We are all, of course, still grappling with the professional and personal disruptions that COVID-19 created. Much of the dialogue has focused on what comes after work from home (WFH), even as insurance carriers contemplate what may happen next. The catchphrase “return to office” (RTO) has many interpretations that tie to organizational, cultural, political, and practical drivers that will produce varied and flexible responses. The decision to WFH will seem easy by comparison.
One critical thing that insurers should not lose sight of is which DR/BCP plan they have in place. As a CIO, I once explained to my CEO that declaring a disaster was pretty easy conceptually. The hard part was coming back. We did not have a plan for coming back, had never tested anything, and had no idea what would go wrong along the way. It was the very definition of testing in production.
We have executed the WFH plan. We are now entering a new, far less predictable phase. Recent discussions with Novarica Research Council Member CIOs put added urgency around the issue.
- Do carrier DR/BCP books add any real value? Generally, CIOs did not perceive much value in the artifacts themselves. Referencing the documents during the pandemic was highly unusual. The main benefit was in creating and practicing them to build organizational muscle.
- Are tabletop exercises valuable? CIO perspectives varied; the best exercises seem to have come from outside consultancies and forced dynamic and thoughtful responses as the companies involved flexed their muscles.
- Have businesspeople engaged in planning and practicing events? CIOs expressed significant concern that business partners have seen planning and practicing as an IT issue that they could safely avoid. Now, these events are perceived as DR events rather than BCP transactions. This perception needs to change now, given the nature of “black swan” events like a pandemic.
- What role does senior leadership have going forward? A broad consensus is that senior leadership must provide a much higher level of engagement than they have historically. Some things can’t be delegated, in other words.
- What have we learned, and what comes next? COVID-19 has been straightforward, in some ways. The pandemic is horrific, but there hasn’t been a second- or third-order event to exacerbate problems. There was a sharp rise in malware attacks after 9/11, for example, which crippled some recovery efforts. As organizations move forward, are there new vulnerabilities that could strike when carriers are most vulnerable, such as when trying to pursue aspects of a high-risk RTO solution? The answer to this question is almost certainly yes, which highlights the importance of building strategies and communication plans now.
Just before COVID-19 spread across North America, Novarica published an update to its Executive Brief on DR/BC Planning. It is a valuable resource for IT organizations as companies begin to pivot to what comes next. Predicting the future is nearly impossible; scenario planning and practicing for what might come next is invaluable.
Add new comment