Skip to main content

Physical security a growing threat to organizations

News   •   Feb 08, 2016 12:11 GMT

Physical security is seen as growing concern for business continuity professionals, according to the fifth annual Horizon Scan Report published by the Business Continuity Institute, in association with BSI. Among the ranks of potential threats that organizations face, acts of terrorism gained six places from 10th in 2015 to 4th this year, while security incidents moved from 6th place to 5th place.

55% of respondents to the global survey expressed concern about the possibility of both an act of terrorism or a security incident such as vandalism, theft or fraud disrupting their organization, compared to 42% and 48% respectively the previous year. Whether these concerns are justified is another matter, but the incidents in Paris are still fresh in the mind, not to mention the many other events from across the world that constantly fill our news channels.

While security incidents of a physical nature make up the 4th and 5th greatest threats, it is incidents belonging to the virtual world that once again make up the top three. For the second year running, cyber attack comes in at number one with 85% of respondents expressing concern (2015: 82%). The attack on BBC over the new year period is a reminder of the danger this kind of threat poses when it suffered what was reputed to be the largest DDoS attack in history at 600 GBps, enough to bring down its website and most of its online services for some considerable time.

Data breach has climbed from 3rd place in 2015 to 2nd place this year with 80% of respondents expressing concern about the prospect of this type of threat materialising (2015: 74%). Not only are data breaches damaging reputationally, they can be expensive in terms of any fines imposed as result.

Unplanned telecoms and IT outage may have dropped from 1st place in 2014 to 2nd place in 2015 and now 3rd place in 2016, but it is still a very real threat with 77% of respondents expressing concern (2015:81%). Offices, shops, factories and warehouses are all heavily reliant on IT infrastructures and when those infrastructures fail it can cause severe disruption.

This year’s global top ten threats to organizations are:

  1. Cyber-attack – static
  2. Data breach – up 1
  3. Unplanned IT and telecoms outages – down 1
  4. Acts of terrorism – up 6
  5. Security incidents – up 1
  6. Interruption to utility supply – down 2
  7. Supply chain disruption – down 2
  8. Adverse weather – up1
  9. Availability of talents/key skills – up 5
  10. Health and safety incident – up 1

David James-Brown FBCI, Chairman of the Business Continuity Institute, commented: “The need perceived by organizations to identify and build resilience to this range of threats reveals the importance of this survey for business continuity professionals, the Horizon Scan’s reputation and reliability make it one of the most popular reports in the industry on a global scale. It is indeed crucial for practitioners to advise organizations on what to prepare for and adjust their recovery plans accordingly.

"The industry landscape is rapidly changing, and so should our discipline in order to keep up with both traditional and modern challenges. At the top of the list this year we continue to see threats such as cyber-attack, data breach and unplanned IT outages. More traditional threats such as terrorism continue to be ’front-of-mind’ for organizations. Given the rise of new challenges and the fact that old ones remain, horizon scanning techniques are even more valuable in assisting organizations to be prepared to the best of their potential.

Howard Kerr, Chief Executive at BSI, commented: “2015 saw a number of high profile businesses across the world hit by cyber attacks, so it’s reassuring to see that so many are aware of the threat it poses. Our research finds it to be the top concern in six out of the eight regions surveyed.

However, we remain concerned to see that businesses are still not fully utilizing the information available to them to identify and remedy weaknesses in their organizational resilience.

The report concludes that horizon scanning impacts on overall resilience as it provides an objective basis for assessing near-term threats that lead to disruption. The Horizon Scan Report, as a global study aggregating practitioner input across industry sectors and regions, complements in-house analysis and provides useful input for strategic decisions.

Download your free copy of the Horizon Scan Report here. If you have any questions, or would like to find out more, join us for our webinar on the 25th February when we will be discussing some of the findings and answering any of your questions.

Comments (3)

    Has anyone ever done any research on whether the fears/predictions ever materialise? or at least the level of correspondence between what actually happens and those highlighted as greatest risk.
    It maybe that that analysis of previous year's fears and actual incidents may show that organisations may be placing emphasis on what never crystallises, based on the hot topic (cyber, pandemic etc.)

    I'll stick my neck out and predict there will be a wide discrepancy between perceived risks and actual events.

    - Rob Osborn - Mar 07, 2016 14:38 GMT

    Thanks for sharing your thoughts, Rob. While there may be variations in terms of perceived risk and actual risk, this piece of research shows what business continuity professionals are concerned about the most. That level of concern may not be related to impact or consequence --- there could be other factors that come into play such as preparedness. The Horizon Scan Report sets the baseline, but what is vital is that all organizations conduct their own horizon scan is order to address the threats specific to them.

    - Patrick Alcantara - Mar 08, 2016 17:16 GMT

    All risk is in the future. It may never happen, so all risks are perceived but never actual - unless they eventuate and then are no longer risks.
    As for the research: read Tetlock's 2015 book "Superforecasting: The art and science of forecasting". The intelligence community (an oxymoron) is shown to be rather poor but we can learn to be better at assessing or forecasting.

    - Chris Peace - Apr 12, 2016 06:15 BST

Add comment

Comment