IT managers are often tasked with identifying and managing a company’s disaster risks - but rarely given the tools and support they need to assess and mitigate those risks on an ongoing basis. This is a problem. Business continuity and disaster recovery are strategies, tactics, and operating plans no business can afford to ignore.
Here’s a guide for any IT manager looking to communicate their company’s risk exposure to the C-suite. In it, we’ll outline strategies that will help you get the buy-in necessary to ensure business continuity in the event of a disaster.
Don’t rely on FUD
The classic selling technique for risk management essentials relies on evoking the buyer’s fear, uncertainty, and doubt – aka FUD. Unfortunately, this tactic is rarely successful when trying to convince business executives of the importance of a business continuity plan. After all, nobody wants to feel like they’re being forced into spending money.
Instead, IT professionals should focus on showing how a strong business continuity and disaster recovery posture will benefit the business and help it stand out from competitors. For inspiration, look to Apple’s current TV ad campaign, in which it emphasizes how the privacy its phones provide help users protect the things they care about most.
The ideal outcome of a disaster recovery conversation with executives is not to have them terrified about what will happen if they don’t enact your DR plan but rather excited about how a robust BC/DR plan will make the whole business stronger.
Be ready - with multiple options
When you’re elbow-deep in code and infrastructure every day, it’s easy to have a worst-case scenario approach to disaster planning. The reality, though, is that the most effective business continuity plans recognize the many shades of gray in a business’s risk profile.
So while you might sleep better at night if every app in the business had the Cadillac of DR, there’s a good chance your C-suite won’t be willing to pay for what best-in-class solutions cost.
To maximize the odds that your company’s leaders take necessary action, present multiple DR functionality options - from the ironclad $5 million plan to the starter pack that’s $50 a month. Then make a recommendation based on the level of risk the business is willing to take on.
This brings me to the next key point.
Don’t rely on FUD for input from all business leaders
While it’s true that IT professionals are often tasked with developing BC and DR solutions, it’s also true that they’re not equipped to do this alone. For example, what happens if a flood prevents every call center employee in one location from getting into work for a few days? Where should they go instead, what equipment will they use, and how will the message about where to go be communicated to them?
That’s a disaster scenario, but it’s not one that can be solved with technology alone.
Or consider what might happen if trade tariffs meant that your company’s international supply chain became prohibitively expensive. Ideally, your leadership would have relationships with alternative suppliers in other countries that they could tap into to maintain profit margins. Again, though that’s not something IT should be in charge of figuring out.
So one of the most important messages you can communicate as you talk DR and BC to the C-suite is that leaders from every area of the business need to be involved in planning. There’s just no way a leader from one department can be expected to know what’s important to every member of an organization - and therefore what needs to be accounted for in a disaster.
What’s more, technology is only one part of a BC/DR solution. An effective solution also requires plans for process, people, communication, resources, and so on. Those components need to come from the people who understand them best.
There’s a good chance, for example, that employees in your organization are using apps you don’t know about and that someone, somewhere, is tracking critical business data in a spreadsheet they’ve never backed up.
So while you may be the person who starts the business continuity and disaster recovery conversation, be sure to invite insight from other company leaders to develop a plan that actually matches your business needs.
Communicate the importance of revising the plan regularly
This is crucial for two reasons.
First, businesses change. As you grow, offer new services, hire new employees, and open new offices, your risk exposures, and risk tolerance will change. Because of that, you’ll need to update your BC/DR plan to align with the current reality of your business.
The second reason to treat BC and DR as living, evolving parts of your business is that your options for managing risk change frequently. In just the last few years, managed services and public cloud providers have opened up a whole new area of DR as a service. As new products and services come to market, your company may be able to lower your DR costs, reduce your risk, shift risk to outside vendors, and otherwise better meet your business continuity goals.
Highlighting to your executives the potential for new technology to lower costs and increase business continuity is a powerful way to convince them that a DR strategy should be part of the way your business operates, rather than a to-do item on a checklist.
Help the C-Suite see the bigger BC/DR picture
The strongest businesses are those that understand their weaknesses and have a plan in place for when things go wrong. Because we often think of disaster recovery in terms of data recovery, IT leaders are often at the helm of creating BC/DR plans. However, the most effective plans require input from leaders from every part of a business.
As you set about communicating disaster risks to your C-suite, focus on helping them see the bigger picture: that robust disaster preparedness can be a business differentiator, that company-wide collaboration is necessary to develop a robust plan, and that the field of DR is constantly evolving, meaning a company’s plan should evolve, too.