In my perusal of this morning’s news, I came across yet another story of catastrophic impact due to cyberattack – this time a local city government. The City of Atlanta is still uncovering the full extent of a bitcoin ransomware demand in March. The cost of recovery is estimated at $9.5 million, and likely to rise. Of the 424 software programs impacted, 30% (nearly 130) are considered mission critical to the City of Atlanta’s services. Critical data, including nearly 10 years of legal documentation were also lost, the full impact of which is difficult to measure.
This is the stuff of nightmares for all involved, especially those at the helm.
There is no way for any leadership team to anticipate every risk that may befall its organization. When we try, the result is often large, unwieldy risk and continuity programs that become lost in process and measurement. Worse, these programs are also typically disconnected from strategy for lack of insight into what is truly most important to the overall success of the organization.
What leadership teams can do – and should do – is align BOTH strategy and risk planning efforts with its uniquely-defined mission-critical framework. This simply means that we take the time to identify activities, assets, resources, services and systems whose failure or disruption will impact the organization in such way that achievement of strategic goals (and thus mission) are at risk. Once defined, we can then prioritize efforts and resources in a way that allows the organization to address the most impactful risks and opportunities with greater agility. While this approach is, at the very least, good business practice, it is absolutely critical for those with social responsibility and constrained funding.
We simply must move away from risk and continuity planning in a silo. Every business/strategic planning cycle should address Mission, Growth and Survival in a measured and balanced way
The Essential Strategy Blueprint at BlackFoxStrategy.com