Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Avoiding and rebounding from enterprise risks

Enterprise risks cost more than downtime. Learn how to identify, respond to and recover from disruptive incidents in this expert podcast.

In this podcast Q&A with SearchCIO.com Executive Editor Christina Torode, disaster recovery and business continuity expert Paul Kirvan explains why data analysis is key to an enterprise's ability to avoid business disruptions and delves into the key attributes of a resilient enterprise.

Paul Kirvan, FBCI, CBCP, CISSP

Paul Kirvan, 

SearchCIO.com: What enterprise risks does a company take by not building a resilient IT and business infrastructure?

Paul Kirvan: If the organization doesn't have the capability to recover and return to business operations following a disruptive event, it could fail, or it could be significantly impaired. Downstream implications of such a failure could impact many other organizations that are part of the firm's supply chain and stakeholders. If the organization is unable to identify, respond to and recover from disruptive incidents, its reputation could be irreparably damaged. Its stock price could fail, it would have difficulty recruiting staff and its overall competitive position could be destroyed. Organizations that are not resilient are rolling the dice, hoping they will not be adversely affected by an event outside of their control.

More on disaster recovery strategies

Gains and losses for disaster recovery management

E-zine download: Business continuity and disaster recovery strategies

Cloud solutions can make disaster recovery, business continuity easier

How is resilience different from enterprise risk management?

Kirvan: Think of resilience as one way to manage risks. Risk management identifies risks to an organization, quantifies their impact at all levels of the business and then identifies strategies and techniques to address the identified risks. Resilience is a way to facilitate that last characteristic of risk management. Achieving resilience requires a focused commitment, plus financial support from the firm's senior management team and quite likely the board of directors.

Being able to ferret through all the data to obtain usable business information is a key capability of resilient enterprises.

Paul Kirvan, FBCI, CBCP, CISSP

Besides an ability to respond to an enterprise risk incident, recover from it and resume business operations, what else is needed to achieve enterprise resilience?

Kirvan: There's a need to be able to gather, sort and analyze and act on a wide variety of information that is constantly being disseminated through the media, including traditional online and print media and now also social media. Embedded within all the data being generated is information that a business can use to make business decisions and also to be aware of possible threat situations. Being able to ferret through all the data to obtain usable business information is a key capability of resilient enterprises.

Another key attribute is the ability to sense the emergence of situations, even in their very early and formative stages, that could threaten the business. Analysis of data is one way to achieve this, but even more important is a business culture in which employees at all levels of the organization are regularly attuned to dynamics of domestic and global business market activity.

Click here to hear more about the downside of not achieving enterprise resiliency.

Paul Kirvan, FBCI, CBCP and CISSP, has more than 20 years' experience in business continuity management as a consultant, author and educator. He is also secretary of the Business Continuity Institute USA Chapter.

Let us know what you think about the story; email Christina Torode, Executive Editor.

Dig Deeper on Enterprise disaster recovery and business continuity planning

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.