Why Should We Plan?
Why should a business dedicate all the time, expense, personnel and other resources to plan for an event that might never happen? The answer is simple: insurance! As with most security-related tasks, it comes down to a simple risk assessment.
The reality is that it’s better to have the plan and never use it than to never plan and be unprepared when disaster strikes. As stated earlier, businesses without a plan face the risk of going out of business permanently. The direct advantages are the following:
- Faster, more efficient, and less expensive recovery
- Better chance of recovery/survival
- Reduced insurance costs
- Investor confidence
There’s another very good reason to have these plans in place. It’s not just a good idea; it’s the law. For business and government, there are laws and regulations in place that require organizations to take measure to protect company assets. Some of these laws and mandates include the following:
- HIPPA: The Healthcare Information Privacy and Portability Act (HIPPA) provides guidance on privacy and security for any health-care or health-care-related institutions.
- GLBA: The Gramm-Leach-Bliley Act (GLBA) provides guidance on privacy and security for banking or financial institutions in the United States.
- FISMA: The Federal Information Security Management Act (FISMA) drives the need for vulnerability and risk assessments for all United States federal government agencies.
- SOX: The Sarbanes-Oxley Act drives the need for vulnerability and risk assessments to be conducted for publicly traded companies.
Furthermore, insurance companies expect to see these plans in place before providing any sort of coverage.