Gary Hibberd

20190917

Before we get started, let’s be very clear about something this is NOT a political post about the pro’s or cons of BREXIT!  If you want to get into that debate, you’ll need to go elsewhere.

If you’re the type of person who sees every comment about BREXIT as an attack on which way the vote went, then you’ll most likely think this blog is also an attack. But it’s not. Let me say it plainly; This post is neither for nor against BREXIT. I don’t care if you’re a Brexiter or Bremainer (seriously?! Who came up with these terms!?!)

But can we talk about BREXIT and not get political? Yes, I think we can.

Like it or not, it is highly likely that BREXIT is coming. It may be a Deal or No Deal situation, but like Noel Edmonds shirts, we can’t ignore it!  So are you ready? What does it mean to us?

Again, this blog isn’t intended to play into the scare tactics (of either side), but there is absolutely no doubt that there will be an impact. In the last month, we have seen the leak of a paper from the UK Government entitled ‘Operation Yellow Hammer’. In it, it outlines the potential impact on the UK should we go through with a ‘No Deal’. I am not here to ‘catastrophise’ and claim we are headed for bedlam. But while the paper clearly states we are, I believe the paper is merely the result of forward-thinking, ‘worse-case scenario’ planning. I’m pleased that someone is planning in that way because, of course, there will be an impact, both positive and negative. So while the government has its ‘Yellow Hammer’, what are YOU doing to prepare for it?

BC Planners; Where ARE you?!

For all the years I spent as a Business Continuity Practitioner I remember speaking to others in the industry who would bemoan the fact that no one listened to them. That they wrote plans for things they hoped would never happen, and therefore their plans would remain unused. I can sympathise to a point. I recall with great clarity writing Contingency plans for Swine and Avian Flu, hoping and knowing that they most likely would never be needed. But still, I wrote them, and I’m very pleased we didn’t need them.

On LinkedIn today we hear so much from the cybersecurity community about Data Breaches, and incident response but very little about forward planning for major events. Major events like BREXIT should be on every Board room’s agenda and planning for the (almost?) inevitable exit should be the focus of every Contingency Manager in the land.

Perhaps it is, which is why there seems to be so little conversation about it on social media. In 2018 the world became obsessed with preparing for the GDPR. GDPR ‘Experts’ popped up more frequently than Ant and Dec at an awards ceremony. But where are all the ‘BREXIT Contingency Experts’? Perhaps they are busy preparing? Or perhaps they, like many of us, are suffering from ‘BREXIT Fatigue’ and don’t want to be seen as catastrophising? 

Contingency Planning for an uncertain future

I was recently told, “Well there’s not a lot we can do about it, so we’ll cross that bridge when we come to it.” That’s not very reassuring. It’s assuming the bridge is still there. What if the bridge has collapsed? What if the bridge is closed as the people working on it have been forced to leave the country? What if the bridge falls into disrepair because the materials can’t get here to maintain it? What if the prices have been raised, and we can no longer cross the bridge?

The very idea of waiting to see what happen flies in the face of conventional wisdom and every Business Continuity Practitioner in the land knows this to be true. In planning for Avian Flu and then Swine Flu, I didn’t ‘cross that bridge when it came to it’. I was having tough conversations with the Board for months in advance, and preparing for many different scenarios, including the impact of losing 50% of critical teams.

Was it fun? No.

Was it likely to happen? Not sure.

Was I relieved when we didn’t need the plans? Totally.

Would I plan for it again if required? Absolutely!

Organisational Resilience

If you’ve been involved in Business Continuity for any length of time you’ll know that the very nature of the job is to plan for things other people would rather ignore. But with the issue of BREXIT we have an additional issue to overcome; Apathy. It could be due to the belief that everything will be ok or simply that we have heard so much about BREXIT that people want to ‘get on with it’! But as business leaders and Business Continuity Practitioners, we can’t allow this apathy to continue. We need to take action and prepare for BREXIT and consider the impact (positive and negative) it might have on us and our businesses.

But if Business Continuity Planning isn’t something you’re interested in, how about Organisational Resilience? Organisational Resilience is “the ability of an organisation to anticipate, prepare for, respond and adapt to incremental change and sudden disruptions in order to survive and prosper.” I would hope that we are all hoping that businesses we rely on are interested in surviving and prospering. Especially if they supply goods to us personally.

Here’s your starter-for-ten

I remember speaking to Management teams back in 2006 when Avian Flu first emerged as a threat. Providing them with advice and guidance on how to prepare for something that could have a significant impact was not easy. Like many things in Business Continuity it requires us to look at something we’d rather not consider, and ask “What if…”.  I believe this is something we need to do again today, focusing on BREXIT. So I offer the following as a primer for your BCP – BREXIT Continuity Plan.

BREXIT Continuity Plan

Hold a senior management meeting, where you include all the key players, including HR, Operations, Marketing and Sales, IT, Compliance and Facilities. Once the team are assembled seek to understand the following;

When BREXIT happens, what will be the PESTLE impact (positive and negative)?

  • Political
  • Economic
  • Social
  • Technological
  • Legal
  • Environmental

E.g;

Political:
  • Data transfers into/out of UK could prove to be problematic.
  • There is an opportunity for us to partner with our sister company in Sweden
  • etc
Economic:
  • We have 10 Clients based in Germany. We may need to switch them to Sweden.
  • We may need to increase prices.
  • We could look for suppliers in other regions that could bring cost savings
  • etc
Social:
  • Employment may become problematic as the talent pool is reduced
  • The way people work could change. Homeworking could be a benefit
  • etc
Technological:
  • IT Support contracts are with a German provider
  • Data is stored in the UK Data Center and Data Sovereignty  will become an issue
  • etc
Legal:
  • Contracts will need to be reviewed
  • NO Deal BREXIT could leave the UK without an ‘Adequacy Status’
  • etc
Environmental:
  • Increased shipping costs and tariffs/taxes due to impact on the environment
  • etc

Risk assessments and Business Impact Analysis (BIA) are the foundation of good Business Continuity Planning. Right now we need to conduct this analysis specifically for BREXIT. Once you’ve gone through this process with the team, it will be time to draw up Contingency plans and processes for each identified item. Congratulations, you’ve written your BREXIT Continuity Plan (BCP). It’s that simple.

Conclusion

BREXIT is, of course, a topic which can divide a room. But this blog isn’t intended to do this. Rather it is intended to get you thinking about the importance of planning for it.  Irrespective of your political stance, BREXIT is on the horizon, and no one is sure what it will look like.

Irrespective of your political stance, there is simply no excuse for NOT planning. Can we fix BREXIT? We don’t need to. What we do need to do is plan for it, and know we maximised on the benefits and minimised any adverse-affects. Surely that’s when Business Continuity begins to add real benefit, and Business Continuity Practitioners can once again step out from the shadows.

Other resources

Case studies

Our cyber consulting team works with clients from public sector bodies and global businesses to SMEs and start-ups. Read our success stories here. Learn more >

Video

See what our team have been discussing around current issues in regulation and data security, and recommended processes and policies that will benefit your business. Learn more >

Whitepapers

In our collection of whitepapers, Cyberfort’s cyber consulting experts explore issues from cyber threat intelligence to incident planning and data security. Read our whitepapers to help make informed decisions for the benefit of your business.Learn more >