March 6, 2014
Forget the recent UK floods. When it comes to risks to their businesses, it’s still tech that keeps business leaders awake at night, according to the latest annual Business Continuity Institute Horizon Scan report. Technology related threats continue to rank higher than natural disasters, security and industrial action according to the report which gauges the threats that organisations consider to be their biggest concerns. Nearly four-fifths of business leaders fear that an unplanned technological event, cyber attack or data breach will harm their business. Nearly three quarters (73 percent) consider malicious attacks through the Internet a major threat that needs to be managed closely, while nearly two-thirds (63 percent) think that social media remains a challenge. Meanwhile, one of last year’s threats – supply chain resilience – dropped out of the top ten completely.
The BCI’ s annual report based on a survey of 690 respondents identifies the year’s top ten threats to business continuity as:
1. Unplanned IT and telecom outages
2. Cyber attack
3. Data breach
4. Adverse weather
5. Interruption to utility supply
7. Security incident
8. Health & Safety incident
9. Act of terrorism
10. New laws or regulations
Lyndon Bird FBCI, Technical Director at the BCI, commented: “This survey shows that there are some threats that are more common among most organizations, while others present themselves to varying degrees between different geographic locations or industry sectors. Organizations are different so the horizon scanning process is essential in order to assess these threats and ensure that the right business continuity plan is in place to deal with the impact of them. This piece of research has greater significance this year for the BCI as the theme in what is our 20th year is all about looking to the future and facing the new challenges this future will bring.”
The report, which the BCI claims is designed to offer a better understanding of threats to business continuity and helping practitioners learn how to protect their organizations against them, also revealed surprising trends in other areas of business continuity. Supply chain disruption, last year within the top ten concerns, moved down the list to 16th place. This is despite increasing supply chain complexity featuring within the top five emerging trends, in addition to the recent BCI Supply Chain Resilience Survey, which revealed that 75 percent of respondents experienced at least one supply chain disruption during the previous year.
Also highlighted was that, despite these growing levels of concern, only 18 percent of organizations are increasing their level of investment in business continuity programmes while 11 percent are actively reducing theirs. The report further revealed that 22 percent of organizations conducted no trend analysis as part of their business continuity process so are potentially failing to assess these threats altogether.
The report concludes that with the variation in concerns across geographical locations and industry sectors, not all threats are generic. Organizations need to invest wisely in the development of technologies that can help counter the threats relevant to them, and the impact these threats would have should they materialise. With so many threats clear and present, the onus is on the industry to emphasise the immediate and very real return on investment a business continuity programme has to offer.
Further findings from the report include:
- Adverse weather moved up the list of threats with 57 percent of respondents expressing concern or extreme concern. This was before the storms that have swept the UK and those on the eastern seaboard of the United States and Canada.
- Geography and industry play an important role in determining threat levels with respondents from Japan and New Zealand showing greater levels of concern for earthquakes, while those in the manufacturing industry rate supply chain disruption and product quality control as greater threats.
- Of the 71 percent of respondents who stated that they did conduct a trend analysis, a fifth of them claimed they had no access to the final output.
- Less than half of the respondents (44 percent) use the international standard ISO22301 as the framework for their business continuity management programme.
Howard Kerr, Chief Executive at BSI, commented: “At a time when changing climatic, social, political and economic situations are forcing organisations to be nimble in adapting to novel threats, it is essential to learn from others experience and best practice. Developing the resilience of networks, services and business critical information must be an integral part of an organisation’s wider business resilience strategy. By putting in place a framework based on risk standards, you will be able to identify, prioritise and manage the range of threats to your business more effectively and keep your stakeholders reassured.”