Business Recovery Risk

By
Katelyn Peters
Full Bio
Katelyn Peters has a writer and editor for more than five years who focuses on both investing and personal finance content. In addition to her experience in finance, she is also a volunteer editorial contributor for Litmus Press, O Books, and The Post-Apollo Press.
Learn about our editorial policies
Updated January 09, 2023
Reviewed by Akhilesh Ganti
Fact checked by
Michael Logan
Michael Logan Headshot
Fact checked by Michael Logan
Full Bio
Michael Logan is an experienced writer, producer, and editorial leader. As a journalist, he has extensively covered business and tech news in the U.S. and Asia. He has produced multimedia content that has garnered billions of views worldwide.
Learn about our editorial policies

What Is Business Recovery Risk?

Business recovery risk refers to a company's exposure to loss as a result of damage to its ability to conduct day-to-day operations. Loss of ability to conduct day-to-day operations may result from supply chain interruptions, damage to physical locations, or loss of access to virtual systems, among other losses.

Key Takeaways

  • Business recovery risk refers to a company's exposure to loss as a result of damage to its ability to conduct day-to-day operations.
  • Loss of ability to conduct day-to-day operations may result from supply chain interruptions, damage to physical locations, or loss of access to virtual systems.
  • Short-term threats may include damage to computer systems or workers' inability to reach the job site due to natural disasters.
  • Medium-term threats may include infrastructure failure or loss of staff.
  • Long-term threats may include extensive property damage.

Understanding Business Recovery Risk

Analysis of business recovery risk involves categorizing threats according to short-, medium- and long-term impact. Short-term threats may include damage to computer systems or workers' inability to reach the job site due to natural disasters. Medium-term impact threats may include infrastructure failure or loss of staff. Long-term impact threats may include extensive property damage.

Firms address business recovery risk within their business continuity plan (BCP). A BCP is created in order to ensure that personnel and assets are protected and able to function quickly in the event of a disaster. The BCP would create a system of prevention and recovery from potential threats. Risks may include natural disasters— such as fire, flood, or weather-related events—or cybersecurity attacks. 

After the terrorist attacks of September 11, 2001, business recovery risk become an important component of risk management and disaster recovery plans. Bond trading was closed for two days and resumed trading on September 13. The New York Stock Exchange and Nasdaq reopened on September 17, after the longest suspension of trading since the Great Depression. Clearing and settlement of payment transactions suffered several delays.

An analysis revealed vulnerabilities in the risk management strategies employed by financial institutions. For example, while they had planned for disasters in their buildings, the firms had not planned for area-wide disruptions. Their processes also did not create redundancies to deal with vendor shutdowns. The interdependent chain of events after the disaster also emphasized the importance of concerted action, as opposed to individual action, to ensure the continuation of the business.

Business continuity planning and disaster recovery have become a sophisticated discipline with certifications and planning that involves all departments of an institution, from senior management to the security personnel responsible for administration. When developing a business continuity plan, there are generally four steps that a company must follow: business impact analysis, recovery, organization, and training.

During the business impact analysis stage, the company will identify the functions and resources that are time-sensitive. In the recovery stage, the company will identify how it will recover critical business functions. In the organization stage, the company forms a continuity team that will then create a plan to manage the disruption. Finally, in the training stage, members of the continuity team must test their strategy and complete exercises that review the plan and strategy.

Article Sources
Investopedia requires writers to use primary sources to support their work. These include white papers, government data, original reporting, and interviews with industry experts. We also reference original research from other reputable publishers where appropriate. You can learn more about the standards we follow in producing accurate, unbiased content in our editorial policy.

  1. Congressional Research Service. "The Economic Effects of 9/11: A Retrospective Assessment," Page 28. Accessed Dec. 12, 2020.

Take the Next Step to Invest
×
The offers that appear in this table are from partnerships from which Investopedia receives compensation. This compensation may impact how and where listings appear. Investopedia does not include all offers available in the marketplace.
Service
Name
Description