data protection is a cornerstone of its business policy and practices, it is open to enforcement action that can damage both public reputation and the bottom line. Top executives can also incur personal financial losses, such as forfeited bonuses; and more disconcerting, some have even been forced to step down following public outcry surrounding crises.
A robust resilience strategy should address three core elements for an organisation: being safe, being available and being agile. Disruption doesn’t only occur when IT infrastructure and operations are interrupted. Changes like a merger or acquisition can also pose challenges to the smooth running of IT and business services. Resilience requires putting the right processes, tools and technologies in place to protect businesses from the scale and scope of any interruptions. In addition, a comprehensive communications plan that keeps external and internal stakeholders informed and supported is critical. Whilst financial losses and a damaged company reputation are often cited as consequences of poorly handled crises, there is another impact that gets a bit less attention.
The human cost of downtime
A third area of concern uncovered by this study, is the scale of the challenge business leaders are facing mentally and emotionally. It comes hot on the heels of ‘burnout’ becoming a legitimate medical diagnosis listed in the World Health Organisation’s handbook. In the face of technological disruptions, 54 percent of respondents admitted to suffering from stress-related illnesses and/or damage to their mental well-being in the event of a crisis. In today’s hyper-connected world, with the C-Suite inextricably tied up with brand identity, our findings highlight the extent to which senior executives are linked to their company’s resilience – or lack thereof.
In the UK, 49 percent of CEOs have been affected by stress and mental health issues, rising to 62 percent amongst CIOs and CTOs. Interestingly, with business leaders more extensively profiled online today, a contributing factor to their stress and mental well-being is the abuse these executives receive across social media platforms from those who hold them accountable for technology crises. Just over half (53 percent) report abuse online or verbally and, in some cases, even physical threats. Moreover, a fifth (20 percent) also report this abuse extends to their family and friends.
The research also revealed the negative personal impact technology crises can have on a firm’s leadership abilities. Some 30 percent of executives find strategic decisions more difficult to make with 24 percent finding it harder to provide clear direction for the business – putting the future of their jobs into question.
This revealing insight into the mental state of the C-suite demonstrates why business strategy must go beyond ensuring a robust and agile infrastructure. An organisation operating today needs to also ensure the resiliency of those responsible for resolving major crises. Accordingly, executives on the front line need to be armed with the right counsel and support to navigate disruptions more effectively.
Companies must take steps today to minimise risk and adapt to disruptive events by embedding resiliency into their environment – making their business and IT operations more available, safe and agile:
Strike the right balance between data access and security requirements amidst evolving threats.
Align the right applications with the right platforms and use hybrid IT to minimise complexity, maximise efficiency and deliver agility.
Understand the priority levels of critical business applications and plan their recovery in accordance.
Ensure processes, applications and infrastructures are recoverable and available for continuous business operations.
Design a thorough communications plan addressing internal and external stakeholders.
Conduct regular testing of recovery plans to identify gaps and ensure readiness for a real event.
Provide employees – especially those most accountable – with guidance to communicate with family members, and support staff accordingly through periods of significant disruption.
Make counselling available for senior leaders of a business after significant disruption.
To address all the business imperatives identified in our research, including the new ‘personal’ resilience imperative, business strategies today must go beyond ensuring critical infrastructure is robust and agile. Boards must take a more holistic approach to business resilience and consider how they can train staff to be better prepared before, during and after a business disruption. The growing digital business ecosystem will put increased demand on data centre performance, security and resiliency. Any disruption will have even greater impact on an organisation’s productivity and profits – putting employees under even greater pressure when things go wrong.
Companies can minimise risk and adapt to disruptive events by embedding resiliency into and across their environment. An effective resilience framework looks at how the organisation and IT infrastructure can be available, safe and agile. In addition, steps must be taken to support employees particularly those in the spotlight during and after a significant disruption. Businesses that can demonstrate this holistic approach, will no doubt, gain credibility amongst their customers, partners, employees and investors – in their own industry and beyond.