Cyber and Climate Risks
Recently, I trained a professional in PECB’s ISO 22301 (Business Continuity Management System). Originally from South Korea and now residing in North America, her main goal after completing my training was to take this knowledge back to South Korea and assist her organization, which has over 4,000 employees, in becoming better prepared to deal with cyber risks and climate change.
Previously, South Korea was considered to be located in a less seismically active region than countries such as neighboring Japan, as it is farther from major tectonic plate boundaries. However, this perception has now shifted, along with her career and personal goals. Due to climate change and rising sea levels, the frequency of earthquakes in South Korea has increased. At the same time, she has been studying her Master’s Degree in Cyber Security to assist in managing the cyber risks on her return to South Korea.
This is one example of how fellow professionals around the globe are seeking knowledge to deal with Digital Disruptions and Disaster Recovery and build resilience in the Age of Cyber and Climate Risks.
Defining Digital Disruptions and Disaster Recovery
For many companies, building global resilience in the Age of Cyber and Climate Risks may be quite challenging. It requires their leaders to sit and think and decide on a strategic approach to ensure that their business can still “stand still” (pun intended) and continue should a cyber or climate risk play out in a disastrous manner.
To understand the strategies or solutions leadership teams can develop, it may be best to define the terms so that we can all be clear on their meanings/definitions for this article. ISO 22301 defines Business Continuity as “an organization’s capability to continue delivering products and services within acceptable timeframes, at a predefined capacity, during a disruption.”
Within a Business Continuity Management System aligned with ISO 22301, Disaster Recovery (DR) is generally considered the technical component that focuses on restoring IT systems, data, and infrastructure following a disruption. Usually, disaster recovery activities tend to happen or be carried out during a period of 24-72 hours after a major disruption has occurred.
Digital disruption refers to “using digital technologies to disrupt existing businesses and industries”. It can lead to existing products and services becoming obsolete. Therefore, we are going to have a look at how some companies have been “digitally disrupted” in our age of cyber and climate risks. We can analyze both the short and long-term consequences and understand what adjustments they needed to make.
This perspective can serve as a good starting point for senior leaders and management teams in their respective organizations to begin understanding, developing greater resilience, and creating disaster recovery strategies for digital disruptions amid cyber and climate risks. Although each organization may face slightly different challenges, there may be similarities in terms of how they can address these problems.
Digital Disruptions and Disaster Recovery Solutions
- Adaptability: A partner company of mine that provides website design and digital marketing to clients across the globe has experienced digital disruption on two separate occasions. Firstly, besides creating websites for their clients, they also had a section or part of the company that provided traditional Marketing and Public Relations (PR). But website programmers in Southeast Asia began to disrupt their business models and markets by offering independent programmers online at lower prices. Of course, a lower price does not automatically translate to better quality. So, they had to adjust their services to demonstrate their quality to clients in order not to compete on pricing, and also change their approach to offer digital online marketing as opposed to traditional marketing.
- Rethink business model: Secondly, they changed their IT infrastructure from hosting their customers’ websites on local servers to storing the information remotely and accessing it through a Cloud Hosting Provider in the United States (USA). However, this Cloud Service Provider experienced their own technical glitch and infrastructure failure. This happened over a 48-hour period and significantly affected clients for both my partner company and the hosting provider (themselves). Given that this second form of “digital disruption” was due to a faulty Change Management process in terms of updating their software and hardware at the data center, my partner company has now decided to perform a review and implement a number of steps to mitigate against a possible recurrence.
- They have decided to review their Service Level Agreement (SLA) with the Cloud Hosting Provider and discuss the options and assurances for potential financial compensation for this disruption and for any future disruption.
- Invest in training their employees: My partner company has taken a stance to recruit, retrain, and retain employees to have strong digital skills to perform their tasks efficiently. In doing so, they are embarking on a process of digital transformation whereby anyone can work from any part of the globe, and their information is stored securely online for retrieval. The company is trying to build out a level of resilience, so they are not as negatively impacted by any disruptions, either digitally or climate change, as they were previously.
- Importantly, they listened and focused on their customers’ needs and used digital tools/platform to personalize experiences to ensure that they built long-term relationships to assist them more readily when change arrived.
Coastal Erosion due to Rising Sea Level
There may be other decisions that organizations may have to take to effectively deal with a digital disruption or climate change risk. A prime example is a financial institution in the Caribbean region, which is also a client of mine and I trained in both PECB’s ISO/IEC 27001 (Information Security Management System) and ISO 45001 (Occupational Health & Safety Management System). They built one of their branches too close to the sea. Originally, the idea was very good: to give tourists and local people an opportunity to bank and access finances while they are close to the beach. However, due to coastal erosion and rising sea levels, the financial institution eventually had to make the decision to leave the building and relocate its staff. This was a serious disruption due to climate change and the rising sea level. Now, this is part of their long-term considerations in terms of analyzing their brick-and-mortar footprint.
Emergency Planning and Drills
In another scenario, I am currently leading an organization of 800-1000 persons to perform Emergency Planning and Drills as a Health & Safety/Disaster Recovery Coordinator. One of the main actions I did was to provide cross-training to various emergency response teams for potential disasters, including earthquakes. Recently, we experienced a 5.0 earthquake on the Richter scale. So one of the ways I am supporting this organization to handle various situations is to obtain First Aid/CPR training and to perform drills to safely remove persons in different disaster/emergency scenarios. Of course, this had led the organization to rethink its annual budget and even acquire new Personal Protective Equipment (PPE) and other items for key members to use immediately should any disaster arise to threaten the safety of persons within the building.
Conclusion
Some companies are resistant to planning and to having a dedicated person on staff, or even a consultant, to provide expertise to handle digital disruptions and the disaster recovery process. However, due to the increasing prevalence of Cyber and Climate Risks, companies need to rethink how they manage digital disruptions and disaster recovery, ensuring they continue to develop their institutional resilience. Some of the solutions include adaptability of the organization’s objectives, re-thinking their business model, reviewing their Service Level Agreement (SLA) with any Cloud Hosting Providers, training and retaining their employees, performing emergency drills, and considering solutions based on the situations they are likely to face. Of course, you are welcome to contact N Ramsey Consultancy Ltd as an option to discuss your challenges and how we can work together to develop possible solutions to deal with your digital disruption and climate changes that affect your business.







