The best way to build your company’s preparation for any disaster requires an ongoing focus on identifying, planning and reporting risks, say experts from the National Center for the Middle Market. Whether that threat is flooding, fire, market disruptions or a cyber threat, preparing your response ahead of time may make the difference in your company’s worth, profitability and survival.
While it’s tempting to think your company will be able to wing it should a disruption strike, it always pays to be prepared. After all, smaller businesses with fewer investors face a much larger financial risk than a large public company whose exposure is spread across hundreds or thousands of shareholders.
There is No One-Size-Fits-All Approach
As every business is unique, potential risks can be distinct too. That’s why your company leadership shouldn’t use an industry template when conducting enterprise risk management plans. Those templates may be useful as a starting point for discussion, but your company’s risk will vary by region, size, key talent, financial structure and more.
To begin, your company must identify potential risks before developing plans to mitigate the dangers and build financial resilience. The three general types of risk for any business are:
Using weather as an example, solar flares are a possible but unlikely threat for most businesses. But, if your main warehouse is located in a 100-year flood plain and your region has been experiencing more severe weather patterns, some prior planning could make all the difference in your company’s recovery after a storm.
Your review of potential risks should immediately follow your annual strategic planning for the business, recommend experts with the National Center for the Middle Market (NCMM). This allows your leadership team to more easily identify those risks likely to have a tangible impact on business goals.
Once you’ve identified and analyzed the most likely threats to your company’s financial health, it’s time to create a plan for recovery. This requires that you:
Complacency is the biggest danger to your company’s health, says Manuel M. Perdomo, Head of International Risk at SunTrust Banks, Inc., because resiliency planning isn’t a one-and-done thing.
Take hurricane planning for businesses along the Gulf Coast and southern Atlantic Seaboard, as an example. Most companies have some sort of hurricane plan, but is it tested every year before the storm season begins on June 1?
To properly plan for hurricane season, says Perdomo, a business should review and update its communication plans and phone lists, inspect their facilities to look for potential vulnerabilities, back up data, and arrange for capital liquidity and cash on hand that may be needed for a few days to a month if a storm hits.
How Companies Build Cyber Resiliency
Information technology represents a significant financial vulnerability for most companies, says Joseph Muniz, security architect at Cisco, and is vastly underreported. One of the main reasons behind the underreporting is that it takes businesses an average of 200 days to discover a system breach. On top of this, most companies have trouble tracking and documenting the entire breach once it is discovered.
The top dangers within a company’s digital footprint are generally related to having too many devices or too many different types of devices to manage securely; too much data; and trying to keep all IT tasks in-house rather than outsourcing expertise appropriately.
It’s a difficult time to manage cyber security, explains Muniz, when a Ring Doorbell can provide entry in to your entire system.
Muniz recommends companies build in multiple layers of security; simplify and consolidate systems and devices; automate as much security as possible; and train their employees to recognize phishing attacks and other potential vulnerabilities. He also recommends amplifying the strengths of your in-house IT department by outsourcing specialty IT jobs, such as forensics.
And realize this: More and more business buyers are including disaster planning and recovery in their due diligence checklists when they make acquisitions. They want to ensure that any business they acquire has plans in place to continue operations following any natural disaster or cyber-attack. So, creating and maintaining your business disaster recovery plans is vital.
To learn more, download the full report on risk and resilience from the National Center for the Middle Market.
Interested in learning more about how our dealmakers can help you and your firm build financial resilience prior to a sale or merger? Give us a call at 972-232-1121 or fill out our contact form, and we will be in touch.
By Jessica Johns Pool.
© 2018 Generational Equity, LLC. All Rights Reserved.
Honored to win Investment Banking Firm of the Year 2 years running.
Over 50 awards and counting.
Sign up to receive regular email updates, industry-leading insights and details on complimentary M&A executive conferences in your area from our award-winning team
Success, you have been added to our list.