Organizations ignore social media when it comes to business continuity planning

New study finds while many organizations are incorporating business continuity management into their risk program, they are still failing to use social media channels as part of their plan

According to a new study from PriceWaterhouseCoopers says that many companies are not leveraging social media when it comes to business continuity management, but documentation processes are being coming more pragmatic, and vendor resiliency is starting to take hold.

The Business Continuity Insights Survey, from PriceWaterhouseCoopers (PwC), says that many companies are not leveraging social media when it comes to business continuity management, even though they're making progress in their business continuity planning by re-thinking their approach to crisis management.

"We are seeing more and more companies using business continuity management (BCM) to address items in their risk portfolio, and are spending more time integrating BCM into their enterprise risk management program, versus seeing it as an insurance exercise or IT responsibility," said Phil Samson, PwCs Business Continuity Management service leader, in a statement.

[CSO's ultimate guide to business continuity and disaster recovery]

In a study of approximately 300 professionals, PwC discovered that 57 percent of them do not use social media officially when comes to developing crisis communications in a BCM program. But, those that do, cite Facebook and Twitter as the two most popular channels.

Still, PwC said that respondents indicated that even when social media is leveraged, the organizations represented don't necessarily see improvements to their capabilities. On the other side of that argument, less than 10 percent said social media has become an enabler for the organization to proactively identify and respond to events.

"Were telling our clients that they must first look through their crisis communication plan for ways to use social media as an effective communication channel to employees, key third parties, customers and stakeholders. Then, they should look at the more likely crisis and risk scenarios and determine if social media could be used to facilitate crisis identification, internal and external communications, and recovery coordination efforts," Samson added.

Additional details from the study say that organizations are starting to realize that they no longer have to grasp for new ways to structure their BCM programs to get leadership buy-in. A majority of the survey respondents noted that documenting BCM plans have become more pragmatic and user friendly.

Finally, respondents noted that vendor resiliency is being integrated into their various BCM programs. In fact, 64 percent said they involve one or more critical third parties as part of their organizations BCM programs, and 83 percent of these respondents are involved in identifying and planning for a loss of the aforementioned third parties.

To be fair, half of the respondents said they either do not manage or assess vendor resiliency, or do so in a silo fashion, 44 percent are attempting to do so within a centralized function, due to an increase in BCM inquiries from their key customers.

[3 things to consider before buying into disaster recovery as a service]

"In the past, companies built a structured script and walked through a specific scenario, but now they are realizing that real life crisis events dont happen that way. They are now looking at how to make crisis management plans much more flexible and capable of handling longer lasting crisis events," said Samson.

"Further, the increased emphasis on risk management as an organization-wide initiative has continued to drive collateral improvements within BCM. Management is beginning to align BCM to broader organizational risk initiatives, as well as observing the benefits of imbedding a 'culture' of continuity and resiliency within everyday business processes."

PwC has offered a webcast containing the full findings of their survey, which can be accessed here, but registration is required.

Copyright © 2013 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)