This content is part of the Essential Guide: Essential guide to business continuity and disaster recovery plans
Manage Learn to apply best practices and optimize your operations.

How can cybersecurity events impact business continuity and DR?

An organization's cybersecurity work is often separate from its business continuity and disaster recovery. But BC/DR events and cybersecurity incidents can have a similar effect.

Recent industry surveys show that activities focused on cybersecurity events, cyber threats and cyber incident response are among the most important and fastest growing in many organizations. Their occurrence and severity can quickly bring them to the attention of the highest levels of company management. Considering the damage an organization can sustain in the aftermath of a security breach, this trend ought to be good news for business continuity and disaster recovery professionals.

Despite the optimism, it's not uncommon for cybersecurity activities to be separate from business continuity (BC) and disaster recovery (DR). Both fields may report to the same organization, such as IT, but are likely to be separate and distinct. How did this happen? Most likely, it's because cybersecurity has its own set of technology-focused activities -- protecting network perimeters, preventing theft of information and neutralizing viruses and other malware, to name a few. BC and DR, by contrast, focus more on the organization as a whole, and the people, processes, facilities and technologies that support it.

BC, DR and cybersecurity need to better complement each other. Any security breach that affects information systems is both a business continuity and disaster recovery threat. A security breach that compromises data and vital company information is also a business continuity event. Among the biggest concerns following cybersecurity events is damage to the organization's reputation. This is also a business continuity concern. The linkages among the disciplines are essential, and should be encouraged.

Cybersecurity events -- if properly mitigated -- may not be damaging enough to become business continuity events. However, both fields need to share their data and experiences so that a better all-around strategy for corporate cybersecurity and continuity can be developed. The end game for all these activities -- BC, DR and cybersecurity -- is to keep the business functioning.

If we assume that cybersecurity events are more likely to occur than business continuity events, it makes sense for the various groups to work together. This way, each group can collaborate to ensure that a cybersecurity event doesn't have a subsequent impact on business processes.

By contrast, if we look at the many different types of BC/DR eventssuch as power outages, severe weather, employee illness and civil disturbances -- and accept that these may be just as frequent as cybersecurity events -- it still makes sense for the groups to work together.

Will an increase in cybersecurity events have a commensurate impact on the need for business continuity and disaster recovery? If we accept that cybersecurity incidents can also be BC/DR events, we can further justify having all three disciplines within an organization.

Next Steps

A cybersecurity framework can improve DR planning

Video: Experts discuss cybersecurity strategies

How to respond to a cybersecurity incident

Dig Deeper on Disaster recovery facilities - operations

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

What is the biggest cybersecurity threat to business continuity?
I agree on this, there is a lot in common that have to be aligned between both. As you said cybersecurity events many times can activate a continuity plan/DR event.

If you get a ransomware attacks that are quite popular nowdays you need ways to detect it as soon as possible and activate your business continuity plan to reverse to a good point where your data is available.

Many times customer don't realize they are victim of ciberattack or data modifications until days later.

Having a mechanism to align both when attack was done and to which backup point-in-time i have to recover is key for rapid recovery.

Malware, ransomware are the biggest. I also think user error would be one too.
At one company I worked for, we created a sandbox environment that mimicked our production.  We then released a "virus" in the sandbox and gauged how well our BC/DR plan was executed, and if we could recover with the backups taken from the systems in the sandbox. 

The first few years were very scary, and cannot stress the importance of companies running similar testing in their own environment.  WARNING:  The first run may leave you with restless nights going through all of the "what-if" scenarios that could have left you without a job, or your company out of business.