Companies are rightly concerned these days with physical risk. Preventing terrorist attacks or workplace violence is, by far, the number one concern for corporate security departments.

This very important goal has shifted many companies’ emphasis, however, to the point where the idea of total prevention has completely trumped the concept of selective preparation. Subsequently, business continuity planning (BCP) practices are being further subsumed into corporate security departments at many companies. But this perspective is dangerously narrow in scope.

Anticipating the most likely scenarios and specifically preparing for the business to go forward, day after day, has long been a hallmark of wise risk management. But now, the practice of quantifying manmade and natural disasters based on their likelihood is out of vogue. This means that the next time disaster does strike — and it will, somewhere, somehow — many businesses preoccupied with security threats will not have prepared to stay up and running. They could shut down for days or weeks, with employees out of work and the local community will be disrupted.

Organizations must prevent and prepare. As a BCP professional, it’s your job to communicate the hard truth that some events can’t be always be prevented — but can be prepared for.

Read John Copenhaver's speech a the Continuity Insights Conference.