When you hear the words “Risk Management” what’s the first thing that comes to mind? If you’re like many business owners the first thing that comes to mind is workers’ compensation, safety and liability insurance. But looking across your entire business, which is most likely to happen?
- An employee gets injured and is treated at the hospital. You could own this injury forever.
- The product you manufacture has a defect that could cause serious injury and there’s a recall.
- Your network and technology systems have been stopped in its tracks because it got infected by ransomware. You can’t conduct business as usual.
Typically, when we think of risk management’s focus, we think about the day to day physical risks to employees from climbing, slipping, falling or straining themselves. Safety managers tasked by business owners struggle to keep down the costs down for workers comp claims which could average, if litigated, about $250,000 dollars per case.
Since working a short while in the business of injury prevention, I notice when I speak with business owners or executives now, it’s like they don’t seem to worry quite as much about the risks associated with data loss and downtime as they do with safety and liability. Most of them totally trust that their IT teams have it covered (See C-level IT Disconnect) And let’s face it, no matter how much business acumen one possesses, we don’t always want to admit that we can’t understand or identify with what IT people are saying. What if we were just as comfortable avoiding conversations with our financial managers? We’d just take their word that the business if sound and move on. Never mind boring us with those P&L’s, balance sheets and meetings.
Risk of data loss is the one thing that most business and industries have in common. So, what are the odds of getting hit with ransomware? Well, a recent study by IBM revealed that 7 out of 10 CEO’s admit that they have been willing to pay the ransom to get their data back.
Even if you pay up, how soon can your data be recovered? Do you have insurance to protect your data? What if you manage to get up and running but never get the data back? The average cost of downtime alone for a mid-sized business last time I checked, is estimated to about $75,000 dollars per day. Do you know how many days it could take to get yours all back?
So, if I asked a business owner of a trucking company how much does a head injury cost these days? Most of them could tell me the numbers off the top of their head but when I ask how long would it take to get their data back up and running, many just don’t know. Have you and your IT team discussed it and have a firm understanding of the cost of not being able to do business if your servers are down? Do you know how long it’ll take to get your applications like accounting, payroll, inventory, email servers, customer relationship management, or proprietary systems back up and running.Have you ever determined what length of time each of these departments could operate without their systems? If one is down, how long until the problem snowballs and affects other departments?
Have that conversation with your department heads and include your IT Director or CIO. You’ll be glad you did! Because it’s not a matter of “if” you get ransomware it’s “when” you get ransomware.