Can planning for a disaster be the key to BCM success?
Jessie Livermore was an American investor and securities analyst who flourished in the first half of the twentieth century. Livermore famously shorted the market crashes of 1907 and 1929, the latter making him a $100 million fortune alone. He was however as famous for going bust as he was for being phenomenally successful.
After reading about Livermore’s approach to risk management it was the things that were not obvious that got me thinking about the value of Business Continuity Management in his business life, and its absolute relevance to organisations today. Livermore accepted that everyone was susceptible to disaster and it was part of conducting business, whether that was natural disaster, human fallibility or corporate intervention. Therefore Livermore would have plans so he could recover his business activities, which gave him the confidence to trade in an aggressive industry and concentrate on success, rather than the fear of failure.
Learning from failure
I think it is fair to assume Livermore took significant risk because he knew he could continue his business in the face of disaster. I also suspect he did not think of it in terms of continuity. However he did his homework and when he failed he knew he could only blame himself. He absorbed significant failure, took time to understand the causes and learnt the hard lessons from each episode, improving his operation, and his means of future recovery.
Livermore finally went bankrupt for the last time in 1934, before he eventually took his own life in 1940. Livermore had suffered being bi-polar all his life, which seems to be the accepted key contributor. However he was not broke; he had wisely invested significantly in annuities during his boom time as another contingency against his swings in fortunes, having a net worth in the millions of dollars at the time of death.
Balance operating risk with commitment to recovery
Today’s Business Continuity Management frameworks are regarded as time consuming, costly and essentially a disaster recovery exercise, an IT function. Because organisations are so reliant on IT, they spend significant budget duplicating IT systems across two or more geographical locations to ensure immediate availability of those IT systems. Provide users with laptops and support the trappings of mobile working.
So how much time, effort, & money should be spent on preparing and addressing business continuance, when instincts are saying, do absolutely every thing in your power to stop disaster in the first place? Surely it is enough to have a disaster recovery site, mobile ready workforce etc.? These are, of course, clear attributes and requirements of a maturing organisation, and yet the mechanisms for continuing business functions are rarely fully considered over IT response.
Technology risk is not recent issue
Jessie Livermore relied on a ticker tape for his investing, and he found that the technology was fallible. When there were delay’s and inaccuracies between the stock market to the ticker, and from him to the trader in the executing his trade, Livermore often blamed these issues directly on the technology’s fallibility; therefore he knew that managing his investing risk always had the potential for disaster with factors he could not control.
Most organisations will struggle to settle on a figure that they spend on business continuity. There are a multitude of considerations ranging from managing customer relations & ensuring staff wellness, to managing regulatory commitments and the media. What is paramount is how will the board of an organisation lead and demonstrate that they are in control of the unfolding disaster? Think of the TalkTalk Cyber attack in October 2015. TalkTalk CEO Dido Harding assumed the task of stabilising the ship in the full glare of the media.
Since October 2015, TalkTalk’s share value has slid in value significantly, they have been hit with a £400,000 fine by the Information Commissioner’s Office, and the reputational damage continues to reverberate. Also, Dido Harding recently stepped down. Ultimately Ms Harding shouldered the responsibility of the outcome, but it begs the question, where was TalkTalk’s Impact Management Plan? The plan that was built and tested with the board, and ultimately signed off by the board?
Defence is not enough
With the breakdown in effectiveness and spiralling costs of IT security systems it is now proven more than ever, that Business Continuity Management is key to securing the organisation’s prosperity. Lloyd’s of London is planning for Managing Agents to demonstrate a Business Continuity management capability by 2018. This is an indication of a new focus and realisation that creating a data Fort Knox approach is not enough on its own to assure business continuance during, and immediately after a disaster. Cyber attack is just one of the many activators for that disaster, in some regions flooding is by far a more prescient consideration.
Understanding the power of a recovery strategy
So if Jessie Livermore understood risk, went through a lifetime of measuring and analysing risk, suffered financial ruin many times and recovered many times, what can be learnt from his business decision-making? Livermore was an exceptional man for many reasons, but I think he knew that in a business world full of risk, he took calculated risks because ultimately he knew how to recover.
He understood that having a recovery plan would get him up and running, maintain his credibility (he learned the hard way to manage the media attention), and most importantly he learnt from each failure. He treated failure as an exercise in a longer-term development of his risk management and growth strategy. This is why managing Business Continuity, testing the response to disaster, and subsequently improving Business Continuity Management arrangements are paramount business responsibilities, and opportunities.WayneJolly