There’s something uniquely painful about watching revenue die in real time.
Years ago, we worked with a client that had operations in the U.S. and Germany. Both locations handled sales, logistics, and manufacturing. The idea was smart: if one office went down, the other would pick up the slack. That works—for a few days.
But one of the scenarios we modeled was deceptively simple: a cable cut. A single communications line served their U.S. facility. If it went down, everything stopped. Phones. Orders. Coordination with Germany. Manufacturing paused mid-stream.
Three days offline meant $9 million in lost revenue.
And that was the easy scenario.
Now take ransomware—where the average downtime isn’t 3 days, it’s 22 to 24. That’s not a failover plan. That’s a full-on crisis.
If your business counts on daily production, shipping, and communication between regions—and ransomware locks out systems for nearly a month—you’re in trouble. We’ve seen it:
It doesn’t take long before vendors get nervous, customers start walking, and the finance team starts asking what can be deferred.
Most businesses have some plan. A PDF. A binder. A SharePoint folder was last updated before the last org chart change.
The problem?
Business continuity isn’t about keeping the lights on. It’s about whether your team can still manufacture, ship, sell, and support—without scrambling for duct tape solutions in the middle of a breach.
1. Prioritize by revenue risk—not what feels easiest to fix. Start with a brutal question: which operations, if disrupted for 3 weeks, would put us in real financial or reputational jeopardy?
2. Model “What if” scenarios with teeth. Not just “what if the internet goes down,” but “what if ransomware knocks out access across both manufacturing sites for 24 days—during your busiest quarter?”
3. Plan by function, not location. Geographic redundancy isn’t a solution if the systems, tools, or people can’t operate independently. Redundant hardware doesn’t fix human bottlenecks.
4. Test for pressure, not compliance. If you’re just checking boxes, you’re not ready. Run live simulations. Include vendors. Make executives participate. The first time you run the play shouldn’t be during the game.
5. Update the plan—because your business changes faster than you think. New CRM? New manufacturing system? Supply chain rework? That’s not a footnote. That’s a rewrite.
6. Make sure people can act without reading a manual. In a crisis, nobody looks for a binder. They follow habits, instincts, and what’s been rehearsed.
Many organizations build their continuity plans to survive a few days. But few are built to operate for weeks in degraded mode. That’s the gap—and that’s where real losses happen.
We’ve sat in the war rooms. We’ve heard the stories from leadership after the dust settled:
“We thought our European team could carry us.” “We didn’t realize how tightly everything was connected.” “No one told us a ransomware attack could shut down both sides of the business.”
That last one’s common—and costly.
Business continuity isn’t just about surviving the initial blow. It’s about making sure the business still runs when things don’t bounce back right away.
If your company is only prepared for short-term disruption, you’re gambling with long-term viability.
And these days, the odds aren’t in your favor.
PS. The companies that survive disruption aren’t the ones with the thickest binders. They’re the ones whose people know exactly what to do when the binder’s buried under 10 hours of chaos.
If it’s been more than a year since your last cybersecurity assessment—or if you’ve never done one—now is the time.
👉 Schedule a Strategy Call with NCX Group
Repost from LinkedIn – https://www.linkedin.com/pulse/when-orders-stop-ransomware-business-continuity-blind-fitzpatrick-htdkc/
