Case Study: U.S. Industrial Distributor Enhances Cybersecurity With Business Impact Analysis

Learn how Withum helped a U.S. Industrial Distributor strengthen its resilience and preparedness for disruptive events, minimizing the impacts on its operations and improving business continuity.

Executive Summary

A large national equipment and supplies distributor looked to Withum to improve their business continuity planning to sustain operations during a disruption. After experiencing challenges during the COVID-19 pandemic, the client was ready to protect their critical functions, create buy-in from the business units and align priorities and corporate resources.

The Client

The client is a leading industrial distributor based in the U.S. This $470M business was providing critical equipment and supplies to hospitals and construction sites throughout the COVID-19 pandemic. As a result, they faced multiple challenges and supply chain disruptions which negatively impacted their distribution capacity and revenue.

The Challenge

While experiencing negative business impact due to supply chain disruptions, the client realized they needed the appropriate business continuity plan to sustain future operations. With dispersed operations and the recent turnover of leadership, the client knew there were areas of vulnerability and opportunities for operational improvement. They needed to conduct a business impact analysis (BIA) to ensure adequate business continuity and identify critical operational processes. Stakeholders sought a BIA to better align with the business strategies and goals.

Newly appointed management needed more expertise and external resources to conduct a BIA. If the BIA was not executed thoroughly, they knew they could lose the trust of their stakeholders, miss critical processes and underestimate the impacts of potential disruptions. The Infrastructure Security Lead previously engaged Withum and knew the Cyber and Information Security team could step in as trusted advisors.

The Approach and Solution

Withum’s cybersecurity experts initially scheduled a meeting with the distributor’s Infrastructure Security Lead to discuss the company’s needs and challenges. By assessing their operational functions, different IT landscapes and joint pain points, Withum’s team looked for opportunities to address critical challenges by:

  • Conducting key stakeholder interviews to ascertain critical business processes and dependencies.
  • Collecting and reviewing documentation related to critical functions within the organization and mapping out business process flow charts and dependencies.
  • Prioritizing business processes based on criticality.
  • Identifying Recovery Time (RTO) and Recovery Point Objectives (RPO) with each critical process.
  • Inventorying assets that support those critical processes.
  • Working with stakeholders to understand the impacts of outages and significant events on operations, employees, customers and partners.
  • Developing recovery-related metrics.
  • Identifying and recommending program and process enhancements.
  • Recommending enhancements for ongoing operations and recovery strategies for critical business processes.

The Results, ROI

Key stakeholders were identified, and a project team was established to oversee the BIA process. This team included representatives from all business areas, such as Finance, Supply Chain, IT and Finance. Withum provided them with a thorough assessment of business processes, identifying critical systems and dependencies and interrelationships between systems and processes. This involved mapping out Visio process diagrams of each functional area and identifying potential vulnerabilities and single points of failure.

The Withum team prioritized recovery efforts based on the criticality of each business process, identifying which strategies needed to be restored first in the event of a disruption. This involved establishing RTOs and RPOs for each function. Overall, the result of a BIA enabled the organization to strengthen its resilience and preparedness for disruptive events, minimizing the impacts on its operations and improving business continuity.

Contact Us