Future-Proofing Your Business: The Critical Need for Contingency and Business Continuity Planning
You weren't alone if your print business wasn’t prepared for disruption when the COVID-19 shutdowns hit. A global survey by the Mercer business consultancy found that 51% of companies lacked protocols to address a global emergency like COVID-19, and 27% did not have a business continuity plan at the time.
Now, it’s hard not to be alarmed by other potential calamities. Every day brings news about possible future pandemics, bank failures, economic crashes, wars, threats to the power grid, and cybersecurity issues such as ransomware and data breaches. That’s on top of coverage of earthquakes, wildfires, hurricanes, floods, factory explosions, train derailments, and bridge collapses.
Adding contingency planning (or business continuity planning) can help reduce the impact of unexpected events on daily operations and annual revenues.
Although developing business continuity processes can be time-consuming, AI-based resources can support all phases — from identifying worst-case scenarios to crafting messaging as a crisis unfolds.
What Is It?
A contingency plan identifies ways to deal with unexpected situations that affect your company’s finances, operations, facilities, workforce, and customers. The plan analyzes “what-if” scenarios and outlines steps to work around them. Contingency plans are a vital part of project management and can be developed for specific departments within your organization (e.g., the IT department).
Business continuity planning goes beyond contingency planning. It is an enterprise-wide process of ensuring uninterrupted operations. It details procedures that will not only keep operations up and running but also restore them as quickly as possible after a disruption.
Why Do It?
Effective business continuity plans help your company remain resilient throughout different crises.
A well-executed plan preserves a company’s brand and reputation, builds customer confidence, protects the supply chain, and mitigates financial risk. It also assures employees and other stakeholders that the business won’t be forced to close. FEMA studies show that many small businesses never reopen after a disaster.
According to the PwC Global Crisis and Resiliency Survey 2023, many companies in the post-COVID era worry about resiliency because the world seems to be in a state of “permacrisis.” In the PwC survey, 96% of companies reported that at least one event other than the pandemic had disrupted their business in the last two years. And 76% of companies said their most serious disruption had a medium-to-high impact on operations.
Five Phases of Planning
The business continuity planning process involves five major phases:
- identifying potential interruptions
- analyzing their likelihood and potential impact
- outlining steps to limit losses
- making employees aware of plans
- reviewing and updating plans
Identify worst-case scenarios. List issues that have caused business interruptions in the past or may cause them in the future. For example, some risks to consider include
- data breaches that result in the theft of your company’s or client’s files
- malware or ransomware that affects access to your company’s data or computer systems
- the death or resignation of a key employee
- the loss of production capacity due to equipment failures or facility damage
- supply chain disruptions that affect your ability to receive raw materials or meet promised delivery dates for printed products
- labor unrest, work stoppages, or workplace violence
- talent shortages that lead to employee burnout, mistakes, and shortcuts
- the loss of a customer who accounts for more than 50% of your revenue
New technologies such as AI also pose risks, such as decisions based on erroneous information, ethical risks, violations of data privacy regulations, and infringement on copyrights and intellectual property.
Prioritize the risks. How likely is the event to occur? How will it affect employees, customers, vendors, and outsourcing partners? How severe will the impact be on revenues, cash flow, and access to capital?
Stress testing can help determine the economic impacts. It is a deliberately intense process that uses computer models to predict the financial consequences of operational or supply-chain disruptions. For example, a supply chain resilience stress test uses a digital twin to map a supply chain, run disruption scenarios, and calculate the impact.
Outline steps to recover from each scenario. The type of actions you take will depend on the nature and severity of the disruption. The following are some of the steps a continuity plan might include.
- Establish an emergency preparedness team that includes leaders from different functions within your business. Empower them to keep things moving forward and make decisions when necessary.
- Develop a migration plan to move operations (and/or data) to a different location, permanently or temporarily.
- Anticipate the flexible work arrangements or assistance programs your employees may need after a disaster.
- Identify alternate sources of inks and materials. Be prepared to switch if your primary supplier is disrupted.
- Consider alternate business models if you lose a customer responsible for more than 50% of your shop’s revenue.
- Develop contingency plans for handling unexpected surges or losses of orders.
- Outline how marketing and customer-support teams will communicate with your customers, subcontractors, and vendors during a data breach or natural disaster.
- Build a cyber-resilience plan. Determine how to detect emerging threats to critical business functions, notify internal and external stakeholders, contain the damage, and restore normal operations.
- Outline how your shop will preserve capital and cash flow. Evaluate business interruption insurance policies, such as cyber liability insurance or key person insurance.
Make sure employees know the plan. Preparing employees to respond to disruptions will reduce the extent of the damage to property, equipment, and personnel.
Conducting test runs can help ensure each employee tasked with helping with the response understands their role.
Doing a walk-through also helps identify potential response and recovery strategy weaknesses. The walkthroughs involved in contingency planning can be like those conducted before automating business or production workflows, but instead of detecting inefficiencies, look for vulnerabilities that could cause disruptions.
Front-line workers may identify potential risks upper-level executives might have missed. For example, an equipment operator may notice daily fluctuations in energy that might adversely affect printing equipment performance. Employees can also alert you to potential fire hazards, faulty electrical wiring, or other dangerous working conditions.
Update and review your plans. It’s impossible to predict every situation that could interrupt your business. But as new threats arise, periodically update your plans.
Consider how the passage of time will affect contingency plans. What failures can occur as your production equipment and IT systems age? Who will keep abreast of changes in cybersecurity protocols? When onboarding new employees, who will teach them how to handle disruptions?
Your plans don’t have to be elaborate. Online templates and AI can provide starting points. Having disaster-recovery plans helps assure your company's customers, investors, and potential buyers that disruptions to your business won’t create significant headaches.
For example, if your business fulfills orders for customized products from multiple Shopify stores, those micro-businesses count on you to keep going — even when conditions are challenging.
Cybersecurity Threats
Safeguards against cyber threats are essential for print-service providers that rely on data to run their business and automate production processes.
Cybersecurity issues can also threaten relationships with clients who use direct-mail campaigns in concert with digital or experiential marketing. Clients who share valuable customer data can’t risk having that data stolen because your shop failed to prevent cyberattacks.
In a Riskonnect survey about cyber resilience, 75% of participating organizations had experienced at least one ransomware attack in the previous year, and some had experienced four or more attacks.
Malicious hackers aren’t the only perpetrators of cyber threats. Computer crashes can inadvertently or intentionally be caused by employees, partners, contractors, or suppliers accessing your systems. This is more likely as businesses and remote workers become more interconnected.
If potential clients haven’t already asked about your cybersecurity protocols, they may soon, especially if they will entrust your shop with sensitive data.
“Data breaches that originate in the supply chain are more commonplace than many organizations think,” notes the cybersecurity firm BitSight. A 2022 Verizon study of data breaches discovered that 62% of system intrusions came through an organization’s partner.
BitSight has published 40 questions that brands should use to assess their vendors’ cybersecurity measures. The questions address how the vendor monitors remote connections, manages access privileges, and prevents the theft of sensitive customer data.
Storing data in the “cloud” (i.e., on multiple offsite servers in different locations) can be one way to recover data if your on-site systems are damaged. However, evaluate the security measures of the cloud service provider. At a minimum, they should regularly patch systems, encrypt sensitive data, analyze suspicious activity, test data recovery procedures, perform audits and compliance checks, and continuously update their security policies.
How AI Can Help with Continuity Plans
“It’s nearly impossible for an individual or team to constantly track risks by hand,” contends Brian Zawada, VP of strategy for Riskonnect. “AI solutions can quickly gather data from a variety of sources (news feeds, social media, and government websites) and filter through the noise to notify the right people.”
He adds that generative AI can also help identify plausible scenarios that could significantly impact your organization and the markets in which it operates.
Plus, AI tools could help calculate the business impact of specific scenarios or minimize the number of drafts needed to develop final plans. For example, prompt AI to write a business continuity plan for each process, asset, or disruption type. Then, revise these drafts to meet the needs of your business.
AI can also help craft internal and external communications, such as employee instructions on hurricane preparations or customer notifications about your business's temporary closure.
“Your business continuity plan will always need to be reviewed by humans,” explains Zawada. “Threats need to be validated for authenticity, and communications should be aligned to your company’s culture or style. Also, do not release personal, private, or business-critical information externally to free sources such as ChatGPT.”
Stay Nimble
In his keynote address at the 2023 PRINTING United Expo, Andrew Paparozzi, Chief Economist of the PRINTING United Alliance, noted that risk management and stress testing are two strategies successful print-service providers use to achieve growth despite ongoing uncertainty about economic conditions.
He reminded attendees, “No matter how well your business is doing or how well it is run, it can turn in an instant. Always stay nimble, efficient, and be able to pivot.”
Pivoting may become easier as AI tools improve, and leaders have access to better data.
By 2030, Zawada believes many businesses will use digital models of their organizations to map upstream and downstream dependencies among business processes, locations, applications, information, suppliers, and channels.
“The digital model can be queried before or during a disruption to search for vulnerabilities that may need to be addressed in real-time,” says Zawada. This will better prepare employees to act quickly to prevent losses.
Eileen Fritsch is a Cincinnati-based freelance journalist who has covered the evolution of wide-format digital printing for more than 20 years. Contact her at eileen@eileenfritsch.com.