When everything is online all the time, you need a (literal) backup plan
Back in July 2024, a cybersecurity firm released a faulty software update to customers, impacting IT applications around the world and disabling everything from travel check-in counters to healthcare, banking to payment systems – all running with underlying software from a major Seattle-based software company.
In mid-November, two key underwater fiber-optic data cables connecting countries around the Baltic Sea were cut – and not by mistake. Customers around the world reported issues accessing the program that most companies rely on for email communication, calendar scheduling and meetings.
As the world became increasingly connected, investor relations professionals took for granted that IT systems worked without disruption. But what if they don’t?
Key IR systems
At the turn of the millennium, IR professionals relied on only a few IT systems to do their work. It was basically down to a secure connection to upload disclosures to the local stock exchange, an internet site to post presentation slides and an information system to track share prices and other financial data. Documents were prepared in software packages that lived on your computer.
Today, after what feels like the exponential growth of cloud computing, all documents are online with shared access. In many cases, the quarterly earnings release is hosted off-premises by companies that enable document sharing, but that also help with tagging, such as XBRL, which has become a standard and is required by some regulators.
While productivity gains are possible with online cloud computing, there is a greater-than-ever dependency on reliable internet access and systems that are running flawlessly 24/7.
As the world is becoming less certain and cyberattacks are becoming a part of the global geopolitical arsenal, IR professionals need to be ready to act before disaster strikes.
Any IR professional should review these five simple steps to ensure they can operate – no matter what happens from a cybersecurity point of view.
Identify critical systems
These include any system you rely on to do your job and often include dissemination systems for press releases, stock exchange disclosure systems and online programs used to host key corporate documents, as well as CRM systems for contact details.
Speak to IT
Make sure you have an ongoing dialogue with your company’s IT department. Many IR systems are small with few users, but if they are listed by your company as critical, have they been assessed by the IT function for resilience?
Make a plan
What do you do if systems are disrupted? Some companies require actual documentation or a standard operating procedure, while an hour of discussion in the IR team would suffice. A verbal agreement on who does what is as good as any written document that no one remembers ever reading!
Document ownership
Distribute ownership of documents across the IR team. One person can hold the pen on one or two of the key documents, not only securing ownership and responsibility for the document but also helping to safeguard the integrity and availability of the document if disaster strikes.
Backup, baby, backup!
Backups are vital and should be done on a frequent basis. IR calendars typically dedicate January, April, July and October to the preparation of quarterly results. How much time can you afford to lose? Save a copy of the key documents you are working on, such as press releases, presentations, scripts and Q&A documents daily when you finish work and leave the office. Save it to your local hard drive: you can delete all the backups once results are published and then roll this quarter’s documents to the next quarter.
