FOR MINDANAO businesses, conflict in the Middle East is not a distant headline. It shows up as volatile fuel and logistics costs, delayed shipments of parts and raw materials, and heightened fraud risks as criminals exploit uncertainty. Meanwhile, day-to-day operations now depend on digital tools. This is why Business Continuity Planning (BCP) and an IT Disaster Recovery Plan (IT DRP) must be treated as board-level priorities: they protect revenue, customer trust, and employee safety when disruption becomes the norm.
Technology: Resilience by design, not by hope
Global evidence points to a “new normal” where cyber threats and systemic disruptions track closely with geopolitical tension and supply-chain complexity. The World Economic Forum notes that cyberspace is becoming more complex amid geopolitical uncertainty and supply-chain interdependencies, with many organizations reporting a rise in cyber risks. The International Monetary Fund similarly observes that cyberattacks have more than doubled since the pandemic and that heightened geopolitical tensions raise the risk of cyber incidents with systemic consequences. For Mindanao enterprises, this means assuming that a price shock, a connectivity interruption, and a cyber incident can occur close together—and planning accordingly.
A technology-focused continuity strategy starts by placing mission-critical systems where they can recover fast. With datacenters being tagged as kinetic military targets, cloud platforms, when architected correctly, enable geographic redundancy and automated restoration that are difficult to replicate cost-effectively in purely on-premise environments. But cloud resilience must be paired with cybersecurity—identity controls, multi-factor authentication, endpoint protection, and monitoring—because availability without security can accelerate the spread of an attack. Connectivity also needs redundancy: secondary links, mobile hotspots, and, where feasible, satellite internet should be pre-arranged and tested, especially for distributed branches and field teams.
Process: Continuity is a business-wide discipline
Technology alone cannot deliver continuity if the business has not agreed on priorities, tolerable downtime, and decision rights. ISO 22301—the leading international standard for business continuity—frames continuity as a documented management system that organizations establish, implement, monitor, review, maintain, and continually improve so they can continue delivering products and services during disruption. That language matters: BCP and IT DRP are not “IT documents,” but enterprise playbooks owned by leadership and executed across operations, finance, HR, facilities, supply chain, and customer-facing teams.
A well-documented BCP should describe how the organization keeps critical services running: alternative suppliers, manual workarounds, minimum staffing, cash and payment contingencies, and customer/regulatory communications. The IT DRP should then specify how systems recover—recovery time objectives (RTO), recovery point objectives (RPO), restoration steps, access procedures, and role assignments. Both plans should be reviewed and tested at least annually, because systems, vendors, threat tactics, and business priorities change. Even a simple, tested call-tree or mass-notification process can quickly confirm employee welfare, validate contact details, and identify who can operate critical functions.
People: Plan for human realities, not perfect attendance
In an emergency, people prioritise safety and family first—especially in the first 72 hours, when evacuation, power and water interruptions, blocked roads or transportation disruptions, and immediate household needs take precedence. From a Philippine perspective—where hazards can compound—organizations should plan for at least three days when some employees, including IT staff, may be unreachable. That means IT infrastructure and services must “run resiliently” with minimal human intervention during that period, supported by automation, clear runbooks, and pre-authorised vendor or managed-service assistance. To support this, pre-stage offline contact lists, emergency cash advances, and clear guidance on when to switch to remote work or skeletal operations, so employees are not forced to choose between safety and compliance alone today.
Building IT capacity is therefore essential. A one-person IT function is a single point of failure: if that person is unavailable, recovery can stall at the worst time. Form resilient teams with backups for critical roles, cross-train staff, and ensure secure access to procedures and credentials for alternates. Train employees to work remotely using approved tools and secure devices so operations can shift quickly without improvisation. Finally, elevate vigilance against crisis-driven phishing. IBM’s X-Force reports an 84% year-over-year increase in phishing emails delivering infostealers, underscoring how attackers scale credential theft precisely when people are distracted by disruptive events. Strong authentication, verification steps for payment changes, and continuous awareness can prevent a disruption from becoming a breach.
Continuity is survivability
Geopolitical conflict will continue to drive operational shocks and cyber opportunism, and credible global assessments show cyber risk rising in step with geopolitical uncertainty and interconnected supply chains. For Mindanao businesses, the practical response is clear: expect disruption, design for resilience, and rehearse recovery. Cybersecurity, BCP, and IT DRP are no longer “nice to have.” They are essential capabilities that protect people, preserve customer confidence, and keep enterprises serving their communities—even when the world becomes unpredictable.
Leonard Duque is a Director and Chief Information Officer for the Technology Solutions Group at P&A Grant Thornton. One of the leading audit, tax, advisory, and outsourcing firms in the Philippines, P&A Grant Thornton is composed of 29 Partners and 1,500 staff members. We’d like to hear from you! Connect with us on LinkedIn and like us on Facebook: P&A Grant Thornton and email your comments to business.development@ph.gt.com. For more information, visit our website: www.grantthornton.com.ph.
