Cyber-attack is the top threat perceived by businesses. That is according to the fifth annual Horizon Scan report by the Business Continuity Institute (BCI), in association with BSI, the British Standards body. Similarly, the threat of a data breach rises to second in the list, up one place from 2015.
The survey covered the business preparedness of 568 organizations worldwide. Most (85 per cent) of business continuity managers fear the possibility of a cyber-attack, and 80 per cent are worried about the possibility of a data breach similar to those suffered by Carphone Warehouse and Sony. Concerns over supply chain disruption remained in the top ten, but fell two places from fifth last year to seventh this year. Almost half of those polled (47 per cent) identified increasing supply chain complexity as a trend, leaving their organisation vulnerable to disruption from conflict or natural disasters.
Concerns over the availability of talent and key skills entered the top ten for the first time this year, with 13 per cent indicating they are ‘extremely concerned’ and 34 per cent ‘concerned’ about the threat.
This year’s global top ten threats to business continuity are:
1.Cyber-attack – static
2.Data breach – up one
3.Unplanned IT and telecom outages – down one
4.Act of terrorism – up five
5.Security Incident – up one
6.Interruption to utility supply – down two
7.Supply chain disruption – down two
8.Adverse weather – down one
9.Availability of key skills – new entry
10.Health and Safety incident – new entry.
Howard Kerr, Chief Executive at BSI, said: “2015 saw a number of high profile businesses across the world hit by cyber-attacks, so it’s reassuring to see that so many are aware of the threat it poses. Our research finds it to be the top concern in six out of the eight regions surveyed. However, we remain concerned to see that businesses are still not fully utilising the information available to them to identify and remedy weaknesses in their organisational resilience.
“It is difficult to conceive that either investors or employees will be reassured that the leaders of the organisations they trust are making strategic decisions without an effective evaluation of risk. Ultimately, organisations must recognise that, while there is risk, and plenty of it, there is also opportunity. Taking advantage of this means that leaders can steer their businesses to succeed by not just surviving, but thriving.”
The report also measures sentiment towards specific business trends and uncertainties. The use of the internet for malicious attacks remains on top this year, with 83 per cent indicating their concern. Increasing supply chain complexity also features in the top ten and on the radar of 47 per cent of respondents. Despite growing fears over the resilience of their firms, the report records another fall in the use of long-term trend analysis to assess and understand threats, down 3 per cent to 70 per cent this year. Of those carrying out trend analysis, a third (33 per cent) are not using the results to inform their business continuity management programmes.
Globally, business preparedness shows variations with nine out of ten (94 per cent) organisations in Canada utilising trend analysis, while just three in ten firms (29 per cent) in the Caribbean and Latin America do so. Small businesses, evaluated for the second time in this year’s report, continue to lag behind with only 58 per cent compared to 74 per cent of larger businesses.
The report finds adoption of ISO 22301, the business continuity standard, as a common framework, with more than half (51 per cent) of organisations now relying upon this.
David James-Brown FBCI, Chairman of the Business Continuity Institute, said: “The need perceived by organisations to identify and build resilience to this range of threats reveals the importance of this survey for business continuity professionals, the Horizon Scan’s reputation and reliability make it one of the most popular reports in the industry on a global scale. It is indeed crucial for practitioners to advise organisations on what to prepare for and adjust their recovery plans accordingly.
“The industry landscape is rapidly changing, and so should our discipline in order to keep up with both traditional and modern challenges. At the top of the list this year we continue to see threats such as cyber-attack, data breach and unplanned IT outages. More traditional threats such as terrorism continue to be ’front-of-mind’ for organisations. Given the rise of new challenges and the fact that old ones remain, horizon scanning techniques are even more valuable in assisting organisations to be prepared to the best of their potential.”
