Speak directly to our team
01603 218000
Speak directly to our team
01603 218000
  • Resources
  • How to create a business continuity plan for...
Home
13 mins read
Guides and advice Business & Commercial Insurance Risk Management

How to create a business continuity plan for your UK business

Emergencies and disruptions come in many forms, from a fire or flood to a key supplier going out of business. But a business continuity plan can help you bounce back from a crisis and avoid devastating consequences; here’s what to consider.  

10.04.26

By Alan Boswell Group

Building a business continuity plan

What is a business continuity plan (BCP)? 

A BCP is essentially a plan of action that documents what you need to do to keep your business running after a major disruption.  

Business continuity plans should cover all aspects of your business, including HR, finance, IT, manufacturing, stock management, and sales. This helps ensure that even if some activities temporarily stop, you can resume core operations as quickly as possible with minimal long-term disruption. 

It’s worth noting that your business continuity plan sets out your overall response to disruption. In contrast, a disaster recovery plan is just one part of a BCP and typically refers to IT and data. 

Why every small business needs a continuity plan in 2026 

In the latest Cyber Security Breach Survey 2025, 43% of businesses reported experiencing a cyber breach or attack within the last 12 months. While larger businesses bore the brunt of incidents (74%), 34% of micro businesses and 42% of small businesses were also affected. For micro and small businesses with fewer resources, the financial cost can be significant, with firms reporting losses between £1,510 and £7,960.  

As well as digital risks, recent insights from the Office for National Statistics revealed that economic uncertainty remains the most frequently reported challenge affecting turnover. For small businesses, this doesn’t just mean dealing with decreases in customer spending; it also means higher utility and stock costs. It can also lead to supply chain issues if other firms collapse, start defaulting or delay payments.  

With all this in mind, it’s essential for businesses to put a business continuity plan in place and prepare for a range of risks.  

The five key steps to writing a business continuity plan 

BCPs are unique, reflecting the needs of your business, so don’t assume it needs to be complex if you’re running a micro-business or operate as a sole trader. What’s important is that it should comprehensively cover your business activities.  

Your plan should be written clearly, and with minimal jargon. The easier it is to follow, the quicker you’ll be able to implement it.  

Step 1: Conduct a business impact analysis (BIA) 

The first step is to identify your most critical functions, for example, manufacturing, customer support, and HR. Consider what the operational and financial impact would be if any of these functions were lost for any period of time.  

Understanding the extent and impact of disruption can help you focus your recovery plan, ensuring these areas are prioritised alongside key actions.  

Step 2: Assess your risks and vulnerabilities 

List realistic threats you’re likely to face, for example:  

  • Cyber-attacks and IT outages. 

  • Loss of premises or key infrastructure after an incident such as a fire or flood.  

  • Third-party risks, for example, the loss of a key supplier or defaulting clients.  

  • Loss of personnel (illness, strike action, or resignation). 

You can also grade these risks by severity and then by impact. For example, the risk of losing your premises might be low, but the impact could be huge.  

A good source of information that can help you understand and better prepare for risks is GOV.UK, Prepare.  

Step 3: Develop recovery strategies (the four Ps) 

The core part of your BCP will be how you intend to restore functions and resume business activities. The simplest way to do this is to focus on the ‘four Ps’: 

  • People: consider how to keep employees safe and how to ensure teams can still communicate effectively. If you have a leadership team, consider each person’s role and their responsibilities after a major disruption.  

  • Processes: these focus on the activities that keep your business running, such as workflows and procedures. Remember to back up your data, and if you rely heavily on technology, think about how you can get around it if it fails you.  

  • Premises: if your office or warehouse is uninhabitable or destroyed, consider where you’ll work or where you can keep new stock or equipment. If you operate from a larger site but only part of the area is affected, consider how to ensure everyone’s safety while repairs are carried out.  

  • Providers: this covers anyone outside your business that you rely on, for example, clients, suppliers, or self-employed contractors you hire. If you rely on a small number, what might happen if their business is disrupted or if they default on invoices? Building clauses into contracts (such as for late payment) or building a wider customer network to spread the risk can help minimise this impact. 

Step 4: Create an emergency communication plan 

When you’re in the midst of disruption, it can be impossible to track or remember who’s done what or told who, so it’s vital to plan ahead. Be clear about: 

  • Who will tell employees about what has happened? 

  • Who will notify third parties, such as clients or suppliers?  

  • Who will speak to the press (if this is relevant)? 

Any statements you provide should be made promptly (as soon after the incident as possible). It should also be clear about what’s happened and what steps you’re taking to resolve the situation and minimise disruption.  

 

Step 5: Test, train, and maintain your plan 

Business continuity plans can become outdated quickly, so remember to review and update them at least every 12 months.  

If you’re worried about how your business might respond to a cyber-attack, the National Cyber Security Centre offers a free ‘cyber-attack simulation’ resource to help test your business’s response and resilience. 

Who is responsible for preparing a BCP? 

If you have multiple teams, you’ll need all of them to contribute to your BCP so that it accurately covers essential activities across your business. The final document will usually be owned by one person (such as an operations director). This person will be responsible for ensuring it is regularly reviewed and updated as needed.  

Why do business continuity plans fail? 

Having a business continuity plan doesn’t safeguard against disruption from happening, and when they fail, it’s often due to one of several key reasons: 

  • Failure to test the plan under realistic conditions – if you have a scenario you can simulate, it’s worth carrying this out to see how your plan fares in practice. 

  • Using out-of-date information – including incorrect personnel data after someone leaves, or failing to update your BCP to reflect changes in technology, processes, or workflows.  

  • Identifying limited risks – for example, only considering physical risks like fire or flood. Don’t forget about digital risks, cyber breaches, and third-party risks that could leave you financially exposed.  

  • Office-only plans – if your business operates across multiple sites, you’ll need to think about how disruption impacts all of them, including employees who work from home.  

  • Lack of management support – setting up a BCP for the first time can feel onerous; it can also feel irrelevant if you’ve had one for years and never used it. This can mean it’s ignored and left to gather dust. Nevertheless, it can prove hugely valuable on the occasion you need it, so it’s vital that any business continuity plan has the support it needs from leadership teams.  

 

How insurance can help fund your business continuity strategy 

Your business continuity plan outlines the actions you’ll take if your organisation faces major disruption, but carrying them out can be costly, which is where insurance can help. 

There are several products that can provide financial support during a crisis. For example, you can cover lost income with business interruption insurance; these policies compensate you for loss of gross profit and any increased costs of working following an insured incident, such as a fire. 

You can also protect against ransomware and data breaches with cyber liability insurance, which covers the cost of restoring data and getting your IT systems back up and running. Policies also typically cover expenses related to investigating the source of the breach and crisis management communication. Cyber cover can include your potential lost income following a cyber incident, with some providers offering extensions of cover for incidents that affect your supplier and, potentially, your clients.  

Business interruption support

A business continuity plan is your roadmap through major disruption, so it should be clear and simple to follow. You can also reinforce your BCP with policies, including business interruption insurance and cyber insurance, both of which provide financial support in the event of a crisis. 

To find out more about our professional risk management support and how our policies can help your business get back on its feet.

 

Speak to us:  01603 967900

FAQs 

Related guides and insights

11 mins
mistakes when making a business insurance claim

Common mistakes when making a business insurance claim

Underinsurance is often just one of many factors that can lead to business insurance claims being delayed, partially paid or declined altogether. To help you minimise losses, we identify mistakes often made before and during the claims process.

7 mins
Business underinsurance

Business underinsurance - the risks and how to avoid them

Underinsurance can occur in any area of insurance, whether personal or commercial. Here, we explore the risks of business underinsurance and what you should do to avoid the consequences.

9 mins
Cyber security risks

Identifying and mitigating cyber security risks in your business

Human error accounts for 95% of all cyber breaches, while more than one in four businesses experienced a cyber security breach in the last 12 months. Here’s how to identify and mitigate cyber security risks for your business.

12 mins
Business disaster recovery planning

Everything you need to know about business disaster recovery planning

A disaster recovery plan is an increasingly essential tool for small businesses. Read our guide to creating a DR plan to make sure your business is equipped for any eventuality.