Forward thinking strategies for managing risk and ensuring business continuity.
Risk management is a constant balancing act, with firms needing to protect against evolving threats while maintaining operational efficiency. We brought together Global Transformation and Senior Risk Leads to discuss how these threats are influencing our business continuity plans, security protocols, work from home strategies, and most importantly, our people.
Here’s how leading firms are evolving their approach to business continuity and risk management:
Business Continuity Planning Must Be Integrated, Not Siloed
For too long, BCP has been viewed as an IT responsibility rather than an organisation-wide priority. We heard that this is changing. Firms are shifting from static BCP documents to dynamic, accessible plans that are regularly tested through real-world scenarios such as desktop exercises. These exercises don’t just expose vulnerabilities; they provide invaluable insights for stakeholders, helping to highlight risk and impact in a tangible way.
Communication and Crisis Management Are Critical
During a crisis, effective communication can mean the difference between swift resolution and prolonged chaos. Clients are increasingly dictating communication preferences, with platforms like WhatsApp becoming vital for real-time updates. The challenge? Balancing flexibility with security. Organisations must ensure that crisis communication plans are structured, reliable, and backed up with alternative channels in case primary systems fail. Reducing reliance on single points of failure—whether a key individual or a single communication method—is essential for resilience.
Andrew Try, CEO of ComXo urges:
“We often hear organisations confirm that they have substantial investment in I.T. and are confident in their preventative measures. However, I urge all leaders to consider what will happen when they do have that crisis. Remember that at the core of all business continuity plans are your people, and your ability to communicate effectively with them.”
Human Factors Are the Biggest Security Weakness
Technology alone won’t protect a business from cyber threats—people remain the weakest link. Security awareness training is now standard, but true resilience comes from ongoing vigilance. Employees, particularly under pressure, may overlook security red flags, making them prime targets for cyber threats. Regular physical security audits (such as checking for written-down passwords) and reinforcing remote working security measures are key steps in mitigating risk. Confidentiality policies must extend beyond the office to ensure data protection, wherever employees are working.
Legal and Professional Firms are High-Value Targets for Cyber Attacks
Law firms and professional services providers are prime targets for cybercriminals, often seen as more vulnerable than financial institutions. Ransomware is a significant concern, sparking debate on whether paying a ransom is ever the right choice. While government intervention may soon outlaw ransom payments, organisations currently weigh the cost of payment against potential reputational and financial damage. The key takeaway? Prevention is always more cost-effective than reaction.
Board-Level Buy-In for BCP and Cybersecurity Remains Challenging
All too often, business continuity and cybersecurity strategies only become a priority after an incident—or when regulatory compliance demands it. Getting board-level buy-in is a challenge, but fear-based arguments don’t always resonate. Instead, demonstrating the financial and reputational risks can be a more compelling approach. Recent figures from the Financial Times estimate that a cyber attack costs a FTSE 250 company around £4 million, highlighting the tangible impact of security failures.
Balancing Risk Management with Productivity
While risk management is critical, it must not come at the cost of business efficiency. Excessive restrictions can stifle productivity, making it crucial to strike the right balance. The most resilient organisations don’t just implement stringent security measures; they also foster a culture of adaptability and preparedness. Developing employee resilience—especially crisis leadership skills—ensures that teams can respond swiftly and effectively when incidents arise
Our guest host Steve Clarke, Co-Founder of Freeman Clarke speaks of the balance:
“People want to communicate when, how, and with whatever tool or platform they want. CIOs should not be seen as policing this; they should be the enablers.”
In the face of ever-evolving threats, true resilience comes from embedding risk management into the very fabric of the business—ensuring agility, security, and continuity at every level.
About ComXo
ComXo is a leading provider of outsourced communication and business services, helping companies navigate the complexities of the modern workplace with innovative solutions and industry-leading expertise.
If you’re interested to hear how we support some of the largest global organisations with strategic and in-built business continuity and resilience, get in touch.
