Research by Grant Thornton UK LLP has found that 63% of UK mid-market businesses do not have a board member responsible for cyber security.
Additionally, 59% of the businesses surveyed do not have a cyber incident response plan in place.
Any roadblocks to trading and the availability of your sales platform could do serious damage to your business' reputation and sales.
If a business truly focuses on business continuity, then they will have carefully evaluated all the systems in their business: how they fit together, what threats they face and how they will mobilise in the event of downtime or needing disaster recovery.
This kind of preparation is what retailers should strive for, since the UK retail sector particularly struggles with downtime. A 2019 survey conducted by Cradlepoint found that 75% of those surveyed are experiencing unplanned network downtime and outages impacting business during peak hours.
Despite that, 26% still do not have a network redundancy plan in place to minimise business disruption when outages or downtime do occur.
With all the sensitive payment information they process, the standards they need to meet like PCI DSS and the necessity of uptime, the importance of business continuity cannot be overlooked.
1) Data availability
Retailers are incredibly dependant on the flow of data throughout their supply chain and internal systems. Downtime or lost data could significantly hinder your success, or even your ability to continue normal operations!
With disaster recovery as a service (DRaaS) as part of your BC plan, your critical systems are mirrored to a secure secondary site, where they can be invoked in the event of downtime or data loss. This is a surprisingly cost-effective way to be fully-protected. Depending on your particular configuration, your DR environment can be put in a powered-down state, and you'll only pay for the compute resources used if you need to invoke it. Especially for small or medium businesses, this puts an incredibly powerful resource within budgetary reach.
2) Protects your reputation
In a survey of UK consumers about trust, 79% said that if trust broke down for some reason, they’d switch from a brand, with 49% doing it immediately. While a certain percentage of consumers may never be fully satisfied, your brand reputation is still one of your greatest assets. If a retailer focuses on business continuity, they will be less likely to suffer damage to their reputation from preventable oversights like database access or lapsed security updates.
3) Increased security
Planning and testing a business continuity plan will inevitably lead to increased IT security overall. In order to craft your BCP you'll need to thoroughly evaluate all of the cyber-security tools and procedures already in place. With the help of a managed services provider, you'll receive tech-agnostic advice about where your greatest weaknesses are and in what order you should prioritise fixing them.
Taking time to craft a BCP also means you'll involve more members of your team with training across the board on how members of staff at all levels---not just tech---should respond to a potential network intrusion or lost data. This holistic approach to training will put business continuity in a rightful place of priority.
4) Legal and regulatory compliance
Finally, attention must be given to GDPR, PCI DSS, ISO 27001 and other regulatory standards that apply to retailers. Maintaining compliance is an on-going task, with thePCI Security Standards Council saying that most breaches occur when organisations were compliant in the past, but lapsed into non-compliance. Focusing on business continuity will ensure that you are compliant. This is another area where a MSP with extensive knowledge and experience in the retail sector can show you where you are meeting standards or how to improve.