by Brianna Crandall — April 14, 2014—A new report published by the U.K.-based Business Continuity Institute (BCI) in association with business standards company BSI has revealed that, in spite of the variation of concerns related to geographic locations and industry sectors, information technology (IT)-related threats are continuing to provide the greatest concern for organizations worldwide. These concerns rank above other threats such as natural disasters, security incidents and industrial disputes.
The annual BCI Horizon Scan shows that three-quarters (77%) of business continuity managers fear the possibility of an unplanned IT and telecoms outage, and 73% worry about the possibility of a cyber attack or data breach.
The report also identifies long-term trends, with 73% seeing the use of the Internet for malicious attacks as a major threat that needs to be closely monitored, and 63% feeling the same way about the influence of social media.
According to the BCI/BSI report, this year’s top ten threats to business continuity are:
- Unplanned IT and telecom outages
- Cyber attack
- Data breach
- Adverse weather
- Interruption to utility supply
- Fire
- Security incident
- Health and safety incident
- Act of terrorism
- New laws or regulations
The report, designed to offer a better understanding of threats to business continuity and helping practitioners learn how to protect their organizations against them, also revealed surprising trends in other areas of business continuity. Supply chain disruption, last year within the top ten concerns, moved down the list to 16th place. This is despite increasing supply chain complexity featuring within the top five emerging trends, in addition to the recent BCI Supply Chain Resilience 2013 survey , which revealed that 75% of respondents experienced at least one supply chain disruption during the previous year.
Also highlighted was that, despite these growing levels of concern, only 18% of organizations are increasing their level of investment in business continuity program, while 11% are actively reducing theirs. The report further revealed that 22% of organizations conducted no trend analysis as part of their business continuity process, so are potentially failing to assess these threats altogether.
The report concludes that with the variation in concerns across geographical locations and industry sectors, not all threats are generic. Organizations need to invest wisely in the development of technologies that can help counter the threats relevant to them, and the impact these threats would have should they materialize. With so many threats clear and present, the onus is on the industry to emphasize the immediate and very real return on investment a business continuity program has to offer.
BCI’s infograph shows the spread of business continuity concerns around the world.
(Click on image to enlarge)
Further findings from the report include:
- Adverse weather moved up the list of threats, with 57% of respondents expressing concern or extreme concern. (This was before the storms that have swept the U.K. and those on the eastern seaboard of the United States and Canada, notes BCI.)
- Geography and industry play an important role in determining threat levels, with respondents from Japan and New Zealand showing greater levels of concern for earthquakes, while those in the manufacturing industry rate supply chain disruption and product quality control as greater threats.
- Of the 71% of respondents who stated that they did conduct a trend analysis, a fifth of them claimed they had no access to the final output.
- Less than half of the respondents (44%) use the international standard ISO 22301 as the framework for their business continuity management program.
Howard Kerr, Chief Executive at BSI, commented, “At a time when changing climatic, social, political and economic situations are forcing organizations to be nimble in adapting to novel threats, it is essential to learn from others experience and best practice. Developing the resilience of networks, services and business critical information must be an integral part of an organization’s wider business resilience strategy. By putting in place a framework based on risk standards, you will be able to identify, prioritize and manage the range of threats to your business more effectively and keep your stakeholders reassured.”
