According to the fourth annual Horizon Scan survey published by the Business Continuity Institute (BCI) in association with BSI, cyber attack is presently the top threat vector as perceived by today’s businesses. Supply chain disruption is reported as being the fastest-rising threat, up 11 places since this time last year.
The annual BCI Horizon Scan survey for 2015 assesses the business preparedness of 760 organisations worldwide and shows that three quarters (82%) of business continuity managers fear the possibility of a cyber attack, with 81% worried about the possibility of unplanned IT outages and 75% data breaches similar to that suffered by Sony Corporation during 2014.
A recent industry report published by The Ponemon Institute highlights the fact that the annualised cost of cyber crime per global company now stands at a substantial $7.6 million, representing a 10.4% year-on-year increase.
As stated, concerns over supply chain disruption are the fastest-rising threat for organisations, climbing to fifth place in this year’s report (up from 16th in 2014). Almost half (49%) of those individuals questioned identified increasing supply chain complexity as a trend that could leave their organisation vulnerable to disruption from conflict or natural disasters.
This year’s global Top Ten Threats to Business Continuity, then, are as follows:
(1) Cyber attack – up 1
(2) Unplanned IT and telecoms outages – down 1
(3) Data breach – static
(4) Interruption to utility supply – up 1
(5) Supply chain disruption – up 11
(6) Security incidents – up 1
(7) Adverse weather – down 3
(8) Human illness – up 3
(9) Fire – down 3
(10) Acts of terrorism – down 1
Identifying and remedying ‘blind spots’
Speaking about the survey results, Howard Kerr (CEO at the BSI) told Risk UK: “Globalisation has undoubtedly brought the world’s conflicts, epidemics, natural disasters and crime closer to home. It’s of real concern that this year’s report shows businesses are not making full use of information at their disposal to identify and remedy blind spots in their organisational resilience strategies. Tracking near and long-term threats provides companies of all sizes with an objective assessment of risks and how to mitigate them. Failing to apply Best Practice leaves organisations, their employees, business partners and customers at risk.”
Despite growing fears over companies’ resilience, the Horizon Scan survey records a shock fall in the use of trend analysis by business continuity practitioners, with one fifth of firms (21%) failing to invest in protective disciplines. A similar proportion (22%) report not employing trend analysis at all, making it a ‘blind spot’ for organisations.
Globally, business preparedness shows variations with 8-out-of-10 (82%) organisations in the Netherlands employing trend analysis while just 6-in-10 firms (63%) in the Middle East and Africa adopt the same policy.
Evaluated for the first time in this year’s report, smaller businesses are seen to lag behind industry Best Practice with just 50% currently applying international standards for business continuity management regimes.
The report provides the strong recommendation that the rising costs of business continuity demand far greater attention from senior management.
Encouragingly, the adoption of ISO 22301 (the dedicated business continuity standard) appears to have reached a tipping point with more than half (53%) of those organisations surveyed now relying upon its contents. That’s up from 43% last year.
Almost three quarters of firms (71%) intend to better align their activities with ISO 22301 over the next 24 months.
Lyndon Bird FBCI, technical director at the BCI, commented: “The world is now facing a diverse set of problems, from cyber crime and political unrest through to supply chain vulnerabilities and health hazards. This report shows the vital importance of business continuity professionals understanding such trends. No longer can those working in this arena believe they’ll be able to resolve all of their problems themselves. As an industry, we must work together with our fellow practitioners to deal with the complexity of the threats we now face.”
*Respondents to the online survey emanated from 72 countries
**A copy of the Horizon Scan 2015 survey may be downloaded by visiting the BCI’s website (registration is required)
***Business Continuity Awareness Week 2015 runs from 16-20 March. Access experts, free resources and activities through the portal: bcaw2015.com