According to research results published by the Business Continuity Institute (BCI) in association with the British Standards Institution (BSI), cyber attack is once again the top threat posed to organisations’ security as perceived by business continuity professionals. 80% of organisations are either ‘extremely concerned’ or ‘concerned’ about the possibility of a cyber attack. The threat of a data breach remains in second place, while unplanned IT and telecoms outages once again occupy third place.
For the first time in the study’s six-year history, the threat of uncertainty around the introduction of new laws and regulations has entered the list of Top Ten business continuity concerns in the Horizon Scan Report. According to the BCI, these external events “underscore the interconnected nature of risks” and “demonstrate the need for businesses to take them into account” while planning accordingly.
This year’s global Top Ten threats to business continuity are (1) Cyber attack – static (2) Data breach – static (3) Unplanned IT and telecoms outage – static (4) Security incident – up by one place (5) Adverse weather – up by three (6) Interruption to the utility supply – static (7) Act of terrorism – down three (8) Supply chain disruption – down one (9) Availability of key skills – static and (10) New laws or regulations – new entry.
For the first time, the Horizon Scan survey also asked which disruptions respondents had experienced during the previous year in order to understand what lies behind the worry. The results show that nine of the Top Ten concerns also appeared in the Top Ten list of disruptions, with transport network disruption listed at the expense of acts of terrorism. Unplanned IT and telecoms outages charted in first place, followed by interruption to utility supplies and then cyber attack. Data breach is eighth in the list.
With the top four threats all engendering an increasing level of concern among business, the BCI feels it’s worrying that 14% of respondents will experience business continuity budget cuts over the next year, making them less likely to be able to respond effectively to these threats.
Despite growing fears over the resilience of organisations, the report records another fall in the use of long-term trend analyses to assess and understand threats, which is down 1% to 69% this year. Of those carrying out trend analyses, around one third (32%, in fact) of organisations questioned don’t actually use the results of these procedures to inform and underpin their business continuity management programmes.
Agile and dynamic responses
Commenting on the survey results, David Thorp (executive director at the BCI) informed Risk UK: “Given the diversity of the threats out there, it’s absolutely essential for businesses to adopt agile and dynamic responses. Planning to recover from a data breach is very different from planning for the aftermath of a terrorist attack. As this year’s Horizon Scan report highlights, the risk spectrum can be very broad. Malicious Internet actors, political shake-ups and climate change are all among the main worries for societies around the world.”
Thorp added: “As always, the key takeaway should be that with challenges come opportunities. Change doesn’t have to mean less favourable environments, but the landscape may well be different. As businesses venture into uncharted territory, now is the time to identify and undertake the measures that will increase resilience within the organisation by ensuring that effective continuity planning is in place.”
Howard Kerr, CEO at the BSI, observed: “2016 continued to witness high profile businesses affected by cyber attacks and disruption, so it’s not surprising to see that cyber remains the top threat posed to organisations. However, we remain concerned to see that businesses are still not fully using the information available to them in order to identify and remedy weaknesses in their organisational resilience. Ultimately, organisations must recognise that, while there is risk, and indeed plenty of it, there’s also opportunity. Taking advantage of this opportunity means that company leaders can steer their businesses towards not just surviving, but also allow them to thrive.”
There are some variations to the top three threats at the global level. In Belgium, for example, acts of terrorism were third in the Top Ten list. In Central and Latin America, new laws or regulations featured in third place, while in Sub-Saharan Africa, exchange rate volatility was third.
There was more variation when it came to actual disruptions, with adverse weather appearing in second place throughout North America, Asia and Australasia, while the loss of key employees featured in the top three throughout the Middle East and North Africa, Central and Latin America and, indeed, the UK.