In the summer of 2022, London came perilously close to a blackout. To avert this, the National Grid was forced to hastily purchase electricity from Belgium at rates over 5000% higher than the typical price per megawatt hour. The possibility of ‘managed blackouts’ has loomed darkly across UK industry and households throughout the past 12 months. With geopolitical changes destabilising present supplies, the UK is striving to secure more resilient energy sources. All law firms can take measures to improve resilience against potential power interruptions.
The recent decrease in natural gas prices has slightly reduced the prospect of blackouts, but this issue still affects all businesses — and small to medium law firms are no exception. Law firms should plan how to mitigate consequences from future energy crises. Organisations with updated and robust business continuity plans (BCP) are better positioned to handle potential disruptions during the winter energy crisis.
Blackout fears are compounded by severe energy price rises, elevated inflation of other commodities, winter weather, and industrial action. These factors all have varying impacts on business operations, employee welfare, societal stability, and critical supplier viability. In the event of a blackout, public service bodies would have priority over resource allocation in order to continue operations. Generally, small businesses lack access to auxiliary resources and struggle to demonstrate developed BCP regarding loss of power or civil order.
Planning Business Continuity – what to consider
It is becoming more important – to clients, insurers, and regulators – for firms to create, test, and maintain plans on how core operations continue throughout power disruptions. Insurers and clients are assessing their exposure to these issues. Furthermore, the Solicitors Regulation Authority (SRA) Codes of Conduct require law firms to identify, monitor, and manage material risks to their business. These guidelines, also applicable to managers and senior level employees alike, enforce controls that protect all physical and digital assets. While there are various quality standards, the ISO 22316 standard certification is the gold standard for demonstrating the correct precautions are established. This ISO should be viewed as the zenith for companies constructing BCP procedures.
During an outage, it is vital both internal and external communication is maintained without sacrificing IT and cybersecurity safeguards. Employees must also be supported throughout prolonged disruption to everyday life — at and away from work. During periods of uncertainty, client expectations and requirements may also change. Also, professional service organisations, such as law firms, could be seen as sources of support for the general public. It would be prudent for leaders to consider what steps they could take to potentially help people during times of desperation.
An outage may force Employees to work away from the office and, instead, in less secure environments. This can subsequently present a series of additional vulnerabilities and risks. These potential weaknesses are particularly important for IT managers, given the likely increased threat of cyberattacks. Organisations that have outsourced their entire IT operation will consequently be at a substantially greater risk. Now more than ever, small and medium law firms must assess the reliability of their data servers. Understanding agreements and terms of service with suppliers is crucial in evaluating IT resilience.
The way forward – constructing resilience
Law firm leaders must consider how a disruption would influence standard business processes. Shrewd preparation, for small to medium law firms, could be categorised into the following four stages and elements:
- Planning and prevention
- People strategy
- Digital resilience
- Crisis response
Each law firm should understand the benefit of correctly organising and training both operational and strategic teams. Allocating roles to trained individuals and teams to undertake management and operational tasks is vital. Responders and decision-makers should be confident in their ability and planning for running the firm throughout prolonged periods of uncertainty. Holistic planning would consider:
- Business continuity
- Crisis management
- IT and cyber resilience
Planning should focus on interrogating existing assumptions to ensure authentic resilience. Law organisations can form comprehensive analysis through evaluating possible scenarios with their corresponding financial impact.
Support is available for law firms striving to ensure business continuity on their journey to risk maturity. The winter energy crisis requires companies to develop resilience in this pivotal area. To find out more about how you can improve your firm’s resilience, reach out to your advisers.
James Crask- Head of Strategic Risk Consulting, Marsh.