IT-related threats continue to provide the greatest concern for organisations, according to a new report published by the Business Continuity Institute (BCI), in association with the British Standards Institution (BSI).
The annual BCI Horizon Scan has pitted such threats above other threats like natural disasters, security incidents and industrial disputes.
Three quarters (77%) of business leaders said they fear the possibility of an unplanned IT and telecoms outage, whilst 73% worry about the possibility of a cyber-attack or data breach.
The report has also identified long-term trends, with 73% seeing the use of the internet for malicious attacks as a major threat that needs to be closely monitored, and 63% feeling the same way about the influence of social media.
The top 10 threats to business continuity
- Unplanned IT and telecom outages
- Cyber attack
- Data breach
- Adverse weather
- Interruption to utility supply
- Security incident
- Health & Safety incident
- Act of terrorism
- New laws or regulations
>See also: 2017 cyber security trends
“At a time when changing climatic, social, political and economic situations are forcing organisations to be nimble in adapting to novel threats, it is essential to learn from others experience and best practice,” said Howard Kerr, CEO at BSI.
“Developing the resilience of networks, services and business critical information must be an integral part of an organisation’s wider business resilience strategy. By putting in place a framework based on risk standards, you will be able to identify, prioritise and manage the range of threats to your business more effectively and keep your stakeholders reassured.”
Adverse weather moved up the list of threats with 57% of respondents expressing concern or extreme concern. This was before the storms that have swept the UK and those on the eastern seaboard of the United States and Canada.
Geography and industry seemingly play an important role in determining threat levels, with respondents from Japan and New Zealand showing greater levels of concern for earthquakes, while those in the manufacturing industry rating supply chain disruption and product quality control as greater threats.
Of the 71% of respondents who stated that they did conduct a trend analysis, a fifth of them claimed they had no access to the final output.
Less than half of the respondents (44%) reported using the international standard ISO22301 as the framework for their business continuity management programme.
The report, designed to offer a better understanding of threats to business continuity and helping practitioners learn how to protect their organisations against them, also revealed surprising trends in other areas of business continuity.
Supply chain disruption, last year within the top 10 concerns, moved down the list to 16th place. This is despite increasing supply chain complexity featuring within the top five emerging trends, in addition to the recent BCI Supply Chain Resilience Survey, which revealed that 75% of respondents experienced at least one supply chain disruption during the previous year.
Also highlighted was that, despite these growing levels of concern, only 18% of organisations are increasing their level of investment in business continuity programmes, while 11% are actively reducing theirs. The report further revealed that 22% of organisations conducted no trend analysis as part of their business continuity process, so are potentially failing to assess these threats altogether.
The report concludes that with the variation in concerns across geographical locations and industry sectors, not all threats are generic. Organisations need to invest wisely in the development of technologies that can help counter the threats relevant to them, and the impact these threats would have should they materialise.
With so many threats clear and present, the onus is on the industry to emphasise the immediate and very real return on investment a business continuity programme has to offer.
“This survey shows that there are some threats that are more common among most organisations, while others present themselves to varying degrees between different geographic locations or industry sectors,” said Lyndon Bird FBCI, technical director at the BCI.
“Organisations are different so the horizon scanning process is essential in order to assess these threats and ensure that the right business continuity plan is in place to deal with the impact of them.”