How to Prepare Your Company for Major Business Disruptions
By Generational Equity
04/06/2018
The best way to build your company’s preparation for any disaster requires an ongoing focus on identifying, planning and reporting risks, say experts from the National Center for the Middle Market. Whether that threat is flooding, fire, market disruptions or a cyber threat, preparing your response ahead of time may make the difference in your company’s worth, profitability and survival.
While it’s tempting to think your company will be able to wing it should a disruption strike, it always pays to be prepared. After all, smaller businesses with fewer investors face a much larger financial risk than a large public company whose exposure is spread across hundreds or thousands of shareholders.
There is No One-Size-Fits-All Approach
As every business is unique, potential risks can be distinct too. That’s why your company leadership shouldn’t use an industry template when conducting enterprise risk management plans. Those templates may be useful as a starting point for discussion, but your company’s risk will vary by region, size, key talent, financial structure and more.
To begin, your company must identify potential risks before developing plans to mitigate the dangers and build financial resilience. The three general types of risk for any business are:
- Strategic – Big picture, long-term changes such as market trends, industry consolidation or shifting regulations and economics. This is the most prevalent, most damaging type of risk and the hardest to recover from.
- Operational – Shorter term events such as natural disasters, strikes or port closures. This type of risk, if properly planned for, generally is the quickest from which to recover.
- Digital – Ever-present risks such as equipment downtime or failure, compatibility issues, hacks or data breaches. This type of risk is often underreported and can cause significant damage.
Using weather as an example, solar flares are a possible but unlikely threat for most businesses. But, if your main warehouse is located in a 100-year flood plain and your region has been experiencing more severe weather patterns, some prior planning could make all the difference in your company’s recovery after a storm.
Your review of potential risks should immediately follow your annual strategic planning for the business, recommend experts with the National Center for the Middle Market (NCMM). This allows your leadership team to more easily identify those risks likely to have a tangible impact on business goals.
Once you’ve identified and analyzed the most likely threats to your company’s financial health, it’s time to create a plan for recovery. This requires that you:
- Know the value of your company
- Know the cost of capital
- Insure the insurable
- Maintain access to liquidity
- Identify and retain key talent
- Diversify suppliers and clients
- Know the available exits
Complacency is the biggest danger to your company’s health, says Manuel M. Perdomo, Head of International Risk at SunTrust Banks, Inc., because resiliency planning isn’t a one-and-done thing.
Take hurricane planning for businesses along the Gulf Coast and southern Atlantic Seaboard, as an example. Most companies have some sort of hurricane plan, but is it tested every year before the storm season begins on June 1?
To properly plan for hurricane season, says Perdomo, a business should review and update its communication plans and phone lists, inspect their facilities to look for potential vulnerabilities, back up data, and arrange for capital liquidity and cash on hand that may be needed for a few days to a month if a storm hits.
How Companies Build Cyber Resiliency
Information technology represents a significant financial vulnerability for most companies, says Joseph Muniz, security architect at Cisco, and is vastly underreported. One of the main reasons behind the underreporting is that it takes businesses an average of 200 days to discover a system breach. On top of this, most companies have trouble tracking and documenting the entire breach once it is discovered.
The top dangers within a company’s digital footprint are generally related to having too many devices or too many different types of devices to manage securely; too much data; and trying to keep all IT tasks in-house rather than outsourcing expertise appropriately.
It’s a difficult time to manage cyber security, explains Muniz, when a Ring Doorbell can provide entry in to your entire system.
Muniz recommends companies build in multiple layers of security; simplify and consolidate systems and devices; automate as much security as possible; and train their employees to recognize phishing attacks and other potential vulnerabilities. He also recommends amplifying the strengths of your in-house IT department by outsourcing specialty IT jobs, such as forensics.
And realize this: More and more business buyers are including disaster planning and recovery in their due diligence checklists when they make acquisitions. They want to ensure that any business they acquire has plans in place to continue operations following any natural disaster or cyber-attack. So, creating and maintaining your business disaster recovery plans is vital.
To learn more, download the full report on risk and resilience from the National Center for the Middle Market.
You can also get tips for business disaster planning on the Generational Equity website.
Interested in learning more about how our dealmakers can help you and your firm build financial resilience prior to a sale or merger? Give us a call at 972-232-1121 or fill out our contact form, and we will be in touch.
By Jessica Johns Pool.
© 2018 Generational Equity, LLC. All Rights Reserved.