COVID-19 and pandemic planning: How businesses should continue to respond

Traditional resilience planning does not do enough to prepare for a pandemic. Here you can learn how organizations can improve their response and how the Biggest Spenders may utilize their business finances.

The rapidly evolving threat around the COVID-19 virus, commonly known as the coronavirus, affects the business and investment community around the world. The global and interconnected nature of today’s business environment poses a severe risk of disruption to global supply chains, leading to a significant revenue loss and negatively impacting global economies. Pandemic planning should be almost second nature to businesses at this point.

The impact on the world economy may increase depending on the extent of the virus’s geographic spread. However, the pandemic has already harmed the world economy as a whole.

Cyber threats and problems to overcome

As the event evolves, we see companies taking measured approaches to safeguard employees and mitigating financial and operational exposure. For example, at the time of this document’s publication, many multinational companies have reduced production from their facilities and suspended their operations in affected regions, as travel restrictions and mandatory social distancing have been invoked in line with working from home. Businesses and governments around the world continue to monitor the situation closely.

While cyber risk is a relatively recent consideration in resilience planning, companies have long maintained various resiliency plans for business continuity, disaster recovery, and crisis management before the pandemic. While useful for several business disruptions, those plans may not be enough during a global crisis such as the coronavirus or other pandemic events.

Furthermore, companies tend to have less incentive to invest in different pandemic management capabilities, as these are less likely events (the last major pandemic, H1N1 or swine flu, occurred in 2009). And while companies have likely renewed their resilience plans in response to the H1N1 pandemic, it is essential to consider the current environment’s differences.

For example, cybercriminals are more likely to target a situation where security operations centers are primarily managed in the affected region. Given the high severity, possible human impacts, and the more significant contagion effect that these events can have for the continued viability of operations, companies should think about their businesses’ implications and develop specific crisis management annexes around the pandemic threats. These annexes can serve as critical mechanisms by which companies can coordinate a response with federal, state, and local authorities.

In addition to their incident response and crisis management framework and protocols, to respond effectively to these events so that the business can continue to thrive, even in turbulent times such as these.

Planning ahead

There are significant differences between business disruptions caused by natural, human-made, technological, or operational failures and those caused by pandemic events. These differences persist due to the potential increase in the scale, severity, and duration of pandemic events, requiring organizations to go beyond traditional resilience planning strategies.

Businesses must incorporate pandemic planning into pre-existing resilience management. This can offer a comprehensive response as well as continuity for their most critical products. Companies should also consider establishing specific policies and procedures for the pandemic, employee communication skills, telecommuting, and personal/family leave to minimize disruption. Due to its duration, the impact on staff in regions that absorb the additional work cannot be overstated, from the onset of the pandemic to several weeks later, when the contractor’s resources can begin to contribute significantly. The scale can also vary. To date, it has been regionally concentrated with some global impacts; we have not yet seen a completely crippling global pandemic, although this remains a possibility.

Apply a “people first” mentality

An organization’s priority during a pandemic should be the safety and well-being of its staff. They are the ones who run the business and so their welfare must remain well. Employees cannot focus on job responsibilities when their well-being and that of their family is in jeopardy. Therefore, the question must remain, are the employees safe? Then followed by whether they are going to be able to continue working in the same way as before and if this will affect the customers and their service.

Companies must monitor the situation, provide a safe workplace, and offer their employees the support they need. Examples of employee support may include facilitating access to internal and external resources (for example, World Health Organization, SOS International, Centers for Disease Control and Prevention), services (for example, long-term care to children and the elderly, transportation for night hours).

Also, recognition of employees who take on jobs corresponding to other areas, communicating timely updates to increase awareness, and establishing standard care services for employees. Companies should seek to provide support for sick staff or those who care for sick family members too. 

To enable timely two-way communication and employee follow-up and to disseminate critical information, companies must validate that emergency notification systems are in place and are periodically tested. Alternative communication channels such as social media can be used, especially if the telecommunications network’s capacity is in high demand. Additionally, companies should conduct pandemic-related training to improve employee preparedness and alleviate any concerns. 

Geographical segmentation plan for functions and activities

A pandemic can have severe consequences in affected areas and geographies, rendering them inaccessible for a prolonged period. Business impact analysis is vital, and companies must convey a plan that links activities and functions together. This must be coupled with interdependencies.

Companies should pay close attention to these activities’ geographic concentration – where are they being functioned, and are there alternative sites to work from? As prudent risk management and to the extent possible, companies should seek to diversify the supplier base, customers, and third-party service providers across geographies to avoid single points of failure and increased exposure due to regional disruptions and geopolitical events.

Invest in technology and infrastructure to support remote working and virtual collaboration capabilities

A pandemic requires employees to stay home to limit exposure and prevent or slow the disease’s spread. Unlike a rare weather event, which can cause some employees to telecommute, a pandemic can lead to the complete shutdown of the entire facility in an area, forcing many employees to work from home for an extended period. In turn, this can lead to heavier-than-normal traffic on remote connectivity networks, leading to capacity and load access issues.

Businesses should invest in tools that allow staff to telecommute and collaborate virtually, assess their current bandwidth to support remote work, conduct periodic network stress tests, and identify workarounds for critical tasks that cannot be executed at home. It should be noted that although telecommuting is a good option for different business sectors, it doesn’t always create a positive impact within the world of manufacturing. It has a critical impact on product supply chains.

Consider the systemic nature of pandemics when designing response strategies.

Companies must challenge and expand the limits of traditional resilience plans to cope with pandemic events. During a pandemic, some standard strategies such as moving work to alternative locations, relocating the workforce, and increasing staffing may not be viable options as staff, and alternative sites may be equally affected by the event. Furthermore, the degradation or limited availability of necessary infrastructures, such as public transport, telecommunications, and the Internet, can pose new problems for the activation of plans and strategies. Companies must carefully design different strategies, for example, contracts between affiliates to outsource work or alternate suppliers in the supply chain to overcome these barriers, and especially plan around areas of high manual intervention and concentration risks, including single points of failure.

The focus should be entirely on technology advancements before anything, with customer service always as a high priority. It’s time to start moving forwards again and planning for the bumpy road ahead.