Business Continuity Theater: Why Our Standards Are Stronger Than Our Practice

By |2026-01-21T03:16:04+00:00January 21st, 2026|0 Comments

There is no shortage of guidance on how to “do” Business Continuity well.

Between ISO 22301 and the BCI Good Practice Guidelines, we have mature, globally recognized frameworks that clearly describe leadership accountability, strategic alignment, and the behaviors required to build organizational resilience.

And yet, across sectors, public/government and geographies, the same pattern persists:

  • Plans exist, but confidence is misplaced
  • Programs comply, but don’t adapt
  • Metrics improve, while real exposure quietly grows

This overview launches a six-part series which starts from a simple observation:  the gap in Business Continuity has never been technical — it is human.

This is Not a Standards Problem.

It’s tempting to treat weak BC outcomes as a failure to “meet the standard”:

  • The policy isn’t complied with
  • The size and scope of the program isn’t defined
  • The plans aren’t detailed enough

But that diagnosis misses the point.

Most organizations can meet the obligations of ISO 22301 or the GPG. What they struggle with is what those obligations demand of people. The standards assume:

  • Leaders will make explicit trade-offs that values resilience.
  • Managers will surface uncomfortable truths in environments that reward silence
  • Teams will challenge legacy assumptions when those assumptions are so embedded they are no longer seen.
  • Risk will be discussed honestly, not abstractly

Those are not procedural tasks. They are behavioral ones.

The Human Drivers Sit Beneath the Framework.

When BC programs stall, calcify, or become performative, the causes are rarely documented anywhere — but they are predictable:

  • Cognitive shortcuts: “This is what we’ve always done” becomes a substitute for reassessment.
  • Social cost: Challenging scope, assumptions, or recovery expectations carries reputational risk — especially for middle management.
  • False reassurance: Completion metrics soothe anxiety without reducing exposure.
  • Delegated discomfort: Strategy changes at the top, but the implications for disruption risk are pushed down the organization.
  • Misplaced confidence: Non-specialists underestimate the effort required to design continuity that actually works under pressure.

None of this is malicious…. All of it is very human….. and none of it is solved by adding another template.

Why the “Work” is Undervalued….

Business Continuity, when done properly, is demanding costly work:

  • It requires sustained critical thinking
  • It forces prioritization under uncertainty
  • It exposes dependencies people would rather not own
  • It challenges narratives of control and preparedness

That work largely sits outside the executive suite — with middle managers, technical specialists, and operational leaders who are expected to deliver certainty in systems that are inherently fragile.

Yet this is also where BC is most often:

  • Under-resourced
  • Time-boxed
  • Measured incorrectly
  • Treated as documentation rather than design

The result is a program that looks credible on paper but is brittle in reality.

What this Series Will Do Differently

This is not a “how to comply” series. In the articles that follow, I will focus on:

  • Where Business Continuity actually lives day to day
  • Why leadership intent rarely translates into operational reality
  • How culture, incentives, and reporting shape behavior
  • Why risk reduction is harder — and more valuable — than plan completion

Most importantly, this series will explore why well-intentioned organizations keep reproducing the same weaknesses, even when they know better.   Because until we address the human dynamics underneath our frameworks, our standards will continue to outpace our practice and the next disruption will expose the gap — whether we are ready to acknowledge it or not.

The six articles in the series tackle where the real work sits — and why it’s routinely undervalued. 

Read article #1 now.  Come to the HUB on February 2 to access articles #2-6.

  1. The Real Work Sits Where the Authority Doesn’t — and What We Can Do About It 
  2. Top Management “Buy-In” Isn’t the Problem. Ownership Is
  3. What’s Really holding Us Back and How Change Actually Takes Root
  4. When Plans Are Cheap, Proof Becomes Everything 
  5. If We Can’t Articulate Our Value, We Won’t Be Valued 
  6. Resilience Is a Behavior — Not a Framework

###

This introduction was originally published on LinkedIn and has been republished with permission. Link to the article to join in on the discussion.

Photo credit:  ChatGPT

Recommend0 recommendationsPublished in Enterprise Resilience

Share This Story, Choose Your Platform!

FacebookXRedditLinkedInTumblrPinterestVkEmail

About the Author:

Laura Jury is a passionate resilience professional living in the disruption risk-rich environment of New Zealand – featuring everything from large-scale earthquakes and being on the Pacific Rim to the ever-expanding global risks of cyber and physical security and every possible disruptive event in between. Laura has a proven track record in crisis management, business continuity, and emergency response strategies, particularly within financial services and aviation. She excels in strategic thinking, taking decisive action, and leading teams through complex disruptions, driving positive change in dynamic environments to ensure organizations are prepared for not just the identified risks but the unforeseeable ones.

Beyond her work in the aviation industry, Laura is dedicated to fostering a vibrant community of Risk, Security, and Business Continuity professionals in New Zealand. As the chair of the NZ Chapter of the Institute of Strategic Risk Management (ISRM), she actively shares engaging content that sparks discussion, promotes continuous learning, and pushes the boundaries of capability and development within the resilience domain.  Reach out to Laura in LinkedIn.

 

Related Posts

Business Continuity Theater #1: The Real Work Sits Where the Authority Doesn’t — and What We Can Do About It
Proactive Resilience: Moving Beyond Recovery to Capability
My Journey & Vision for the Global Resilience Exchange
The Big Picture: Adaptive Business Continuity
The Emperor’s New Clothes: Organizational Resilience and BCM Revisited

Leave A Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© 2022 Risk and Resilience Hub | Entries (RSS) | Comments (RSS)