How much does business resilience cost?
How Much Does Business Resilience Cost?
If you are reading this you probably know you need to do something to understand the risks your company faces and want an idea of the costs you might expect to make your company more resilient.
If you are just reading out of curiosity you may wish to bear in mind that companies who haven’t invested in their resilience are more likely to fail when some adverse event takes place.
Resilient companies also see improved systems of work because they have looked at and mitigated the risks.
Business Resilience isn’t just a new name for Business Continuity, it is much more than that.
Business Continuity is still important but technology means that a lot of the traditional risks such as loss of premises when your team can work remotely are not as serious as they once were.
Business Resilience is about looking more holistically at the risks faced by your company and working out ways of removing or mitigating them. It covers Business Continuity, Cyber Security, Crisis Management, Disaster Recovery and a whole host of other areas that were traditionally separated, often in silos, which is never good.
Finding a Business Resilience practitioner can be more difficult than finding niche specialists but it’s no more expensive.
When it comes to the cost of hiring a consultant or employing a business resilience specialist you probably won’t be surprised if I said, ‘it depends’ but read on and I will give you some useful information that might help you make some important decisions to improve your businesses resilience.
Building a resilient business is an ongoing set of processes and it depends on where you are now and where you need to be.
Are you just starting out or are you an established company that is expanding and now needs to think a bit more strategically about how you will survive if something untoward happens?
Do you need to have ISO accreditation or do you just want to make sure your processes are robust and resilient?
Do you just want a Crisis Management Plan because social media is outstripping your ability to respond to criticism or high profile incidents?
So, I have put together a list of things you might need to do and I will give you an idea of what they might cost if you employed a consultant to help you.
The caveat is that these are estimates. If you want me or any other consultant to do any work for you make sure you have a discussion and a clear idea on costs and the scope of the project before the work is started.
I won’t do any work unless I have agreed exactly who was doing what for whom. That way we will all avoid misunderstandings.
Some of the things you need to consider when making your business more resilient will include:
- Business Impact Analysis (BIA) –
A BIA looks at your business operations and assesses the potential effect of a disruption.
The BIA can be conducted at operational, tactical or strategic levels.
How much this will cost depends on the size and complexity of the business but for an operational level assessment for a small business with a limited number of products or services you are probably looking at around £3-400. At the other end of the spectrum, it will cost thousands.
- Threat Mitigation Measures –
The BIA will identify risks, some of which may be easily mitigated by redesigning the process but for others, it will be necessary to develop some intervention measures.
This stage is about improving the resilience of your company and may take some time. I wouldn’t like to guess how much that might cost because it is very much a piece of work that needs collaborative working between your team and the consultant.
Consultants would charge somewhere between £400 & £800 a day but your team may well be able to do much of the work with some guidance.
It may take a day or it may take some weeks or months off and on. It really depends on the complexity of the business.
- Developing an Incident Response Structure –
If you have an incident you are going to have to manage it.
I have a wealth of experience in incident response so I am well placed to help you.
If your company is small then I can probably develop a structure for about £300. Again, if your company is more complex it will cost more but shouldn’t be much more than £1000.
Once your structure is decided though you will need to train the team members in their role and develop the plan in the light of the training and exercising experience. This will obviously add to the costs.
- Business Continuity Plan (BCP) –
A BCP can be a complex beast, depending on the complexity of the business and what you are trying to manage.
It could be made up of several sections covering such things as incident response, media response, major hazards, disaster recovery, cybersecurity, continuity of supply etc.
Clearly, with such a huge scope it would be very difficult to give you a cost but the cost of each of those parts may start at around £3-400, again, depending on complexity.
- Plan Validation –
Once you have your plans in place you will need to validate them.
This will involve training staff and exercise the plans.
You will need to do this regularly so that everyone knows what their role is and so that you can be sure that the plan will actually work.
Again, it’s really going to depend on the scope of the training and exercising.
While you may be able to do the training in-house it is advisable to have someone independent doing the exercising.
I have a great deal of experience in all levels of training and exercising ranging from a short table-top walk through to full-blown multi-agency live play exercises. The former will cost you around £500 and the latter will cost much more.
- Crisis Management Plan (CMP) –
A CMP forms a distinct part of the BCP and deals with the mechanics of how you will manage a disruptive event.
It’s about communication, internal and external with the public, shareholders, suppliers, and customers.
It’s about how you will put together teams to respond effectively to protect life, reputation and the ability to continue or recover operations.
A CMP has many parts, depending on the complexity of the company but a basic plan will cost around £1200 for a small company.
Hopefully, this has given you an idea of what costs might be involved to make your business more resilient. You could employ someone as a member of staff, which will cost the business around £80,000 – 90,000 per annum. Alternatively, you could use a consultant, allowing you to manage your costs and without the attendant expense of having an employee. I will write a blog on how to choose a Business Resilience Specialist later so please sign up to regular emails to make sure you don’t miss out.
If you are unsure what you need but know you need something (and why would you have read all the way to the end of this post if you didn’t) please get in touch and I will do what I can to help.