Covid was the most disruptive thing ever reported to the annual BCI (Business Continuity Institute) horizon scanning survey. The pandemic has been a lesson in the importance of horizon scanning and being better prepared for grey rhino events (events which are highly probable and will have a high impact but are overlooked) or black swan events (events which are impossible to predict, have a major effect yet often appear obvious in hindsight). The heavy impact of COVID-19 means many are already reviewing how they look at the risk landscape: interviews carried out for this report reveal many are now broadening how they look at the risk landscape, taking more consideration of National Risk Registers and writing or re-writing plans for events which had, until now, been considered as unlikely
Health incidents, another category which was deemed a low risk for 2020, finished the year as the second largest disruptor. Many of these health incidents were not from pathological causes, but from mental health difficulties experienced by staff as a result of covid-19. Cyber-attacks and IT/telecom outages also caused high levels of disruption in 2020 as a result of elevated cyber-crime. As criminals sought to exploit security holes as staff worked remotely, and unforeseen network outages caused primarily by issues with internet latency.
Many told the survey that delayed or missed recertification appointments in 2020 had resulted in their certification lapsing, but hoped to do so before the six month grace period expired. There was, however, an uptick in the number adopting the standard as a framework during the year, suggesting the impact of the pandemic was causing them to re-evaluate the effectiveness of their business continuity
The longevity of response required for covid-19 was also something that took many by surprise. Business Continuity plans sometimes only covered the first few days or weeks of a crisis.
As the recent BCI Supply Chain Resilience 2020 report showed, covid also had an impact on the supply chain, if some critical suppliers were unable to meet contractual requirements. supply chain issues continue today with a global container shortage causing delays. Extreme weather in itself was still a major cause of disruption in 2020, such as bushfires in Australia; and California. Such weather-related disruptions during the year has caused many to consider climate risk in their mid- to long-term planning for the first time, according to the report.
Yet one in three surveyed did not consider covid to be their greatest disruption, though their disruption greater than covid varied; whether extreme weather or IT failure. Many office-based firms reported that covid-19 had very little to no impact as staff able to revert to remote working overnight. For such workplaces, the primary problems might be IT and telecom outages, maybe caused by wider network issues; although overloads of infrastructure may be a result of the pandemic. The report points out that businesses should consider being prepared for multiple events occurring at the same time – such as, if during a pandemic a power outage means home workers can’t work – might the only answer be to bring staff into a back-up prepared office, and work in a covid-safe space?
BCI chair Christopher Horne in foreword said that ‘traditional’ disruptions such as cyber-attacks, extreme weather and IT outages have been firmly positioned at the top of the list of disruptions over the past year.
He said: “Because of the impact these events have on organizations year after year, they also inevitably feature at the top of practitioners’ minds as concerns for the upcoming year. For some organizations, this means preparations for certain risks, threats and events are ignored, even if they are likely to happen and have the potential of causing extreme impact. Michele Wucker famously dubbed these “grey rhino” events, a term which has been familiar with many resilience professionals and has become even more prominent during the pandemic. This past year has been a real-world demonstration of how being resilient and prepared for grey rhino events can be the difference between business survival and business collapse.
“Not unexpectedly this report shows that covid-19 caused severe disruption to organizations in 2020 but, for many, it also provided a timely wake-up call to be better prepared for future crises. The research reveals that organizations are taking a more critical view of future risks and are writing plans for scenarios which have been avoided or neglected in planning up to now.
“Others are already investing in new technologies to help with risk scanning while others are taking a multifaceted approach, drawing on inputs from other sectors, peers, regional and national governments and industry groups. The future certainly will not be all about covid-19, but many practitioners feel unable to remove it from long-term planning and there is concern that new, emerging risks may be missed in the same way covid-19 was.
“Climate risk, for example, is no longer something that can be ignored from risk planning. While the visible indicators of climate change such as wildfires, floods and extreme temperatures are already causing operational disruption to organizations, new laws and regulations relating to climate change will need to be followed and in our social media connected world non-compliance could have a devastating reputational impact. Encouragingly, the disruption during the year has meant many organizations are introducing more robust business continuity programmes. At the BCI, we have seen a strong uptake of our certification courses and skills training, and this survey also reveals that an increasing number of organizations are looking at using the ISO 22301 as a framework for the first time. 2020 may have been a year of extreme disruption, but it has been a year where the importance of horizon scanning has been brought to the forefront.”
More at https://www.thebci.org/resource/bci-horizon-scan-report-2021.html.
