Vancord logo

Planning Ahead: Incident Readiness vs. Business Continuity

Is your organization prepared? Cyberattacks on small and medium businesses (SMBs) are becoming more impactful and frequent thanks to bad actors around the globe, and that’s not all. Business interrupting data incidents are rising via insider attacks, corporate espionage, volatile weather events, and more.


From costly downtime to business shutdown, SMBs pay the price for unchecked incidents in the form of dollars, lost market share, damaged reputation, or worse, complete loss of business. From malware infections to stolen laptops, both the short- and long-term ramifications of these incidents can have a lasting impact on a business.

Consider the facts:

  • The cost of downtime for a small company is $8,000 per hour of downtime. That hourly rate increases to $74,000 for medium-sized companies and $700,000 for large enterprises.
  • One in five small businesses experiences a cyberattack; of those, 60 percent will go out of business in six months.
  • One in five SMB executives surveyed doesn’t have a response plan in place. Of those, 31 percent cited a lack of resources and budget.

You need a plan to reduce your risk, but which one? The terms “incident response plan” and “business continuity plan” are bandied about and often conflated. Do you need one or both? And which one do you need first? Read on for answers to your questions.

Start with an Incident Response Plan (IRP)

No matter your company size, you’ll want to start with an incident response plan (IRP), which is a step-by-step guide for preparing for, detecting, responding to, and recovering from a network security incident. An incident is defined as any situation, event, or anomaly that harms the security or confidentiality of protected assets or processes, whether from technological failures or acts of God and man.

The shorter the lifecycle of the incident or breach, the better. A breach lasting under 200 days costs $1 million less than one with a life cycle longer than 200 days. The first 72 hours following an incident are critical, involve multiple moving parts, and often must be addressed simultaneously. At the same time, teams may still be scrambling to collect the facts. Knowing the source and target of an attack on your network is key to choosing the best course of action.

An IRP is a crucial component of a business continuity plan (BCP). While an IRP can shorten the recovery time, the BCP guides continuing operations following a high-impact incident threatening normal business operations. For example, imagine if your company is a patient in a hospital. To stabilize and save the life of the patient, you must stop the bleeding first. IRP stops the bleeding. BC keeps the patient alive.

Incident Response Plans vs. Business Community Plans: Know the Difference

A BCP complements the response qualities of an IRP and lays out the way a company will function during an unplanned service interruption. Unfortunately, 51 percent of businesses worldwide do not have a business continuity plan. And like the IRP, a BCP can be challenging to sustain for SMBs that have limited resources. For example, the Federal Emergency Management Agency (FEMA) found that one in five companies do not spend time maintaining their continuity plan. In contrast, 20 percent of larger businesses spend over ten days every month on their plans.

Here are the key differences between an IRP and a BCP:

  • Incident response is your team’s ability to manage an incident that may or may not lead to business interruption.
  • Incidents end when they have been effectively responded to.
  • A BCP outlines specific contingencies for all aspects of the business that can be affected.
  • BCPs and IRP are overlapping, but they’re not interchangeable.
  • An IRP is an essential element of an effective BCP.
  • BCPs include comprehensive strategies on how to sustain business operations for both short- and long-term outages.
  • Incident response is more tactical; business continuity is more strategic.

Start your IRP today with an Incident Readiness Assessment

An IRP is specific to a company’s unique needs and circumstances, and it should start with a thorough incident readiness assessment. The assessment evaluates the current state of your incident response program so your team is fully prepared to identify and respond to threats quickly.

The Incident Readiness Assessment involves three steps:

  1. Examining your organization’s cybersecurity maturity level and risk exposure
  2. Finding the gaps in your defenses
  3. Delivering remediation recommendations based on insights gained in steps 1 and 2

Are you ready to be ready? Vancord offers a full suite of incident-ready services that emphasize security fundamentals over complexity. We work collaboratively with you to arm your team with the tools needed to act quickly and recover in the event of an unexpected cyberattack. Learn more about our incident-ready services here.

Cybersecurity Tips In Your Inbox.

Get notified when we have something important to share!