The path to digital

leadership
The fundamentals of business
continuity management
 Contents
The path to digital leadership

Introduction 3

Why implement BCM tools 5

7 steps to implement BCM 10

Investigating the company’s environment, processes, and assets 12

Business impact analysis 13

Action planning 13

Implementation and testing 15

Incident detection 16
2022

Mitigation, remediation, and recovery 17

Revision of existing measures 18

Checklist 19
The fundamentals of business continuity management

Conclusion 20

2
 Introduction
The path to digital leadership

• A steel manufacturer implemented an IT platform to automate its

production. But the platform vendor left the market, and the plant
had to urgently convert to an alternative solution.
• An online store was actively using clouds to quickly scale
to the changing demand. However, the cloud provider was hacked,
and the store lost some of its data.
• A company invested in systems to protect against cyberattacks but
disregarded the risk of a power outage. One day, a blackout happened,
and the entire business got stalled for several hours.
Businesses can stay resilient to such events by implementing an array
of tools for business continuity management (BCM).
They are aimed at detecting critical incidents, preparing anticrisis
measures and recovery plans. Further, BCM tools provide the ability
to focus on specific consequences of process interruptions. This allows
a company to make more targeted decisions and save on excessive
interventions.
2022

Such tools can be implemented in different ways depending

on the organization’s needs. For example, you can build a full-fledged
business continuity management framework or integrate BCM tools into
the existing IT and cybersecurity processes.
The fundamentals of business continuity management

3
 Implementing BCM enables the company to act as a single organism
The path to digital leadership

capable of maintaining seamless processes, predicting threats, and

mitigating their consequences with minimal losses.
This guide will help you gain a quick understanding of business continuity
management and, specifically, improve the cyber resilience of your
organization.
In the guide, you will find:
• BCM basics
• steps to ensure processes continuity
• checklist with tips for implementing BCM tools

In addition to our recommendations, you are advised to refer to the global

best practices, which are compiled in the following documents:
• ISO 22301:2019 Security and resilience—Business continuity
management systems—Requirements
• ISO/TS 22317:2021 Security and resilience—Business continuity
management systems—Guidelines for business impact analysis
2022
The fundamentals of business continuity management

4
 Why implement
The path to digital leadership

BCM tools
The role of BCM has become particularly prominent over the last
few years.
When the world was faced with the pandemic, many found themselves
unprepared. Our research showed that 1 in 5 companies failed to keep
service quality at the same level when they moved to remote operations.
Numerous organizations were struggling to maintain their business
processes, including those related to cybersecurity. The reasons for
this were the heavy workload on their staff, time constraints, and a lack
of technical tools and capacities. The companies most affected by such
challenges allocated very few (to none) resources for predicting possible
emergencies and developing effective action plans.
The exodus of foreign IT vendors from the Russian market in 2022
has demonstrated the importance of BCM mechanisms. Focusing
on the company’s operating environment, identifying business-critical
2022

processes, and testing alternative ways to implement them have become

prominent elements of continuity management.
The events of the 2020s have transformed the approach to BCM. While
there is still much room for improvement, a number of industries have
shown promising results since 2020. We are convinced that the positive
trend will persist, in which case we can expect significant progress
The fundamentals of business continuity management

in the coming years.

BCM development rates by industry1

RE
CA IT
ALTH
HE

2.4
MEDIA
IONS

2.4
1.4
ICAT

A
ND E-C
MUN

2.1 2.1 1.0

COM

2.8
OMM

2.7
TELE

ERCE

1.2
1.5

3.1
N
IO

3.1
T
RE

TA
TA

OR
I

SP
L

3.1
AN
TR

3.2
FINANCE

5 1
To learn more about our approach to the research, refer to Threat Zone 2020,
“Cybersecurity maturity across industries.“
 The examples below were derived from our practical experience and highlight
The path to digital leadership

the possible consequences for a company without any BCM tools in place.

Fraud against clients

Company A owns a large classifieds platform. The attackers created fake
advertisements offering goods on this marketplace and directed potential customers
to phishing payment pages.
The users put the blame on the platform and were looking to sue its owners.

Countermeasures and consequences

To stop the attacks on users, Company A banned the exchange of non-official links
on its website. The fraudsters nonetheless found a way to bypass the restrictions: they
continued the dialog with their victims on social networks and messengers.
As a result, the company’s reputation was severely damaged: customer outflow over
2022

the period increased tenfold as users lost trust in the marketplace.

How BCM tools could have helped

to avoid these consequences
The fundamentals of business continuity management

Company A would have been able to anticipate potential phishing scenarios

and develop an action plan. However, the organization didn’t track phishing scams
disguised as its brand.
Also, users were not duly protected during the response phase, which allowed
the scammers to quickly find a loophole and continue their attacks successfully.
By avoiding such mistakes, the company could have retained more of its customers.
The earlier BCM tools are implemented, the more benefits they deliver. Thus, analyzing
scenarios of potential third-party damage before the start of development could have
resulted in a different approach to the platform, for instance, based on a transaction
assurance framework.

10x
increase in customer outflow
caused by cybercriminals

6
 Compromised
The path to digital leadership

corporate systems
Company B’s employees detected suspicious activity on their network. It was
soon discovered that some attackers had gained access to a privileged account
on the computer that was used to administer the company’s entire network.
The attackers could have potentially disrupted all of the organization’s business
processes and stolen funds from its accounts.
The investigation revealed that behind the attack was a notorious cybercriminal group
called Silence. The intruders were able to penetrate the critical system because
an employee opened a malicious Word file when logged in. From the compromised
machine, the attackers infected the organization’s entire network with several remote
access tools.

Countermeasures and consequences

Our experts managed to block access to the organization’s network and clean up
the malware. Company B also received detailed recommendations on the need
2022

to build cybersecurity processes, assemble a team of dedicated specialists, and set up

regular security audits.
A few months later, the company reported a repeat attack on its systems and a theft
of 43,000 euros. An investigation established that the attack had been launched
by the same Silence group that exploited the unresolved security flaws discovered
earlier. None of the recommendations were implemented.
The fundamentals of business continuity management

How BCM tools could have helped

to avoid these consequences
The company focused on building perimeter defenses and purchasing expensive
cybersecurity tools, however, the most effective measures would have been to:
• Organize monitoring at an early stage.
• Engage qualified specialists to take care of cybersecurity systems.
• Implement measures to protect against cyberattacks, as recommended
by the experts.
This would have saved money and prevented the repeat incident.

31% €43,000
of our external pentesting projects lost by the company due to
resulted in the compromise repeated attacks on its systems
7 of internal networks
 Information attack
The path to digital leadership

Adversaries posted a fake press release in the media on behalf of Company C.

The publication announced the resignation of its CFO. By the time the organization
became aware of this misinformation, it was too late to initiate an adequate response
and counter the damage.

Countermeasures and consequences

The negligence of Company C caused its shares to drop by almost a quarter.
The financial loss from the incident is estimated at several billion US dollars.

How BCM tools could have helped

to avoid these consequences
The main problem with information attacks is that they are extremely difficult
2022

to predict. This is further complicated by insufficient resources (tools, people,

and time) to monitor the brand’s media coverage.
The mistake is to disregard the risk of misinformation campaigns in crisis
management.
Implementing BCM tools, specifically, by engaging independent experts, would
have allowed for a detailed assessment of the external environment. For example,
The fundamentals of business continuity management

understanding the severity of the damage due to the stock decline would have
prompted Company C to timely assess the consequences of negative publications
as well as insider leaks.

almost 25%
of the company’s share value lost
following an information attack

8
 Website hacked through
The path to digital leadership

the fault of a contractor

This is another example of an incident that is as difficult to predict as an information
attack. Company D discovered some reputation-damaging information on its
website’s home page. This could have led to regulatory sanctions.
The investigation revealed that the illegitimate content had been uploaded using
Google Tag Manager (GTM), a tool to track and collect marketing data. Behind
the sabotage was an employee of the marketing agency that provided its services
to Company D.

Countermeasures and consequences

Company D invited independent cybersecurity experts and consulted with legal
advisers regarding the possibility to impose a penalty on the agency.
The experts disabled GTM on the affected website to remove irrelevant content.
Then they found and neutralized the infected tag, and restarted the system.
2022

Further, the experts restricted third-party rights in the GTM administration panel.

How BCM tools could have helped

to avoid these consequences
The fundamentals of business continuity management

Although such attacks are difficult to predict, organizations need to prepare to repel
them. BCM mechanisms would have helped to draw up scenarios for incidents that
occur through the fault of employees or contractors. Based on this, an effective
response can be developed that allows processes to be restored with minimal loss.

9
 7 steps to implement
The path to digital leadership

BCM
BCM is a cyclical process whose components can be broadly divided into two groups:
tools development and incident response actions.

BCM tools development

Examine the business development context: analyze the internal
01 and external environment, record your assets, and carry out
market research.

Perform business impact analysis (BIA) to assess the effects

of negative factors on core business processes as well as possible
02 consequences and damage to company operations in the event
2022

of an incident.

Develop economically feasible incident response and recovery

03 measures.

04 Implement and test the developed measures.

The fundamentals of business continuity management

Incident response actions

01 Inform the stakeholders about a detected incident.

Contain the incident, mitigate its effects, and recover the affected
02 processes.

03 Analyze the root causes of the incident and review your current tools.

10
 Connections between the BCM components are presented in the diagram below.
The path to digital leadership

Context

Expectations Information assets

Market Business
processes
Environment External Internal
Requirements

Business impact analysis

Threats Damage
2022

Assessment of mitigation effect

Assessment of mitigation effect

Reassessment
Planning
The fundamentals of business continuity management

Implementation and testing

Monitoring Response

Investigation and lessons

learned

You can find a detailed description of BCM

components in the respective materials.
Scan the QR code or follow the link to go
to the publications.

11
 For a start, let’s look into the steps required at each stage
The path to digital leadership

of BCM tools development.

Investigating the company’s

environment, processes,
and assets
The purpose of this stage is to map out the landscape in which
the company operates and evolves. This will help you seamlessly adapt
to the changing market, digital environment, and legislation.
At this stage:
1. Gather all the necessary market information or outsource this
activity. This will allow you to assess the external environment and
the key risks faced by your market peers. You might also need
to review your marketing strategy in terms of reputation protection.
Sometimes, engaging independent experts can yield even better
results through their broader view of the market.
2022

2. Visualize the business processes in your company, map out

the links between the departments, and define their roles.
3. If you already have emergency action plans, draw up a list of these
resources with a summary of their content. Document the rules
that exist in your company but are not yet recorded anywhere.
The fundamentals of business continuity management

4. Take a detailed inventory of assets. Maintaining records of your

digital assets (information, network storages, and projects) is
as important as bookkeeping and management accounting.
At the next stage, this will help to prioritize assets to be protected
and plan your business continuity budget accordingly.

60%
of companies overlook information
assets during inventory

12
 Business impact analysis
The path to digital leadership

The purpose of this stage is to lay the groundwork for BCM

implementation and assess the possible consequences of disruptions
in certain processes.
BIA includes the following steps:
• Determine critical processes and information systems.
• Identify the associated key stakeholders, both external and internal.
• Assess whether the company has enough resources to ensure
uninterrupted operation in an emergency.
• Analyze alternative ways of executing critical processes.

When performing BIA, you should be guided by ISO/TS 22317:2021

Security and resilience—Business continuity management systems—
Guidelines for business impact analysis.

Action planning
2022

The purpose of this stage is to develop technical and organizational

measures to ensure process continuity.
The example below demonstrates how incident consequences can be
aggravated by poorly orchestrated actions.
A few years ago, an online ride-sharing firm suffered a data leak, which
The fundamentals of business continuity management

occurred because its employees stored their credentials on GitHub.

The hackers found the source code and were able to access the
repository with the data of 57 million customers. As a result, the service
had to pay 100,000 US dollars to the criminals for non-disclosure.
However, the case went public, which undermined the firm’s reputation.
Apart from the ransom, the service paid a fine of 400,000 euros.2
Planning milestones:
• Develop or revise your business continuity plan (BCP), incident
response and recovery plan, and incident response playbooks.
• Create an incident response team.
• Allocate a BCM budget.

Many incidents can be effectively mitigated

by adequate and timely response, without
applying any technical measures

13 2
D. Lee, “Uber concealed huge data breach,” BBC.
 The BCP should set the key continuity parameters:
The path to digital leadership

• Recovery time objective (RTO). The maximum amount of time

to restore business functions or resources following an incident.
• Recovery point objective (RPO). The maximum acceptable amount
of data loss.
• Service delivery objective (SDO). The service level to be supported
until complete recovery. For instance, after an adverse event, a certain
quality of services must be maintained, albeit at a lower level.
• Maximum tolerable downtime (MTD). The longest possible
unavailability period for systems or processes. Exceeding this time will
severely affect the company.
The BCP helps to find a balance by optimizing each of the above
parameters. This is when business continuity management becomes
a measurable and manageable task within the capability of most
corporate services and functions, from logistics and accounting to IT
and cybersecurity.
The incident response and recovery plan should describe the target
scenarios and actions to minimize the company’s damage from
incidents and reduce the remediation time. The document covers
the following incident management fundamentals:
2022

• coordinated actions and communications

• staff awareness and preparedness to act promptly as required
by the process
When elaborating such plans, avoid unnecessary paperwork, use
simple and concise language. This will ensure more effective actions
The fundamentals of business continuity management

in an incident. Thus, all the documents can be integrated into a user-

friendly guide accessible at any time.

14
 Implementation and testing
The path to digital leadership

The purpose of this stage is to progressively build a BCM framework that

would cover almost all departments. This will enable the involvement
of relevant professionals—legal advisers, PR managers, and others—
throughout the remediation stages.
Recommended activities at this stage:
• Purchase the tools.
• Select the service providers.
• Launch an incident response team.
• Arrange for cyber literacy training for employees.
• Monitor the effectiveness of implemented measures, assess and
eliminate the deficiencies.
You can simulate incidents to test your measures. For instance, when
migrating a platform to the cloud, you can disconnect the source
platform and check the service provider’s response. This will enable
you to replace the ineffective contractor preemptively and avoid any
downtime during an incident.
2022

Engage independent experts to conduct training attacks on your IT

infrastructure. It is critical to use all possible tools to identify and remove
security gaps in your organization. Consider security awareness services
to increase training effectiveness.
Remember to regularly test your incident response team.
In an emergency, there will be no time to study the plans, hence,
The fundamentals of business continuity management

response actions should be practiced proactively. There are special

training platforms tailored for these purposes—cyber polygons. Moreover,
you can resort to red teaming services to assess how well your team is
prepared to cope with incidents.

15
 Now that we have delved into the stages of BCM implementation,
The path to digital leadership

the next step is to explore how to handle real-life incidents.

Incident detection
The purpose of this stage is to determine further actions based
on the information about the incident and its implications.
These are the recommended steps to take:
1. Collect as much intelligence as possible that would help to analyze
the incident: what happened, who discovered the incident, and what
measures were taken.
2. Report the incident to your in-house response team or the outsourced
specialists. A minor incident may be reported to a security expert and
an IT specialist alone.
3. Document the incident.
4. Assess the extent of compromise: the potential consequences,
the suspended business processes, and the time and resources it will take
2022

to neutralize the incident.

The incident detection stage does not necessarily result in actions. Not every
incident leads to substantial financial losses to trigger a response procedure.
For example, single failed employee login attempts are a minor incident. While
such failures should be recorded and monitored, there is no need to go through
all the response stages.
The fundamentals of business continuity management

16
 Mitigation, remediation,
The path to digital leadership

and recovery
The purpose of this stage is to minimize the consequences
of the incident.
The first steps are as follows:
• Assess the measures you have taken.
• Try to isolate the systems that might be infected. Where this is
not possible, enhance the monitoring. In this step, you can launch
investigation procedures. In this step, you can launch investigation
procedures.
• Check all the systems to make sure the incident has not affected
the entire infrastructure.
• Eliminate the cause of the incident.
• Determine whether the affected systems can be recovered. If not,
prepare a further action plan factoring in the lost infrastructure
components or critical data.
These will provide you with a basis for a safe recovery of your business
2022

processes.
In the course of recovery:
1. Estimate when the affected business processes can be restored.
Consider the investigation specifics: a system might have to be
isolated for the time of the examination.
The fundamentals of business continuity management

2. Use backups to reset the compromised systems.

3. Make sure that all the affected systems have been updated
and patched.

17
 Revision of existing measures
The path to digital leadership

The purpose of this stage is to identify and rectify the shortcomings that
resulted in an incident.
These steps will help in revising the measures:

1. Analyze the following:

• Were all the employees prepared for the cyber incident?

• What prevented a prompt response?
• Was the course of actions clear to you and your employees?
Did you follow it?
• Are your employees equipped with sufficient knowledge to effectively
repel cyber incidents?

2. Check the internal documentation:

• Are there any errors/omissions in the described course of actions?

2022

• Are the documents easy to read for all employees? Are there any
sections written in difficult language and hence hard to understand?
• Are the issues encountered during the incident covered
in the documents?

The missing documents should be developed considering the challenges

you came across when handling the incident.
The fundamentals of business continuity management

3. Update the inventory of your digital assets and identify changes

in the external and internal infrastructure that occurred during
the incident.

4. Determine the measures and tools to prevent similar incidents

in the future.

5. Consider how to improve employee training. Your cybersecurity

specialists would benefit from cyber polygon exercises while
the rest of the staff could be put through cyber literacy training.

18
 Checklist
The path to digital leadership

Our checklist will help you embark on your BCM journey.

Determine when you last analyzed the digital trends. If your research was
conducted more than six months ago, it is time for another round. Analyzing
trends assists in predicting events that can affect business in the short and long
term.

Take inventory of your digital assets. The complete picture will enable informed
decisions, such as software replacement, help to detect weaknesses in the IT
infrastructure and plan further steps to strengthen your defenses.

Create a cyber incident response team. Identify the key stakeholders (PR, legal,
HR, and IT units, company executives, client support) to inform and involve
in case of an incident.

Make sure that the technical cybersecurity tools are suitable for your company
2022

and perform their declared functions.

Check your technical defenses: they must be properly configured and updated
to the latest versions.

Make sure that the incident response documentation is simple and clear.
The fundamentals of business continuity management

Select activities to upgrade the skills of your in-house cybersecurity specialists.

Prepare a plan to improve cyber literacy among the line personnel and
executives.

Consider what digital transformation and cybersecurity tasks can be outsourced.

External experts continuously cooperate with organizations of various scales
across industries and might have a broader approach to your tasks. They will
help you save your most valuable resource—time.

19
 Conclusion
The path to digital leadership

BCM is a recurring cycle of activities aimed at preventing incidents,

whether online or offline, and adopting anticrisis and recovery measures.
The BCM objective is to facilitate the development of businesses resilient
to emergencies.
With BCM in place, a company can:
• Approach the continuity of business processes as a measurable
and manageable task.
• Keep up with the fast-paced changes in the market, digital space,
and legislation.
• Elaborate possible threat scenarios.
• Prepare economically feasible response and remediation measures.
• Minimize damage caused by incidents.
• Identify security gaps before they are spotted by cybercriminals.
2022
The fundamentals of business continuity management

20