Every business owner knows preparation is critical to maintaining operations throughout an emergency, but few put in the time to create a comprehensive, actionable, and appropriate disaster and business continuity plan. Hurricanes, fires, terrorist attacks, earthquakes, and cyber attacks are just a few of the emergencies that happen on a regular basis and impact business operations. Keeping employees safe is a primary concern, but businesses also need to make plans to secure data and documents and to keep the businesses running throughout any situation. 

In today’s connected world, if you can’t answer the phone, someone else will. Are you prepared to risk losing clients because you failed to plan for an emergency?

Where do Disasters Happen?

Disasters strike everywhere; there is no such thing as a safe place. Some, like hurricanes, come with at least some warning, while others, like cyber attacks, give no notice. Survivors of Hurricane Maria last year know that even when warnings exist, they may not provide exact details on the strength or impact of a disaster. This year alone, individuals and businesses have faced damage and displacement from wildfires, hurricanes, and tornadoes, in the natural disaster category, and attacks by hackers, gunmen, burglaries, corporate espionage, and employee theft have caused losses of literally millions of dollars.

So What’s the Impact?

And the impact of these (and other) disasters can be debilitating. According to the Federal Emergency Management Agency (FEMA), approximately 40% of businesses do not reopen after a disaster. Even those that do re-open face an uphill battle. FEMA reports that of the 40% that reopen, only 29% were still operating after two years. For companies unable to access critical data for nine days or more after a disaster, whether because of lack of power or destruction of records, face a very high chance of bankruptcy within a year.

Small businesses are particularly vulnerable to long-term after a disaster, primarily because of lack of a disaster or emergency response plan. According to FEMA, approximately 62% of small businesses have any type of business continuity or disaster plan. Of those who have implemented some type of preparation, the majority do not have a written plan in place, leaving them disorganized when facing an actual emergency.

Very simply, a disaster or emergency plan with a business continuity program is designed to ensure that the company can continue to run in the face of an emergency. If the emergency is something that will not allow continued operations, then the plan must include protecting people and information and positioning the company to recover quickly.

What is a Disaster Plan/Business Continuity Plan?

So, what should a plan cover? Personnel, products, the physical environment, and IT/records. While each organization is unique and requires its own plan, FEMA makes the following general recommendations regarding a plan on the site www.ready.gov:

Program Management

The preparedness program is built on a foundation of management leadership, commitment, and financial support. Without management commitment and financial support, it will be difficult to build the program, maintain resources and keep the program up-to-date.


In developing an all-hazards preparedness plan, potential hazards should be identified, vulnerabilities assessed and potential impacts analyzed. The risk assessment identifies threats or hazards and opportunities for hazard prevention, deterrence, and risk mitigation. It should also identify scenarios to consider for emergency planning. The Business Impact Analysis (BIA) identifies time sensitive or critical processes and the financial and operational impacts resulting from disruption of those business processes. The BIA also gathers information about resources requirements to support the time-sensitive or critical business processes.


Implementation of the preparedness program includes identifying and assessing resources, writing plans, developing a system to manage incidents and training employees so they can execute plans.

Testing and Exercises

You should conduct testing and exercises to evaluate the effectiveness of your preparedness program, make sure employees know what to do and find any missing parts.

Program Improvement

A critique should be conducted to assess the response to the incident. Lessons learned from incidents that occur within the community, within the business’ industry or nationally can identify needs for preparedness program changes.

So What Should a Business Do?

The first step is recognizing the need for a disaster plan, and then taking stock and figuring out how to implement that plan. And it is critical for that to happen before disaster strikes. If a company is trying to put together a plan after a disaster strikes, it’s too late. The company will incur much higher costs, loss of information and potentially personnel than if it had prepared ahead of time. 

Second, assess your own needs and vulnerabilities. Maybe you back up your data already, but do you put it on an external drive co-located with your current hard drive? Do you have a way to contact employees and for them to contact you? Do you have a team to spearhead implementation in case of an emergency? Who will answer the phones or check email?

Third, design a plan, train employees, test that plan, and improve it. An experienced firm can assist in constructing a comprehensive plan.

A strong plan will keep you running, or at least position you to rebound quickly. Neglecting to design and implement a plan could cost you your business. Don’t lose your business due to the lack of planning.