No business is immune to disruption. Whether it’s a cyber-attack, hardware failure, power outage, or even a natural disaster, these events can bring operations to a grinding halt. That’s where a Business Continuity Plan (BCP) becomes critical, not just as a nice-to-have, but a core part of your risk management strategy.
What Is a Business Continuity Plan?
A BCP outlines how your business will continue operating during an unplanned disruption. It includes contingencies for IT systems, data, communications, and even your team. Its purpose is to minimise downtime, protect revenue, and preserve your reputation.
Why Is a BCP So Important Right Now?
Cyber threats are on the rise, and small businesses are increasingly in the crosshairs. According to the UK Government’s Cyber Security Breaches Survey 2024, 32% of small businesses identified a cyber breach or attack in the last 12 months. The average cost of a breach for a small business? Around £1,100 and that’s not counting loss of business or reputational harm.
Even large companies aren’t immune. Marks & Spencer recently had to pause online orders due to a cyber incident. The estimated cost of that disruption? A staggering £300 million in lost revenue this year alone.
If M&S can suffer, so can smaller firms and often, with even greater consequences.
Do You Have a Plan? Is It Current? When Was it Last Tested?
Many small businesses created a BCP years ago and haven’t looked at it since. But:
- Has it been updated to reflect hybrid or remote working?
- Does it take into account your current IT setup and software tools?
- Has it ever been tested in a real-world scenario or simulation?
If the answer to any of these is “no,” it’s time for a review.
Cyber Insurance May Require a BCP
Insurers are becoming more selective. A documented, tested BCP is often a requirement for cyber insurance. And that’s no coincidence; insurers know that businesses with strong continuity and recovery plans are less likely to suffer long-term losses.
It’s important to be fully aware of all the areas your policy expects you to cover and to regularly review them, especially as cyber threats evolve rapidly and requirements can change.
How We Can Help
We are Cyber Essentials Advisors and Assessors, which means we understand what businesses need not only to stay secure, but to recover swiftly when something does go wrong.
Here’s how we support our clients:
• Review or creation of BCPs tailored to their business and sector.
• Cyber Essentials certification to strengthen defences.
• Ongoing support and testing to keep the plan relevant and effective.
• Guidance on what to include for insurance purposes.
Final Thoughts
Creating or updating a Business Continuity Plan shouldn’t be triggered only by an insurance form. It should be standard business practice, giving you the confidence that, come what may, your business can weather the storm.
Need help reviewing or building your BCP?
We’re already working with clients to do exactly that. Get in touch for expert advice and practical support.
