A series of challenging questions confronted attendees at AFP in Nashville, Tennessee, prior to the keynote address by Malcolm Gladwell, who explored significant themes from his new book, “Revenge of the Tipping Point.”
The opening session focused on “Ensuring Operational Resilience: The Imperative of Business Continuity Planning,” which resonated deeply with corporate and bank managers in attendance. They were prompted to examine the risks and operational impacts of recovering from major disruptions. A fundamental question arose: “Do you have a business continuity plan (BCP), and who have you shared it with among employees, partners, and insurance carriers?”
Attendees were encouraged to not only identify potential risks but also to develop a BCP that encompasses current concerns and is designed for regular updates. This document should be shared with all relevant areas of the organization through planning sessions, drills, and meetings to refine its central and supporting elements.
Presenters Janet Weber of Duquesne Light Company and Ben Zviti of Marsh Insurance emphasized that having a recovery plan is essential. They highlighted the importance of identifying key employees who are critical to initiating recovery actions and restoring operations.
Another crucial aspect of a business continuity plan is its objectives—integrating people and systems to ensure that those who need to respond to incidents have access to the necessary systems for effective recovery.
Treasurers play a vital role in managing major systems and fund flows, not only to restore business operations but also to ensure the continuation of financial processes, including payroll and collections, even during disruptions.
Effective communication is vital. It’s important to share the plan not just with senior management and affected departments but also with IT teams and key vendors. Such comprehensive communication is a fundamental part of safeguarding against operational failures.
Regular testing and updates of the plans are critical for protecting against operational and financial losses during unexpected events. Weber recommended creating multiple copies of the BCP in various formats and locations.
“If you don’t test it and continuously update it, don’t even consider it an asset; it’s a liability,” Weber noted, emphasizing that routine maintenance is vital to keeping the plan relevant. Companies should integrate feedback and make necessary updates to ensure the accuracy of the plan.
During the session, an audience member shared her experience of being impacted by a ransomware attack in August. This discussion echoed a major system outage that occurred earlier this year, costing an estimated $5.4 billion. The outage was triggered by a misconfigured software patch that disrupted systems globally, even after its recall.
In sharing her experience with the ransomware attack, the treasury leader described how her team had prepared extensively for such incidents with a well-designed contingency plan, which proved invaluable for their response and recovery despite extensive system disruptions.
Zviti’s presentation underscored the necessity for companies to secure insurance coverage against cyber crimes and outages. He pointed out that various types of cyber and business interruption insurance become essential when incidents occur. However, firms must demonstrate preparedness to qualify for coverage.
“Unlike many other types of insurance policies, where the legal language can be ambiguous, cyber insurance generally pays out,” Zviti humorously explained.
He further stressed that adherence to best practices, as outlined by Weber, is crucial for qualifying for cyber insurance. “You cannot obtain cyber insurance unless you follow those best practices. Underwriters require this information from your security and business continuity teams. If you fail to provide satisfactory answers, you may be denied coverage or receive inadequate terms. So, it’s critical to implement what Janet recommended!”