Preparing for the Best and the Worst: Data Contingency Plans for Risk Management


Developing a Data Contingency Plan

Despite your best efforts, there is always a risk that your data systems could be breached. Such a breach can also bring your business to a halt. A good risk management plan helps you to act fast when your systems fail or are compromised. Taking steps while there is minimal threat and things are operating normally pays off when a threat is successful.

What Is a Data Contingency Plan?

A data contingency plan is part of your overall risk management strategy and business continuity plan. The plan should aid your company’s continued operations, as well as data recovery, after a significant interruption to your systems and security. Disruptions may include cyberattacks, sabotage, natural and man-made disasters, and equipment malfunctions. Entire businesses have been wiped out by an irretrievable loss of data.

Why Does Your Company Need a Data Contingency Plan?

Data breaches and losses can happen quickly and without notice. This means that your employees, clients and customers may have expectations of “business as usual” even as your IT team scrambles to address the problem, salvage the data and get your systems back online. Every second without your data results in lost opportunities, productivity and trust. Some clients and customers, lacking faith in your security, may take their business elsewhere. When you implement a contingency plan that promptly resolves these issues and restores operations, you minimize losses.

A Data Contingency Plan Framework

Data contingency plans begin within your company’s everyday operations. Company and team leadership should be tuned in to risk management challenges and be prepared for any eventuality. For example, many companies don’t anticipate being the target of a cyberattack or ransomware threat. However, criminals don’t always choose their victims for personal reasons: If your systems are perceived as vulnerable, they can be targeted. The same holds true for disasters: Fires, tornadoes and hurricanes can strike at random, leaving your business operations and data vulnerable.

A good data contingency plan framework should be:


Your IT leadership should be aware of industry standards along with federal regulations on how your data is gathered, maintained and stored. Your operations should be compliant, but so should those of your vendors. If you are using software, orchestration services or cloud-based storage, all vendors should adhere to the strictest level of security.


Because attacks and other threats can happen at any time, you’ll need a way to get in touch with team members or vendors at a moment’s notice. During disasters or cyberattacks, you may have difficulty reaching team members or bringing them into the office. You’ll need alternate communications plans as well as ways of mobilizing your team remotely.


Ensure that you have the resources — human, technical and financial — for getting back online. If you don’t have these reserves, your contingency plan may not work.

Preparing for the Best…and the Worst

Preparation and compliance can transform what might be a disastrous breach into an inconvenience. Experts at the Project Management Institute (PMI) advise the following:

Identify and Understand All Risks

It’s difficult to take action if you can’t anticipate what might happen. You and your team know your business best. Work together to identify specific threats so that you can prepare to address each one. Another thing to consider is bringing in a consultant at this stage. The consultant may be able to identify threats that you and your team are not aware of.

Prioritizing Possible Losses

After understanding threats, it’s important to understand their impact. What are the possible consequences of data loss or other disruptions to your business? What areas of your business are most critical to operations, and what kind of loss might do the most damage? When you are able to prioritize losses, you can then prioritize how you invest in preventing or addressing them.

Real-Life Planning

At this point, you should have a grasp of potential scenarios and how your company might respond. Examples of responses may be developing alternative communications protocols, bringing team members into your office for an extended stay, or tapping outside vendors for immediate, emergency assistance. Having access to financial resources, such as a line of credit that you can easily access, is also a critical aspect of your plan.

Moving Forward, Confidently

Understanding business risks and having a plan allows you to operate,  innovate and expand with confidence, and you don’t have to do all this alone. One option is to work with vendors that also understand risk management. At Instnt, your data is protected at the highest level: Your company holds your keys, and we keep it safe so that you can respond to a breach or disaster at any time. We even offer a guarantee against fraud losses. Sign up today for a free demo.


About the Author

Instnt Inc. is a public benefit corporation on a mission to bring inclusion and instant account opening experiences for businesses and their customers through proprietary technology, artificial intelligence, open standards and a collaborative effort in the identity governance industry. With Instnt AcceptTM the first fully managed customer acceptance solution with up to $100M in annual fraud loss warranty, businesses can onboard more good customers, grow their top-line revenue, and cut their operational costs without friction or fraud losses in minutes.  Instnt AcceptTM powers various fast-growing financial institutions and credit unions.