“I find the content of Journal of Business Continuity & Emergency Planning to be up to date, easy to follow, and applicable to the professional in the field, the student in the class, and the academic. This journal offers a mix of articles from many disciplines in a manner that allows the professional to utilise the data immediately. I have personally used material from this journal on multiple occasions, both in my academic and professional endeavours.”
Volume 18 (2024-25)
Each volume of Journal of Business Continuity & Emergency Planning consists of four 100-page issues both in print and online. Articles currently published in the volume are:
Volume 18 Number 1
-
Editorial
Lyndon Bird, Editor -
Practice Papers
An apolitical risk assessment of the 2024 US elections: The threat of widespread riots and significant business disruption
Mike Blyth, Chief Executive Officer, Sigma7, et al.
Civil disorder has always plagued humanity, with violence being triggered by real or perceived grievances, rumours and speculation, and internal or external agitators. The risk to people, communities, businesses and the rule of law is not isolated to a particular country or society. The propensity for violence and how it is incited is, however, an evolving threat with the advent of the ‘modern riot’. The causes of violence centre on economic and social injustice, sports- and event-related riots, a reaction to police or security forces and political unrest. As the US nears the contentious 2024 elections, the failing trust in the three branches of government combined with external global tensions and conflict, threats from domestic extremist groups, a rising acceptance of violence as a means of settling political disagreements, hostile nation actors and international terror groups that exploit societal instability create fertile conditions for widespread violence. Exacerbating these factors are the risks from artificial intelligence (AI) deepfake, rapid mass communications, the citizen journalist, prominent influencers amplifying grievances and inflammatory media reporting. This convergence of exacerbators and accelerants for political discord offers the potential for serious security risks and significant business disruption.
Keywords: 2024 elections; deepfake; AI; riots; civil disorder; flashpoints; social unrest -
Building capability and community through cyber-incident response exercises
Matthew Ricks, Senior Director, IT Facilities Infrastructure & Resilience, Stanford University
While a natural disaster or related threat may impact an organisation at some point, it is more likely (even inevitable) that it will be the victim of a cyber attack. The solution to being better prepared for these imminent attacks is to undertake more lightweight and frequent incident response (IR) exercises to help build capabilities and community through a tighter, recurring cycle of planning, conducting and assessing. To boost the facilitation of IR exercises, organisations must leverage the established relationships between business continuity management (BCM) or resilience staff (both of which are familiar with business continuity and disaster recovery exercises), and their information security office. As BCM will ultimately be involved in response and recovery after a cyber attack, it is intuitively more effective to collaborate with BCM in advance. Indeed, it has been substantiated that BCM engagement improves incident response time and reduces incident response costs. This paper concludes that involving BCM or resilience departments in IR exercises contributes to more effective responses to actual incidents.
Keywords: cyber security; information security; business continuity management; resilience; incident response; exercises -
Redefining cyber resilience: Through the risk register lens
Ria Thomas, Senior Vice President and Head of Cyber Organizational Resilience, Truist
Resilience is deeper than maintaining a company’s operations and services in the face of significant disruptions. It is the ability of a business to withstand, pivot and continue to grow in the face of a significant threat. To achieve resilience, companies must have an integrated, end-to-end understanding of how a specific threat magnifies the risks identified on their risk register, and what measures are needed across the enterprise to address the amplification of those risks. This paper details how the need for a holistic approach is especially important for cyber crises, compared with other types of crises, because they tend to have more broad-ranging impacts and complexities, such as: unclear timelines, lack of public empathy, unpredictable human threat actor(s), as well as a broader set of internal and external stakeholders that need to be engaged. Unlike other crises, cyber crises have the potential to magnify most — if not all — of the risks on the risk register. As such, cyber resilience requires ensuring that key stakeholders, whether shareholders, customers, regulators, business partners, employees, etc, stay resolute in their faith in a company and its leadership’s ability to navigate the increasingly complex issues related to cyber risks and how these issues are addressed enterprise-wide, not purely seen through the lens of technical or operational resilience. To achieve cyber resilience, organisations must develop and implement programmes that integrate both the technical and the broader business measures needed to limit fallout, demonstrate leadership through cyber crises, and deepen trust regardless of the potential severity of the impact.
Keywords: enterprise resilience; cyber resilience; risk register; operational resilience; financial risks; incident response; cyber crisis; preparedness -
Case Studies
Electronic health record downtime responses: One health system’s process for ongoing readiness
Julie Bulson, Director Business Assurance and Sean Brower, Operational Readiness Specialist, Corewell Health
Since the implementation of the HITECH Act 2009, the integration of the electronic health record (EHR) with other technology platforms has increased the complexity and necessity of technology downtimes, and the continuity of patient care has become increasingly dependent on an intact EHR. To maintain business continuity and safe patient care during planned or unplanned EHR downtime, it is imperative that organisations have solid downtime and disaster recovery plans. Successful downtime planning will include documenting, with annual reviews, the process for patient care during downtime, as well as an exercise programme that touches all aspects of the downtime process. This paper discusses the experience of a healthcare system based in the US Midwest, which has chosen to exercise part of that process on a quarterly basis, prior to scheduled EHR upgrades. Over the past year of exercises, this healthcare system has collected various data elements in order to identify the education needed and the fine-tuning of the exercise design required to ensure staff competency and patient safety during EHR downtime. The paper describes the process, outcome and the steps the organisation is taking to improve the outcomes of future EHR downtimes.
Keywords: healthcare; patient; electronic record; electronic health record; EHR; disaster; downtime; informatics; drill; exercise -
Water, water, everywhere and not a drop to drink: Responding to water disruptions in two coastal healthcare facilities
Kelsey Alexander, Health Emergency Management Specialist, Maddy Laberge, Manager and Norman Kotze, Health Emergency Management Specialist, Health Emergency Management British Columbia
Having a consistent and readily available clean water supply is essential, not only for convenience but also to safeguard public health. While disruptions to the supply of clean water can impact communities of all kinds, some infrastructures and healthcare facilities are more vulnerable than others, such as those located in remote areas or within First Nations communities. This paper presents a case study of water disruption events within Sechelt and the First Nations community of Bella Bella, describing also the associated response efforts and lessons learned. Both events shared similar response activities, requiring the curtailing of normal water usage, the establishment of emergency operations centres, the sourcing of resources via supply chain or transportation partners, implementation of infection prevention and public health considerations, and collaboration with internal and external agencies. The learnings highlight a need for greater focus on building resiliency within healthcare facilities, especially those that serve remote or First Nations communities. The study also presents recommendations for water disruption response planning at the site and community level, and the establishment of non-centralised backup water systems.
Keywords: water security; healthcare facilities; emergency preparedness; public health; resource allocation; community collaboration -
Research Paper
Continuity of an essential service during the COVID-19 pandemic: A systematic review and meta-analysis of vaccine perceptions and hesitancy in the emergency medical services profession
Randy D. Kearns, Associate Professor of Healthcare Management and Disaster Management, University of New Orleans, Ginny R. Kaplan, Assistant Professor of Health Care Administration and Advanced Paramedicine, Methodist University and Michael W. Hubble, Assistant Professor, Wake Technical Community College
During and subsequent to a natural disaster, there is an expectation that certain elements of society will continue to operate with a degree of normalcy. For example, it is expected that emergency medical services will continue to function and remain reliable for the community served. Expectations such as these are based on the presumed reliability of government and the assumption that those responsible for the relevant infrastructure will have made plans to ensure it remains functional and taken steps to mitigate known weaknesses. The COVID-19 pandemic provides a case in point. Specifically, data captured during the pandemic are now the subject of ongoing review and analysis, and the findings from such studies are being used to inform planning and preparedness for the next public health disaster. This particular study was conducted in response to circumstantial evidence indicating that frontline workers in the healthcare profession may share some of the same ambivalence towards transmission mitigation as seen in the general population when confronted with new and emerging communicable diseases. This is a concern, as when medical personnel are either unable or unwilling to take reasonable steps to protect themselves and their patients, it undermines the readiness of the essential service. To explore this situation in greater depth, the study examines the real-time responses from a sample of frontline personnel interviewed during the pandemic. The results indicate that there are a number of opportunities to improve workforce readiness to assure reliable continuity during the next outbreak, epidemic or pandemic.
Keywords: COVID-19; emergency medical service; mental health; vaccination; vaccine hesitancy; disaster planning; EMS; vaccine; vaccinations; COVID19; SARS-CoV2