From early 2020, businesses around the world collectively experienced the impacts of COVID-19 where there were business disruptions and even stoppages imposed by government regulations in a bid to contain the pandemic. This disaster put an incredible strain on the national economy and had global impacts on the supply chains industry; as an example, when China, the world’s factory, was impacted, global supply chains were affected. This tested the efficiency and strength of Business Continuity Plans (BCP) in organisations when disruption of common resources such as their workforce, supply chain, materials, transportation, and communications arise. Many organisations without a BCP or contingency plan also scrambled to put in “quick-fix” plans to counter the issues faced.
As we move into 2021, we explore what are the potential risks and top scenarios in the coming years and review our plans and ask “is there a need to review our plans that have served us well in 2020?”
The core objective of any risk management system is to ensure the organisation endures whatever circumstances it may face during the course of business. As we look into planning for the upcoming year and ahead, we took reference from various reports such as Insurance Reports, the Global Risk Insights by the United Nations Security Council and other risk focused reports to sense on the key risk concerns.
Covid-19 is still the top risk. In 2021, it is high likely that the operational risks and business continuity concerns will still revolve on the topic of COVID-19. Though there are vaccines developed, with many countries having already started vaccination exercises for their citizens, many hope that this will slow the spread of the virus. However, it is expected to take 12 to 18 more months before we start to see the numbers in control or declining and another 2 to 3 years for recovery back to pre-COVID times. In total, the pandemic could take up to 5 years from outbreak till recovery.
In recent months, there is a call for concern regarding the emergence of new mutated COVID-19 strains such as N501Y (Africa, England) & E484K (Africa, Brazil). These new strains are more infectious and have the potential to spread faster than before. Many governments have been quick to re-imposing lockdowns to curb the spread. With the infection rate growing daily, COVID-19 will still be a top risk to watch out for in 2021 both affecting businesses and our daily lives. We believe more mutation of the virus is likely to happen and the challenges of effective vaccines are likely to continue for a while.
Changes in global economics. The economic policies from governments around the world will also become a major focus in the beginning of 2021. The trade war between two top economic powerhouses, US and China will continue for the foreseeable future. With the changes in leadership of a few leading governments, there will also be more uncertainties as we wait to see the direction of the new governments. How, then, does this impact business continuity and how about your supply chain?
There is also a false sense of security for many people. Thoughts of “we have survived 2020 and the pandemic, there is no need to make any further changes to our recovery strategies”. It is important to note that with the successes of implementing Work-from-Home (WFH) strategy and other contingency plans, it is still crucial to conduct exercises to better improve these existing plans and to counter other scenarios that have not yet been tested in the past year. So far, majority of the major decisions are still made on the country level. Once we have moved to the recovery phase, business continuity planners are expected to take over and make these decisions. Are you ready for this? In the prolonged Pandemic crisis that has lasted for months and is projected to last even longer, businesses should consider how to survive a double crisis such as a typhoon or social unrest or even cyber-security outbreak. Always Expect the Unexpected.
Cyber-Security as an Emerging Risk. With the many changes to workplace operations involving the Work-from-Home strategy and the other contingency plans, there exposes many organisations to vulnerabilities involving Cyber-Security as employees work from less secure networks and having to bring more work operations online. Email phishing is also a growing threat with more people relying on a higher volume of emails, a less vigilant employee may just let a cyber threat slip in through the cracks. An effective IT strategy driven by management and leadership is one of the primary enablers to ensuring resilience. What is your recovery strategy and has it been put to the test?
A quick poll with over 50 participants showed that the top 3 risks that most concerns risk and business continuity practitioners are most concerned with Infectious diseases (87%), Cyber Security (85%) and Supply Chain breakdowns (62%), with Political unrest & demonstration (45%) coming in at a close fourth choice. Prolonged crisis complications and threats are also increasingly included as a top 2021 risk scenario. Risks and threats are also highly industry-specific, and it is recommended to discuss within your team, the senior leadership and industry-peers, to identify the top risks pertaining to your organisation and industry.
Though we are 1 year into this New Normal of the COVID-19 world, there are still many unknowns– How long will the pandemic last? When will it peak? And when will subsequent waves hit? What we do know is that the COVID-19 related risks are unlikely to decrease substantially in the short run.
Especially now, we cannot let our guards down and get complacent about our business resiliency programmes. We used to encourage BC professional to plan for “Just in case” (JIC) but with the current environment we have to start considering the “It will happen” mentality. There must be efforts made to further strengthen them and meet the changes in business models in this New Norm. It is evident that organisations with adaptable business continuity programmes fared better and were more resilient than other organisations – a clear indicator of the competitive advantage of business continuity. The Good news is that we now see higher awareness and attention on Risk and resilience from the Senior Management and Board of Directors (BOD).
We recommend considering the following to strengthen your BCP:
And importantly, one of the most important points to build up your business resiliency is:
In a nutshell, a disruption in business operations and services, whether from a pandemic, natural disaster, a terrorist strike, a cyber-attack or a simple glitch, can seriously reduce your revenue and even do long-term damage to your business image. Taking reference to our current situation, nobody expected COVID-19 to have such a disastrous impact on a global scale. We need to aim to be flexible and adaptable, to have a strong business resiliency programme to pull through even the toughest situations.
It is recommended to think of the risk profile in the long term and not just year by year. As a prepared organisation, long term planning is needed to ensure the resiliency of an organisation. Plan for smaller 3-year milestones and a major milestone for your 15-year risk cycle to achieve your set risk profile. Get your Board of Directors and Senior Management to be on board and expand your business resiliency while there is a high awareness of risk and business continuity currently. When you and your organisation always adopt an “It will happen” mentality and be always prepared for the worst, you have a solid business resiliency programme.
About the Writer: Henry Ee, FBCI, CBCP, ACTA
Henry Ee is the Managing Director for BCP Asia (www.bcpasia.com). He is a certified professional with more than 25 years experience in the business resilience industry. Henry has developed business continuity and crisis management programmes across many different industries including Healthcare, Financial, Manufacturing, the Public Sector and many others. Currently Henry holds many voluntarily positions including Vice-President of RIMAS, Chairman for BCI Singapore Chapter, SEA chairman for IAEM, Member of UNISDR. He was also recently involved as a Technical Expert in the International Standards Organisation (ISO) for Business Continuity and Resilience and was involved as a working group member for Enterprise Singapore and SBF's Guide on Business Continuity Planning for COVID-19.