Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2010 IBM Corporation Key Trends Driving Global Business Resilience and Risk Patrick Corcoran, Global Business Development Executive Business Continuity.

Similar presentations


Presentation on theme: "© 2010 IBM Corporation Key Trends Driving Global Business Resilience and Risk Patrick Corcoran, Global Business Development Executive Business Continuity."— Presentation transcript:

1 © 2010 IBM Corporation Key Trends Driving Global Business Resilience and Risk Patrick Corcoran, Global Business Development Executive Business Continuity & Resiliency Services (BCRS)

2 © 2011 IBM Corporation2 Agenda  What is Resiliency?  Resiliency: The CIO perspective  Moving forward: Building a comprehensive business resilience strategy  Regional Event Learnings

3 © 2011 IBM Corporation3 Business resilience refers to the ability of enterprises to adapt to a continuously changing business environment. Business resilience helps organizations maintain continuous operations and protect their market share in the face of disruptions such as natural or man-made disasters. It requires the engagement of everyone in the organization and often means a change in corporate culture to instill awareness of risk. Business resilience planning is distinguished from enterprise risk management (ERM) in that it is more likely to build capacity to seize opportunities created by unexpected events.

4 © 2011 IBM Corporation Impact of coping with the financial turmoil  Loss of critical personnel  Loss of key knowledge  Reduction in attention to significance of risk  Reduction in testing recovery plans 4 As budgets shrink and service level requirements increase, our business becomes even more vulnerable to data loss. Disaster recovery and business continuity is one of the top IT spending priorities for many businesses. Heightened impact of business disruption  Greater financial implications of downtime  Brand vulnerabilities  Data integrity requirements Changing environment  Expanding risk exposures  Increased global and regional interdependencies  Supply chain disruption More complex regulations  Changing industry and regulatory standards  Geographic dispersal requirements  Varying regulations per country Impact of coping with the financial turmoil  Loss of critical personnel  Loss of key knowledge  Reduction in attention to significance of risk  Reduction in testing recovery plans

5 © 2011 IBM Corporation 5 The continuous flow of information is inseparable from the operational performance of the business.  Information technology is often at the epicenter of how a firm interacts with its clients  Information technology is always a lever to produce highly efficient supply chains, operations and workflows  In combination, these two dynamics generate an explosive growth of managed data The Facts  Business resilience and information risk management are commonly on the agenda of the board of directors  Firms must assess: Are we compliant? Are we reliable? Can we be trusted?  Firms must decide how resilient they wish to be – contextualized in the availability, security and recoverability of their business operations  Firms must evaluate the extent to which competitive advantage or disadvantage is influenced by their chosen resilience standing The Implications

6 © 2011 IBM Corporation6 We see both risks and opportunities affecting firms business resilience needs Frequency of occurrences per year 1, /10 1/100 1/1,000 1/10,000 1/100,000 US$1,000US$10,000 US$100,000 US$1,000,000 US$10,000,000 US$100,000,000 Frequent Infrequent Consequences (single occurrence loss) in dollars per occurrence Low High Viruses Worms Disk failures System availability failures Pandemics Natural disasters Application outages Data corruption Network problems Building fires Terrorism/civil unrest Data driven Event driven Business driven Regulatory compliance Workplace inaccessibility Failure to meet industry standards Regional power failures Governance Source: IBM Data growth Long term preservation Mergers and acquisitions New products Marketing campaigns Audits

7 © 2011 IBM Corporation A/C Failure Acid Leak Asbestos Bomb Threat Bomb Blast Brown Out Burst Pipe Cable Cut Chemical Spill CO Fire Coffee Machine Condensation Construction Coolant Leak Cooling Tower Leak Corrupted Data Diesel Generator Earthquake Electrical Short Epidemic Evacuation Explosion Fire Flood Fraud Frozen Pipes Hacker Hail Storm Halon Discharge Human Error Humidity Hurricane HVAC Failure H/W Error Ice Storm Insects Lightning Logic Bomb Lost Data Low Voltage Microwave Fade Network Failure Pandemic PCB Contamination Plane Crash Power Grid Outage Power Outage Power Spike Power Surge Programmer Error Raw Sewage Relocation Delay Rodents Roof Cave In Sabotage Shotgun Blast Shredded Data Sick building Smoke Damage Smoke from Restaurant Snow Strom Sprinkler Discharge Static Electricity Strike Action Swimming Pool Leak S/W Error S/W Ransom Terrorism Theft Toilet Overflow Tornado Train Derailment Transformer Fire UPS Failure Vandalism Vehicle Crash Virus Water (Various) Wind Storm Volcano / Volcano Ash Source: Contingency Planning Research, Inc. and IBM But there are many other events that have caused business disruptions/outages that don’t make headlines, but can be just as costly.

8 © 2011 IBM Corporation  What is Resiliency?  Resiliency: The CIO perspective  Moving forward: Building a comprehensive business resilience strategy  Regional Events Learnings 8 Agenda

9 © 2011 IBM Corporation9 71 % of CIOs are concerned about risk management and compliance Impact of coping with the financial turmoil  Loss of critical personnel  Loss of key knowledge  Reduction in attention to significance of risk  Reduction in testing recovery plans Technology users expect 100% availability of their applications and their information It takes 18 months for data generated to double in size Who cares about resiliency? Source: Enterprise Strategy Group, April % of organizations would experience significant revenue loss or other adverse business impact after 1 hour of downtime

10 © 2011 IBM Corporation 10 IT plays a critical role in developing resilience strategy IT plays a major part in building resilience Senior IT execs expected to play strong role in developing strategy Business resilience is joint responsibility of all C-level executives CIO collaborates with top IT strategists more frequently Risk contingency planning assigned to separate specialists IT function engaged in most decisions involving business risk CIO has overall responsibility for business resiliency strategy Business continuity seen as primarily IT issue Business resilience not seen as role of senior executives “IT is a big part of our risk management because nothing can be done without it these days.” Kris Wiluan, CEO, KS Energy Services Limited Source:2011 Q7. Do you agree or disagree with the following statements regarding the roles of different players in your organization's risk management strategy? (Agree only.)

11 © 2011 IBM Corporation11 To date, companies have focused heavily on creating their resilience and risk plans — and putting supporting technologies and processes in place. Create a business continuity plan Invest in new risk-related IT solutions Establish company-wide risk management team Discuss issues with supply-chain partners Assign overall responsibility to a single executive Develop communications or training program Respond to recent natural disasters by rethinking strategies Develop integrated business resilience strategy Engage external advisors “What we’re trying to do here is preserve our culture and make money at the same time, and managing risk is what that’s all about.” Lee Garvin, Director, Risk Management, JetBlue

12 © 2011 IBM Corporation12 Risk concerns for IT leaders span a range of issues 12 In 2010 and 2011, IBM surveyed 560 IT managers and CIOs about how IT continuity was evolving. In the past 12 months, what kinds of risk issues has your company dealt with? Source:2010 IBM Global IT Risk Study: The evolving role of IT managers and CIOs Matches survey results from Forrester Research. IT security 78% 63% Power failure 50% Physical security 40% Theft 28% Product quality issues 25% 22% Natural disaster 17% E-discovery requests 13% Supply chain breakdown 11% Terrorism activity 6% Hardware and system malfunction Federal compliance issues

13 © 2011 IBM Corporation 13 More companies are embracing the need for a well-crafted business resilience plan - and a risk management function. Well-crafted and communicated plan DisagreeNeitherAgree No formal plan, but plan to develop one DisagreeNeitherAgree No formal risk management function DisagreeNeitherAgree Study comparison: Only 30% of respondents in this year’s study indicated they had no formal risk management function, compared to 42% in the 2010 study Source:Q1. Do you agree or disagree with the following statements regarding your organization’s IT risk management? Study comparison: 2010 IBM Global IT Risk Study “ What we’re trying to do here is preserve our culture and make money at the same time, and managing risk is what that’s all about.” Lee Garvin, Director, Risk Management, JetBlue

14 © 2011 IBM Corporation 14 Compared to their competitors, respondents viewed themselves as better able to handle predictable resilience and risk events. SameWeakerStronger Don’t know Maintain business operations in physical disaster Prevent unauthorized access to proprietary data Maintain operations during a pandemic Adapt rapidly to crisis Align contingency plans with changing risks Reliably retrieve archived data to meet legal requirements Seize unexpected opportunities Minimize losses from unexpected events Because of its impact on the business as a whole, a crucial area for improvement is the ability to seize unexpected opportunities An effective business resilience plan will provide a robust foundation on which to build a long-lived competitive position supported by end-to-end risk management. Source: Q4. In your opinion, how does your organization compare with its closest competitors in the following areas?

15 © 2011 IBM Corporation15 Study results revealed an opportunity for companies to further hone their competitive edge by integrating business continuity and risk management. Stronger Same Weaker Don’t know IT infrastructure supports business growth Sees value of business continuity as part of risk mgmt Profitability Market share Revenue growth Even though organizations have strategies for business resilience and risk management, they may not be integrating and leveraging those strategies for business advantage “Companies with a robust ERM program have lower losses, fewer embarrassing events and a better reputation.” Yousef Valine, Chief Risk Officer, First Horizon National Corporation Source: Q9. How does your organization compare to its closest competitors in the following areas?

16 © 2011 IBM Corporation  What is Resiliency?  Resiliency: The CIO perspective  Moving forward: Building a comprehensive business resilience strategy  Regional Events Learnings 16 Agenda

17 © 2011 IBM Corporation17 Organizations expect their business resilience and risk management spending will continue to increase on a par with previous increases. Next 3 years Up to now Increase significantly 14% Increase 47% 51% Stay the same 33% 31% Decrease 4% Decrease significantly 1% 65% of organizations expect their business resilience and risk management spending to increase in the next three years “My selling pitch to them (CEO and the board) is that a robust risk management capability is a competitive advantage.” Yousef Valine, Chief Risk Officer, First Horizon National Corporation Source: Q3. How has your organization changed its degree of spending on initiatives to improve business resilience?

18 © 2011 IBM Corporation18 A projected increase in the role played by non-IT functions may be related to the increase in emphasis on strategy integration and training. Next 3 years Up to now CIO IT professionals Other C-level execs Legal Board members Employees Partners Source:Q6a. Over the next three years, what is the expected level of involvement for the following people in your organization's risk management or business resilience strategy? (Very involved or involved.) Study comparison: 2010 IBM Global IT Risk Study “Detecting risk has to happen at the point where the behavior is occurring.” Dr. Barbara Reynolds, Senior Advisor, Risk Communication, Centers for Disease Control and Prevention (CDC)

19 © 2011 IBM Corporation19 Identifying the roadblocks: Silos and budgets can impede the adoption of a holistic approach to business resilience Silos within the organization — 28% Budget limitations — 20% Inability to predict ROI from improvements — 17% Lack of C-level vision and commitment — 14% Lack of understanding about best practices — 9% Lack of understanding about emerging technologies — 8% Lack of buy-in from employees — 4% Study comparison: 2010 top challenges Implementing necessary procedures Securing budget Obtaining full risk picture from depts Source: Q10. What is the biggest single barrier to implementing a holistic approach to business resilience planning?

20 © 2011 IBM Corporation20 Leverage the findings of the IBM Global Business Resilience and Risk Study in your organization Recommendations  An integrated approach to business resilience and risk management offers a significant business opportunity for organizations of all sizes  Appointing a single individual with overall business resilience and risk management responsibility is essential to integration success  Input should be sought from throughout the enterprise — including employees and partners  Focus should be on the business impact and business opportunity. Recovery is a subset of the resiliency plan  Cloud technologies have matured significantly and now have the potential to deliver significant business resilience benefits  The newly integrated business resilience and risk management strategy can be levered to seize unexpected opportunities and deliver measurable business value “An effective business resilience plan will provide a robust foundation on which to build a long-lived competitive position supported by end-to-end risk management.” 2011 IBM Global Business Resilience and Risk Study report

21 © 2011 IBM Corporation21 A resilient framework helps identify areas of risks and vulnerabilities, and allows a company or organization to develop a enterprise resiliency roadmap. Risk mitigation strategies Business drivenData drivenEvent driven Strategy Organization Processes Applications and Data Technology Facilities Business resilience

22 © 2011 IBM Corporation 22 The evolution of business resilience leads to new models and integration of emerging technologies Centralized Computing  IT: reactive Business: none  Recovery Time: days/weeks Distributed Computing  IT: reactive Business: reactive  Recovery Time: minutes/hours Cloud Computing  IT: proactive  Business: proactive  Recovery Time: seconds/always up Disaster Recovery  Mainframe model Business Continuity  Hybrid model Business Resiliency  Virtualized model  It’s a question of when new technology will come into the organization, not if

23 © 2011 IBM Corporation  What is Resiliency?  Resiliency: The CIO perspective  Moving forward: Building a comprehensive business resilience strategy  Regional Events Learnings 23 Agenda

24 © 2011 IBM Corporation24 Headline events often mobilize our clients to pause and reflect on their current IT resilience standing...

25 © 2011 IBM Corporation25 Lessons Learned from Regional Events  Events create other events … domino effect –Japan: earthquake => tsunami => nuclear plant damage => power problems => supply chain problems …… –Hurricanes => Flooding => Mud/Landslides => Power Outages …… To learn more about lessons learned from regional disasters, listen to the following webinar:  Human issues –Will people be available? How about their families? Financial assistance?  Communications issues –Communicating with, supporting and mobilizing employees, customers and suppliers, the press and the public at large  Community issues –Fulfilling responsibilities to host communities  Infrastructure issues –Anticipating how roads, travel and power supplies might be affected –Vulnerability of sites  Business issues –Keeping business processes running –Managing insurance claims  Disaster plan currency –Keeping plans up to date and well tested –Availability of data and hardware

26 © 2011 IBM Corporation26 IBM delivers unsurpassed geographic scope, combined with expertise of local, regional, and global needs/regulations. 26  Over 160 data centers globally  100 percent recovery for IBM clients who have declared a disaster (over 800)  More than 1,875 professionals dedicated to business continuity and resiliency  More than 9,000 disaster recovery clients  More than 10,000 client rehearsals per year  More than 50 years experience helping clients with their backup and disaster recovery needs  Over 800 client declarations supported since 1989  Scalable, end-to-end, cloud-based data backup and recovery solutions  Five million square feet of floor space for disaster recovery, with 40,000 seats

27 © 2011 IBM Corporation27  Protecting your enterprise  Mitigating business and support issues  Increasing your competitive advantage  Protecting brand reputation  Enabling seamless, continuous business transactions  Exploiting market opportunities Business continuity and resiliency is about…

28 © 2011 IBM Corporation Questions? Jay Shah


Download ppt "© 2010 IBM Corporation Key Trends Driving Global Business Resilience and Risk Patrick Corcoran, Global Business Development Executive Business Continuity."

Similar presentations


Ads by Google