Business continuity management is the most comprehensive approach to organisational resilience, and involves managing risks to critical business functions to ensure continuity of service in the event of a disruptive incident.
Here are five reasons why:
The NIS Directive
By May 2018, the Directive on Security of Network and Information Systems (NIS Directive) will be transposed into national law. The Directive requires operators of essential services (OESs) and digital service providers (DSPs) that support the nation’s infrastructure to enhance their cyber security by employing risk management and appropriate security measures, as well as measures that minimise the impact of incidents and ensure business continuity.
On 25 May 2018, the EU’s General Data Protection Regulation (GDPR) will come into effect with a wide-reaching and significant shift in the way that organisations are expected to protect personal data.
Although the GDPR grants data subjects a number of new rights, it also requires organisations to adopt “appropriate technical and organisational measures” to protect personal data, as well as “the ability to restore the availability and access to personal information” in the event of an incident.
Targeted cyber attacks
According to a survey conducted at Black Hat Europe 2017, the biggest cause for concern among cyber security professionals is targeted cyber attacks aimed at their organisation, and the detrimental effects these might have.
These cyber attacks could completely disrupt business operations, cause immeasurable damage to functionality and bring business operations to a standstill.
An increase in cyber attacks on critical infrastructure
Security professionals also predict a 100% increase in attacks on organisations involved in critical infrastructure within the next two years. If these cyber attacks were to strike one of the nation’s critical facilities, it could have devastating consequences and may cause untold damage to a specific sector.
The recent NotPetya attack and the impact it had on the shipping industry is an example of how substandard security measures can result in devastation. In the NotPetya case, IT systems were shut down, shipping companies were unable to unload containers, customer orders went missing or were cancelled, and ships had to be rerouted to alternative destinations.
Increasing natural disasters
As well as cyber attacks, natural disasters are a real threat to an organisation’s business resilience and can disrupt information security, networks and systems.
Natural disasters are unpredictable and unstoppable. Although organisations can protect against a cyber attack and potentially prevent a data breach from happening, an effective BCMS helps you to look at and evaluate the environment.
Business continuity management solutions
In the event of a disruptive incident, returning to ‘business as usual’ is a priority. An effective BCMS will give you the peace of mind that your organisation can recover from a damaging incident as quickly as possible, and minimise interruption to business operations.
IT Governance offers a variety of business continuity solutions to help you ensure your organisation is as prepared as it can be for a disruptive incident, and compliant with the requirements of upcoming EU legislation (most notably the GDPR and the NIS Directive):
- Business continuity training courses, supported by the international standard for business continuity, ISO 22301.
- Cyber incident response management foundation training
- ISO 22301 standards kit
- Consultancy solutions for business continuity management
- ISO 22301 documentation toolkit