You may not think too much about serious disasters. Most of us focus on the day-to-day chores of running our businesses and keeping revenues up. However, there are long-term planning concerns that many firms avoid. Those concerns are managing the risk to your business if something very bad happens. This long-term planning is called risk management, and it is the dullest topic ever—until something bad happens.
What is Risk Management?
Business school academics have varying definitions of risk and risk management, but the concepts are fairly simple for our purposes. Risk is the negative uncertainty that comes from any potential loss. It is the collection of activities a business undertakes to mitigate, avoid, and transfer the losses that might damage the company due to some negative event. Risk management, now frequently referred to as Enterprise Risk Management has been an area of business focus for decades. Businesses have long recognized that they need to look at the financial risks they might face. Example of risks they might face are something happening to their physical assets or they experience a confrontation with major litigation. However, there has been a stronger and broader focus on the entire spectrum of risks that confront a business in the past few decades. This focus has begun to push the issue to the C-suite level.
Unfortunately, while large enterprises devote serious resources at the highest level to manage risk. Smaller firms often spend little or no time considering risk as an important business issue. Even smaller firms who take the time to think about protecting against active threats may be unlikely to consider threats that are a degree or two of separation away from the core business. That means that companies tend to ignore technology infrastructure if and when business continuity and disaster recovery plans are under consideration.
Why is Risk Management Gaining Greater Visibility?
As noted, risk management isn’t new. However, the last few decades have seen the United States face two major catastrophic events. They were Hurricane Katrina in 2006 and the terror attacks in 2001. Both brought to the fore the consequences to businesses who are unprepared and the reality that very bad things can happen.
Globalization has also shown that distance does not shield us from the consequences of far-away events. For example, the earthquake and subsequent tsunami that hit Japan in 2011 reminded manufacturers and businesses in the United States about the consequences of their reliance on long supply chains and just-in-time inventory.
Another new threat that has alerted even the smallest firms to their vulnerability is technology. A major man-made or natural disaster may seem too distant for a small firm to distract management from day-to-day operations. Still, the emergence of cyber threats, ransomware, hacking, and data theft has hit home for every organization out there. Even smaller firms focused on making it day-to-day are taking notice of this threat. But, have you given thought to how you would handle a disaster?
Click to contact us for more information about managing IT risks.