Cyber attacks and data breaches remain top of the agenda for business continuity concerns

Press Release   •   Feb 21, 2017 00:01 GMT

Digital threats including cyber attacks, data breaches and network outages remain the greatest concern to business continuity professionals as organizations continue to experience disruption

Caversham, UK – 21st February 2017: Cyber attack is once again the top threat perceived by businesses, according to research published today by the Business Continuity Institute (BCI) in association with BSI (British Standards Institution). Eighty eight percent of organizations are either ‘extremely concerned’ or ‘concerned’ about the possibility of a cyber attack. The threat of a data breach remains in second place (81 percent), while unplanned IT and telecom outage stays in third place (80 percent).

For the first time in the study’s six-year history, the threat of uncertainty around the introduction of new laws and regulations has entered the list of top ten business continuity concerns in the Horizon Scan Report.

These external events underscore the interconnected nature of risks and demonstrate the need for businesses to take them into account and plan accordingly.

This year’s global top ten threats to business continuity are:

  1. Cyber attack – static
  2. Data breach – static
  3. Unplanned IT and telecom outages – static
  4. Security incident – up 1
  5. Adverse weather – up 3
  6. Interruption to utility supply – static
  7. Act of terrorism – down 3
  8. Supply chain disruption – down 1
  9. Availability of key skills – static
  10. New laws or regulations – new entry

For the first time, the survey also asked which disruptions respondents had experienced during the previous year in order to understand what lies behind the worry. The results showed that nine of the top ten concerns also appeared in the top ten list of disruptions, with transport network disruption appearing at the expense of act of terrorism. Unplanned IT and telecom outages came in at number one, followed by interruption to utility supply and then cyber attack. Data breach came in at eighth place.

With the top four threats all showing an increasing in level of concern, it is worrying that 14 percent of respondents will experience business continuity budget cuts over the next year, making them less likely to be able to respond effectively to these threats.

Despite growing fears over the resilience of their organizations, the report records another fall in the use of long-term trend analysis to assess and understand threats, down 1 percent to 69 percent this year. Of those carrying out trend analysis, around a third of organizations (32 percent) do not use the results to inform their business continuity management programmes.

David Thorp, Executive Director at the Business Continuity Institute, commented:

Given the diversity of the threats out there, it is absolutely essential to adopt agile and dynamic responses.

“Planning to recover from a data breach is very different from planning for the aftermath of a terrorist attack, and, as this year’s report highlights, the risk spectrum can be very broad. Malicious internet actors, political shake-ups, and climate change are all amongst the main worries for societies around the world.

“As always, the key takeaway should be that with challenges come opportunities. Change does not have to mean less favourable environments, but the landscape may be different. As organizations venture into uncharted territory now is the time to identify and undertake the measures that will increase resilience within your organization by ensuring that effective business continuity planning is in place.

Howard Kerr, Chief Executive at BSI, commented:

“2016 continued to see high profile businesses affected by cyber attack and disruption, so it’s not surprising to see it remains as the top threat to business.

“However, we remain concerned to see that businesses are still not fully utilizing the information available to them to identify and remedy weaknesses in their organizational resilience.

“Ultimately, organizations must recognize that, while there is risk, and plenty of it, there is also opportunity. Taking advantage of this means that leaders can steer their businesses to not just survive, but thrive.”

Globally there were some variations to the top three threats: In Belgium, act of terrorism was in third; in Central and Latin America, new laws or regulations featured in third place; and in Sub Saharan Africa, exchange rate volatility was third.

There was more variation when it came to actual disruptions with adverse weather appearing in second place throughout North America, Asia and Australasia; while the loss of key employee featured in the top three throughout the Middle East and North Africa, Central and Latin America and the United Kingdom.

About the Business Continuity Institute

Founded in 1994 with the aim of promoting a more resilient world, the Business Continuity Institute (BCI) has established itself as the world’s leading Institute for business continuity and resilience. The BCI has become the membership and certifying organization of choice for business continuity and resilience professionals globally with over 8,000 members in more than 100 countries, working in an estimated 3,000 organizations in the private, public and third sectors.

The vast experience of the Institute’s broad membership and partner network is built into its world class education, continuing professional development and networking activities. Every year, more than 1,500 people choose BCI training, with options ranging from short awareness raising tools to a full academic qualification, available online and in a classroom. The Institute stands for excellence in the resilience profession and its globally recognised Certified grades provide assurance of technical and professional competency. The BCI offers a wide range of resources for professionals seeking to raise their organization’s level of resilience, and its extensive thought leadership and research programme helps drive the industry forward. With approximately 120 Partners worldwide, the BCI Partnership offers organizations the opportunity to work with the BCI in promoting best practice in business continuity and resilience.

The BCI welcomes everyone with an interest in building resilient organizations from newcomers, experienced professionals and organizations. Further information about the BCI is available at

About BSI

BSI (British Standards Institution) is the business standards company that equips businesses with the necessary solutions to turn standards of best practice into habits of excellence. Formed in 1901, BSI was the world’s first National Standards Body and a founding member of the International Organization for Standardization (ISO). Over a century later it continues to facilitate business improvement across the globe by helping its clients drive performance, manage risk and grow sustainably through the adoption of international management systems standards, many of which BSI originated. Renowned for its marks of excellence including the consumer recognized BSI Kitemark™, BSI’s influence spans multiple sectors including Aerospace, Automotive, Built Environment, Food, Healthcare and ICT. With 80,000 clients in 182 countries, BSI is an organization whose standards inspire excellence across the globe.

To learn more, please visit