George Hall, of Jermyn Consulting, considers the implications of a breakdown in business continuity post-Brexit
Business thrives on certainty.
If it didn’t, we wouldn’t need insurance products and business plans would be ditched in favour of “by the seat of our pants” strategies.
So, with that in mind, what is the relevance and importance of business continuity post-Brexit?
Brexit has and will introduce uncertainty into the business environment. It started before the referendum and it has not improved.
Keeping your business continuity plans up to date and relevant is good business practice in the best of times and these are not the best of times so it becomes even more important.
The difference at the moment comes from something called “aggregation of un-correlated risks” and this is where you have one form of risk which is made worse by another un-related risk.
Take the “fictitious” business All Widgets Limited that supplies parts to a multi-national vehicle manufacturer, No-Sun Inc. All Widgets sources most of what it needs from Germany (€) or China (US$).
No-Sun’s procurement department has had Widgets on watch for a while because of their exposure to currency movements (particularly the US$). Nothing to worry about, but No-Sun needs those parts at the time they need them and the agreed price.
All Widgets runs a tight ship with good internal systems supported by top-notch ERP systems and VOIP telephony.
However, on the day that sterling drops to a 30-year-low, No-Sun’s procurement manager puts in a call to request a non-routine shipment and gets a dead telephone line. She checks the number and redials – nothing. She sends an email, but it immediately bounces back “unable to deliver to the recipient”.
Starting to worry, she tries to log on to the web portal of Widgets’ ERP system but can’t. The website just results in a spinning wheel until a time-out message appears.
Pressing the panic button, No-Sun’s procurement team call another company who respond immediately and can fulfil the order.
It transpires that Widget had suffered a ransomware attack; its systems had to be taken down. The technical team haven’t prepared for this one and have to try to restore from a previous backup but this takes longer than they thought.
Within a few hours everything is as normal but management treat the problem as a technical issue and don’t try to contact key third parties. A week later when the contract termination notice comes through from No-Sun the explanations are pointless because the trust has gone.
Any other time it probably would have been a “technical issue” but add in the currency uncertainty and No-Sun believe they have no choice but to move fast.