In your role as a business continuity (BC) professional, there’s one question that’s guaranteed to come up and it usually doesn’t come gently:
“What’s the ROI of all this?”
It’s a tough question. Your program doesn’t generate revenue. It doesn’t cut obvious costs. And for the most part, it’s working when nothing happens.
So how do you show return on investment?
Here’s how to answer that question with clarity, confidence, and credibility.
Let’s start with the traditional formula, adapted for BC:
ROI = (Estimated Loss Avoided – BCM Program Cost) ÷ BCM Program Cost
Begin with lost revenue. Divide your organization’s gross annual revenue by 1,950 — the average number of work hours in a year:
Lost Revenue per Hour = Gross Annual Revenue ÷ 1,950
Next, estimate lost productivity. Multiply the average employee salary by the number of employees, then divide by 1,950:
Lost Productivity per Hour = (Average Salary × Number of Employees) ÷ 1,950
Add these together to get the total direct cost of downtime:
Total Direct Downtime Cost = Lost Revenue per Hour + Lost Productivity per Hour
But the true cost is usually higher. You'll also want to factor in:
So your full hourly cost becomes:
True Cost of One-Hour Outage = Direct Cost + (0.50 × Direct Cost) + (0.75 × Direct Cost) = 2.25 × Direct Cost (approximate)
Now, multiply that number by the estimated hours of downtime your BCM program helps avoid annually:
Annual Loss Avoided = True Cost per Hour × Downtime Hours Avoided
To complete your ROI calculation, subtract the total annual cost of running your BCM program. This should include:
Then, plug your numbers into the final formula:
ROI (%) = ((Loss Avoided – BCM Program Cost) ÷ BCM Program Cost) × 100
|
Metric |
Amount |
|
True Cost per Hour |
$18,000 |
|
Downtime Avoided (per year) |
10 hours |
|
Loss Avoided |
$180,000 |
|
BCM Program Cost |
$50,000 |
|
ROI |
260% |
It’s a number your CFO can digest. But as you'll see in the next section, ROI alone doesn’t tell the whole story.
As Regina Phelps put it, this is “the dreaded question” — not because it’s unfair, but because traditional ROI doesn’t account for what BC is really for.
Your program is like insurance. It’s there to make sure that if something goes wrong, your company survives — with minimal disruption. It doesn’t create revenue. And most of the time, it doesn’t save money either. That means by classic ROI logic, you’ll always lose the game.
But that’s not the right game to be playing.
As early as 1969, ROI was being challenged as inadequate for strategic evaluation. In a Harvard Business Review article by John Dearden, who wrote:
“…evidence shows that this control system has serious limitations, which result from the inability to use ROI to make correct evaluations. The author [Dearden] notes that any criticism of the use of ROI is met with the response, ‘I agree it is not perfect, but it is the best system available.”
This is where it’s time to shift the conversation from investment to value.
At BCMMetrics, we suggest a better ROI proxy based on two program indicators:
We define ROI like this:
|
Compliance |
Residual Risk |
Strategic Value |
|
High |
Low |
High |
|
Low |
High |
Low |
|
Mixed |
Mixed |
Moderate |
This matrix provides a more meaningful way to assess your program’s effectiveness and defend it.
How to Measure These Inputs?
This approach doesn’t rely solely on theoretical cost avoidance. It demonstrates how well-prepared your company is to handle a disruption. And that’s something your CEO can get behind.
When executives ask for ROI, they’re often looking for more than just a number. What they really want is confidence:
You can, and should, speak to those concerns with both quantitative data and strategic indicators.
The ROI formula can show financial justification. Your compliance and residual risk scores show program readiness. Together, they tell the full story.
Ultimately, business continuity isn’t about delivering a financial return; it’s about delivering organizational confidence.
When you can say:
You’re proving ROI and demonstrating value.
And when the next disruption hits, and your program works the way it should? That’s your return.
Ready to show the real value of your business continuity program?
BCMMetrics is a cloud-based platform developed by MHA Consulting, based on decades of hands-on experience managing and evaluating continuity programs.
In our free demo, we’ll walk you through how the tools work, how others are using them, and how they can help you assess risk, benchmark compliance, and strengthen your case for support.
What is the ROI of business continuity?
Business continuity ROI is the value of avoided losses during a disruption, compared to the cost of your BC program. It’s typically calculated as: ROI = (Loss Avoided – Program Cost) ÷ Program Cost
Since BC doesn’t generate revenue, ROI is best shown through reduced downtime, lower recovery costs, and improved risk control.
What’s another way to assess business continuity ROI?
In addition to calculating financial return, you can strengthen your case by evaluating how well your program aligns with established standards and how much risk still remains. This means looking at compliance, for example, with ISO 22301 or FFIEC, and measuring residual risk after all mitigation efforts have been applied. Together, these indicators give a clearer picture of how prepared your organization really is.