It’s always good to show how business continuity can be a net profit generator or produce other positive and measurable advantages.
While BC is crucially important anyway, it makes it easier to “sell” to sceptics if you can show that it puts more into the business than it takes out.
Yet our attention was caught by some recent figures on the impact of business continuity management on data breaches, and at the same time the effect as organisations move from traditional to next generation IT security.
Which one does more to help organisations get back to normal afterwards?
Let’s take business continuity management first. The information comes from the 2016 Ponemon Cost of Data Breach Study.
The study indicates that “BCM involvement results in a substantially lower mean time to identify and mean time to contain the data breach incident”.
BCM contributes a 52-day reduction in the mean-time to identify a data breach (down to 175 days), and a 36-day reduction in the mean-time to contain a data breach (down to 52 days).
Now consider claims made for next generation IT security solutions like managed detection and response (MDR) services.
Thanks to a combination of human and artificial intelligence, the mean-time to validate a security alert can be reduced from hours to minutes. The mean-time to contain a data breach can in turn be reduced from days to hours.
Where BCM produces a fractional decrease, MDR diminishes times by an order of magnitude or more.
From an IT security point of view, MDR does more. But is this so surprising? MDR is a specialist solution applying only to IT security. BCM is a generalist discipline covering all an organisation’s activities and assets.
So, if the sceptics argue that a point solution in a specific domain produces bigger advantages than the application of BCM, remember that a) the point solution may be necessary as well (you don’t have to knock it), but that b) BCM produces cumulative advantages over many different domains.