From Disaster Recovery to
Business Resilience
Chris Connelly
IBM Risk and Resilience COE
Scope
• From Disaster Recovery to Business Resilience
• The Resilient Enterprise Blueprint
• The IBM 2011 Global Business Resilience and Risk
Survey
What is Business Resilience?
IT Disaster
Recovery
Risk
Management
Governance
Crisis
Management
Business
Continuity
A (very!) simple business map
Business Functions
Line of Business
A
Dependencies for
Service Delivery
Line of Business
B
Dependencies for
Service Delivery
Areas of shared resources and shared (linked) risks
Line of Business
C
Dependencies for
Service Delivery
Linking the Resilience requirements across the enterprise
Business Functions
Strategy & Vision
Integrated View of Service Delivery
Line of Business
A
Line of Business
B
Line of Business
C
Organization
Processes
Applications & Data
Dependencies for
Service Delivery
Dependencies
for
Service Delivery
Technology
Facilities
Areas of shared resources and shared (linked) risks
Dependencies
for
Service
Delivery
The Resilient
Enterprise Blueprint
The layers are broken down into
Business and Infrastructure objects;
objects are refined by attributes
 250+ objects and over 4000 attributes
 Linked across layers to provide
different resilience views like
continuity, compliance, security etc.
 Evaluated for their current and target
levels of business resiliency maturity
The 2011 IBM Global Business
Resilience and Risk Study
In conjunction with the Economist Intelligence Unit
390 Participants
Geography
Company size
Eastern Europe — 3%
Asia-Pacific
— 20%
North
America — 39%
US$5B to $10B
10%
US$5M or less
— 39%
US$500M to $1B
13%
US$1B to $5B
— 15%
Western
Europe — 39%
US$10B or more
— 23%
8
What organisations have done
Create a business continuity plan
Invest in new risk-related IT solutions
Establish company-wide risk management team
Discuss issues with supply-chain partners
Assign overall responsibility to a single executive
Develop communications or training program
Respond to recent natural disasters by rethinking
strategies
Develop integrated business resilience strategy
Engage external advisors
Source: Q5a. Which of the following measures has your organization adopted?
9
Next Steps
Already done
Develop integrated business
resilience strategy
Develop communications or training
program
Invest in new risk-related IT solutions
Respond to recent natural disasters by
rethinking strategies
Engage external advisors
Discuss issues with supply-chain
partners
Create a business continuity plan
Establish company-wide risk
management team
Assign overall responsibility to a single
executive
Source: Q5b. Which of the following measures is your organization most likely to adopt in the next three years?
10
Next 3 years
Lack of understanding
about emerging
technologies — 8%
Lack of
understanding
about best
practices —
9%
Barriers
Lack of buy-in from
employees — 4%
Silos within the
organization — 28%
2010 Study comparison:
Lack of C-level
vision and
commitment
— 14%
Implementing necessary procedures
Securing budget
Obtaining full risk picture from depts
Inability to predict ROI
from improvements —
17%
Budget
limitations
— 20%
Source: Q10. What is the biggest single barrier to implementing a holistic approach to business resilience planning?
11
Principal Findings
100%
 An integrated approach to business resilience and risk
management offers a significant business opportunity for
organizations of all sizes
“An effective business
resilience plan will provide
a robust foundation on
which to build a long-lived
competitive position
supported by end-to-end
risk management.”
2011 IBM Global Business
Resilience and Risk Study report
 Appointing a single individual with overall business
resilience and risk management responsibility is essential
to integration success
 Input should be sought from throughout the enterprise
— including employees and partners
 Cloud technologies have matured significantly and now
have the potential to deliver significant business resilience
benefits
 The newly integrated business resilience and risk
management strategy can be levered to seize
unexpected opportunities and deliver measurable
business value
12
In Summary
• Businesses are moving beyond Disaster
Recovery to Business Resilience
• IBM has introduced the Resilient Enterprise
Blueprint to provide this framework
• The 2011 IBM Global Business Resilience
and Risk Study shows what organisations
world wide are addressing
• www.ibm.com:
– “Resilience Survey”
– “Risk and Resilience”