Despite mature information security programs, cybersecurity events may be inevitable, and are now the major cause of operational downtime. Not surprisingly, business interruption perennially ranks among the Top 10 risks named by senior management and board members across many industry sectors. As disruptive natural or man-made events are increasingly acknowledged as probable, rather than merely plausible, leaders recognize that their organizations must understand the consequences of business interruption and the impact it can have to the financial, reputational, legal, and regulatory health of the enterprise. Management teams are expected to be able to run their organizations as effectively during crisis as they do during normal circumstances – by funding planning efforts, supporting regular exercises, and creating a culture that absorbs “lessons learned” back into the preparedness process in a continuous improvement process. Absent that level of attention, stakeholders and observers – markets, regulators, suppliers and customers, shareholders, and the media – are unforgiving. They assign blame quickly to top management when the market performance is impacted beyond a short “acceptable” window or response. This should be a concern to Chief Risk Officers, Risk Managers, the CFO, and the Board Risk Management Committee.
Ankura helps our clients get an independent perspective of their operational risk, their capacity to be genuinely prepared on an all-hazards basis, and the effectiveness and sufficiency of their crisis planning efforts:
- Crisis Management Framework
- Business Continuity Plans and Governance Model
- Emergency Response Plans
- Continuity of Operations Plans
- IT Disaster Recovery Plans
- Mobile Crisis Platforms that Support Incident Management Across the Organization