2025

Ruoslahti, Harri; Hytönen, Eveliina

Resilience and continuity management have wide societal impacts and are particularly important for critical infrastructure organizations. Organizations face constant risk of cyber incidents. Business continuity management strategies rely increasingly on networks of organizations. The research question of this study is: How to ensure business continuity in case of cyber interruptions? Master’s students contributed the practical data collection of the sample, which are 25 interviews of Finnish continuity professionals. This data collection was performed as part of their studies in Continuity management. All interviewees have consented to their answers being used as research data. The analysis is based extracting data to the Data Extraction Table (DET) that was specifically designed, based on the research question of this study. The results show that it is important to create a continuity plan grounded on risk assessment and defined actions for possible disruptions. Secure and up-to-date infrastructures with good security measures are recommended. Backup in secure storage locations and backup systems for critical data help restore data. Also, developing methods to continue essential operations even if ICT systems are unavailable, is advisable. Regular staff training on cyber security, response protocols, identifying potential threats, and clear internal and external communication are needed when hit by a cyber incident. Identifying critical operations and recognizing the most important processes will help prioritize during an interruption, and alternative methods can help to continue essential operations when ICT systems are down. BCM processes offer frameworks that help build organizational resilience and can facilitate efficient responses when encountering critical events