Presently, only a few large organisations in Malaysia apparently have an active BCP in place. In the lexicon of cybersecurity terms, active means the BCP is tested regularly for its effectiveness. Tested regularly means at least twice a year, a mock or trial run is conducted to test the relevancy and effectiveness of the plans put in place.
An effective business continuity plan lays out the instructions and procedures a company must undergo when some kind of disaster occurs. Every company should have such a plan in place to avoid losing money or halting operations. Minimally, the BCP should address the following:-
Definitions of the systems and data the company must protect
How the company will backup and protect specified data from loss
How and where the company will recover operations should a crisis occur
Which individuals, departments, or teams are responsible for which disaster planning and execution tasks
How to test the plan
Investors and regulators are now emphasising on the need for a BCP, maybe eventually making it mandatory especially for companies whose business model is entirely dependent and is based on the internet in the light of the collapse of a crypto currency exchange recently.
The founder, apparently on a charity mission to a foreign country, suddenly died. His death prompted a mass withdrawal prompting liquidity issues as most of the liquidity were stored in cold wallets for which only the founder - one and only person - knew the password. All the crypto coins are now probably lost in the cold wallets. Cold wallet is for reserves and is an offline data stores which hold coin information offline. It is practiced as insurance against hackers stealing coins.
In BCP terms, the above is a massive failure and represents reckless behaviour and irresponsibility of the Board of Directors and the senior management of the company.