Why Businesses Fail At Disaster Planning

Share on linkedin
business woman at laptop trying to develop a disaster plan

A lack of disaster regulations for businesses

Keeping pace with new regulations is challenging. Not having them can sometimes be worse. Unless you are familiar with disaster planning, it unlikely that you know what the laws are. Countries outside of the US have business disaster regulations in place. Today, the US does not. Regardless of what you think of rules, it can be helpful to have guidelines in place.

Small business owners often struggle to complete core tasks. Understandably, disaster planning is rarely a priority. If you attempt to create a plan, you may come across FEMA’s small business continuity template or FINRA’s Small Firm Business Continuity Plan template. Online sources don’t do a go job of helping you easily accomplish disaster preparedness. Later in this blog, I will share the global regulations. Next, let’s look at why most US companies don’t have a disaster plan.

Multiple maps

Statistics supporting this claim

 Here are some interesting facts to consider:
• Small companies make up 99.9% of all US business but 2 in 3 say they don’t have a documented plan (Source, Harris Poll for Nationwide Insurance, 2017)
• 40% of companies never recover from a disaster (Source, FEMA, 2017)
• 90% of businesses without a disaster recovery plan will experience IT failures after a catastrophe (source, Touche Ross 2017)

Check out my blog Top 10 Scary Statistics For Small Business Disaster Planning if you want to learn more.

Brainstorming about disaster planning

One problem is lack of consistency and clarity

It’s not your fault. This country has done a lousy job of integrating disaster planning into the business culture. Overall, there is a lack of clear disaster planning information. 

Additionally, professionals don’t agree on basic terms. People use jargon with different meanings but call it the same thing. For example, disaster recovery can refer to the process for restoring critical applications from a server or helping a community after a disaster. See my blog, The Two Faces Of Disaster Recovery, for more on this topic. Last, words like disaster, crisis, and incident are different but used to mean the same thing.

What makes a good disaster plan is an ongoing debate. Regardless of the regulations, professionals vary in their approach. One method is to plan for critical operations. Another takes a more holistic view and prepare all business processes. In conclusion, there is little consistency.

Man confused about disaster planning

Another is a lack of understanding about what to do

Best practice guidelines are issued by:
• ISO’s 22301 Societal security — Business continuity management systems — Requirements,
• DRI International’s Professional Practices, and
• Business Continuity Institute’s Good Practice Guidelines.

Guides like this are for large business continuity programs. Disaster planning concepts are unfamiliar to the majority of business owners. So, it is not surprising that companies lack continuity plans. Business Continuity is still a relatively new field. In the US, it has roots in the Continuity of Operations Planning (COOP). Other milestones are Y2K (2000), responses to major natural disaster events, and the September 11 attacks.

Importance of disaster planning visual

If you have not been paying attention, it is not your fault

Business Continuity does not have an effective marketing campaign. If it did, I wouldn’t be writing this blog. Think for a moment about effective marketing campaigns or slogans. Then, ask yourself if any of them are for disaster planning. If you know of one, let me know because I can’t think of any! So, you can understand why the value of business continuity planning remains unclear.

A value proposition is a clear statement of why to buy a product or service. But, if you don’t even know what the term business continuity is, you won’t engage in it.  People like me need to do a better job of getting your attention. We need to clarify how to plan, making it simple, and straightforward.

Vincent Davis, wrote a great article related to this topic on building community resilience, called Defeating The Clown – How Do You Tackle Community Resilience? I recommend you check it out.

man reviewing business page of a newspaper

We do not make disaster planning easy for businesses

Very few of us want to think about all the bad things happening to our business. If you try to do disaster planning on your own, you will find lots of information out there. However, most it tells companies to plan without clear instructions about how to achieve this goal.

In my last post, I referenced resources to help business owners get started. What would be better is an easy to follow tool kit. And, it would be helpful if there were planning models for brick-n-mortar businesses versus virtual companies.

Man on horseback with cattle

Beyond the Wild West

I don’t want to think it is the Wild West out there, as most professionals agree on the same necessary disaster planning steps. But, your end product will likely depend on the person or source materials helping you to build your plan. Few planners I see an excellent job in creating tailor-made programs.

Regardless, planning does not need to be a complicated process. And this is my main point. As a country, we need to do a better job of helping our business owners achieve success in this area.

I encourage you to read my post Don’t Let Your Business Be A Disaster Casualty for resources to help build a basic plan. Before you get started, read the next section so that you are aware of current standards. At the end of this blog are links to the comprehensive US and global regulations and guidance.

Business team looking at a disaster plan

A few words on regulations and standards

I started this blog, pointing out that there is a lack of universal business continuity regulations. Instead, there is a loose mix of rules, standards, and guidelines that address emergency preparedness. Criteria exist for critical business sectors like government, first responders, financial institutions, hospitals, or utilities.

The Occupational Health and Safety Administration (OSHA) has a regulation to address emergency response, called the Emergency Action Plan (EAP) [29 CFR 1910.38(b)]. It focuses on evacuation from a worksite and outlines what needs to be in a plan document. However, it says that employers with ten or fewer employees do not need a documented plan. Due to this, small operations may skip this and not have the necessary emergency life safety procedures in place.

Women looking a disaster regulations and standards

Key US cross-industry regulations or guidance related to business continuity*

Name

Focus

COOP and Continuity of Government (COG). Federal Preparedness Circular 69, 26 July 1999

Established federal continuity of operations considerations

Occupational Safety Health Administration (OSHA) 1910.38 – Emergency action plans

Emergency action plan standard and minimum requirements

National Fire Protection Association (NFPA) 1600

Standard on Disaster/Emergency Management and Business Continuity Programs

PS-PrepTM

The Voluntary Private Sector Preparedness Program — PS-Prep™ & Small Business Preparedness

*This is not a complete list, see the resources section for links to detailed global information

If this makes your eyes glaze over as it does mine, I get it. Recent administrations generated increased compliance and regulatory standards. Still, the country seems reluctant to establish guidelines on something so directly tied to the protection of life safety and property.

Regardless of the political, social, or economic reasons for this, it has left most industries with no clear idea of how to prepare for crisis events. I don’t like regulations for the sake of rules. However, I am surprised that most of the rest of the world has adopted business continuity standards but that the US has not.

Ace in the hole for disaster planning

Why BC planning is your ace in the hole

On the plus side, it gives business owners a competitive advantage. A benefit of disaster planning is that it lets your customers and third-party suppliers know you care about emergency preparedness. Increasingly, customers want to know that companies prepare for disasters. 

Beyond the value of emergency readiness and building operational resilience, it can help you think strategically about your business model. Last, it allows you to understand your business from a tactical standpoint. 

Ben Franklin’s quote, If You Fail to Plan, You Plan to Fail, applies here. In today’s fast-paced world, all businesses are at risk of crisis events. By not planning, you lose the opportunity to identify your company’s vulnerabilities. If you want to achieve success, it is vital to stay ahead of the competition. Engaging in business continuity planning is one way to do that.

Disaster planning professional

Business Continuity makes good business sense

So, now you know that no one is forcing you to have a disaster plan (for most industries). You may have noticed from media reports that recent natural disaster events were the costliest in US history. The National Oceanographic and Atmospheric Administration (NOAA) reported that 16 major weather disasters cost $306 billion in damages in 2017 (up from $100 billion over the previous year). This data doesn’t include in the impacts of cyber-attacks, power outages, facility issues, or crisis events caused by human error or intent.

Most people think that an event won’t happen to them. Well-developed plans are designed to mitigate the effects of a crisis event. They also establish a resilience baseline for your organization. A good rule of thumb is to treat plans as proactive, living documents that mature and adjust with your changing business model.

It is worth investing time in safeguarding what is most important to you. When you add disaster planning to your toolkit, it helps you to continue operations when you experience a crisis. Businesses fail from a lack of planning and knowledge. Don’t be that business.

Woman protected from disaster

List of information security and business continuity regulation sources

Disaster Empire Scroll to Top