The BCI' s annual Horizon Scan survey report, in association with BSI, shows yet again it is IT-related threats that continue to provide the greatest concern for organizations, ranking above other threats such as natural disasters, security incidents and industrial disputes.
The technology we use on a daily basis does not come without its perceived dangers as three quarters (77%) of Business Continuity Managers fear the possibility of an unplanned IT and telecoms outage and 73% worry about the possibility of a cyber-attack or data breach. The report also identifies long-term trends, with 73% seeing the use of the internet for malicious attacks as a major threat that needs to be closely monitored, with 63% feeling the same way about the influence of social media.
This year’s top ten threats to business continuity are:
1. Unplanned IT and telecom outages
2. Cyber attack
3. Data breach
4. Adverse weather
5. Interruption to utility supply
7. Security incident
8. Health & Safety incident
9. Act of terrorism
10. New laws or regulations
Lyndon Bird FBCI, Technical Director at the BCI, commented: “This survey shows that there are some threats that are more common among most organizations, while others present themselves to varying degrees between different geographic locations or industry sectors. Organizations are different so the horizon scanning process is essential in order to assess these threats and ensure that the right business continuity plan is in place to deal with the impact of them. This piece of research has greater significance this year for the BCI as the theme in what is our 20th year is all about looking to the future and facing the new challenges this future will bring.”
The report, designed to offer a better understanding of threats to business continuity and helping practitioners learn how to protect their organizations against them, also revealed surprising trends in other areas of business continuity. Supply chain disruption, last year within the top ten concerns, moved down the list to 16th place. This is despite increasing supply chain complexity featuring within the top five emerging trends, in addition to the recent BCI Supply Chain Resilience Survey, which revealed that 75% of respondents experienced at least one supply chain disruption during the previous year.
Also highlighted was that, despite these growing levels of concern, only 18% of organizations are increasing their level of investment in business continuity programmes while 11% are actively reducing theirs. The report further revealed that 22% of organizations conducted no trend analysis as part of their business continuity process so are potentially failing to assess these threats altogether.
The report concludes that with the variation in concerns across geographical locations and industry sectors, not all threats are generic. Organizations need to invest wisely in the development of technologies that can help counter the threats relevant to them, and the impact these threats would have should they materialise. With so many threats clear and present, the onus is on the industry to emphasise the immediate and very real return on investment a business continuity programme has to offer.
Further findings from the report include:
- Adverse weather moved up the list of threats with 57% of respondents expressing concern or extreme concern. This was before the storms that have swept the UK and those on the eastern seaboard of the United States and Canada.
- Geography and industry play an important role in determining threat levels with respondents from Japan and New Zealand showing greater levels of concern for earthquakes, while those in the manufacturing industry rate supply chain disruption and product quality control as greater threats.
- Of the 71% of respondents who stated that they did conduct a trend analysis, a fifth of them claimed they had no access to the final output.
- Less than half of the respondents (44%) use the international standard ISO22301 as the framework for their business continuity management programme.
Howard Kerr, Chief Executive at BSI, commented: “At a time when changing climatic, social, political and economic situations are forcing organisations to be nimble in adapting to novel threats, it is essential to learn from others experience and best practice. Developing the resilience of networks, services and business critical information must be an integral part of an organisation’s wider business resilience strategy. By putting in place a framework based on risk standards, you will be able to identify, prioritise and manage the range of threats to your business more effectively and keep your stakeholders reassured.”
The full report can be downloaded from the BCI website.