A ‘Horizon Scan 2012’ survey from the Business Continuity Institute (BCI) asked 458 organisations across 49 countries to rate their concern against a range of threats to their business, based on their own risk assessment.
The top five threats evaluated through risk assessment, based on those registering extremely concerned and concerned, are as follows:
* Unplanned IT and telecom outages – 74pc
* Data breach (i.e. loss or theft of confidential information) – 68pc
* Cyber attack (e.g. malware, denial of service) – 65pc
* Adverse weather (e.g. windstorm/tornado, flooding, snow, drought) – 59pc
* Interruption to utility supply (i.e. water, gas, electricity, waste disposal) – 56pc.
UK based respondents reflected the international response as did Australia, Canada, South Africa and the USA. However, indicative responses from India were very different, with transport network disruption, social unrest and fire taking the top three positions. In Japan, respondents put the threat of an earthquake and tsunami as their number one threat with an environmental incident and interruption to utility suppliers in second and third positions respectively.
In individual sectors, respondents in manufacturing picked supply chain disruption as their primary concern, followed by unplanned IT/telecom outage and a product safety incident. In the other industry sectors analysed, there was significant agreement in the threats that pose most concern in terms of data breaches, cyber attack and unplanned outages. In light of the high levels of concern going into 2012, the survey also asked about expectations on investment levels in mitigating these threats. The results show that for one in ten of respondents, investment levels will fall, while for half levels will be the same; only 25pc can report increased levels of investment.
Lyndon Bird FBCI, Technical Development Director at the BCI, said:“The prominence of cyber attacks and data breaches in this survey reflects the need to take a more comprehensive approach to dealing with the problem, one which is strategic in nature and not purely technical. Executives need to ask why people are trying to disrupt their business or steal confidential information. Also, private and public sector organisations need to work collectively and adopt more of an ‘open sharing’ approach, so that common cyber threats can be identified more quickly.
“A comprehensive approach to resilience is required, one that Business Continuity Management (BCM) offers. BCM links the firm’s objectives with the risks that it agrees to take and the measures needed to manage the resulting vulnerabilities; it’s a proven approach to developing resilience and protecting an organization’s reputation.
“Looking beyond the top list of threats, we can see that business continuity thinking is being more widely applied than in the past. We would rarely have seen threats such as business ethics incident, new laws or regulations, the availability of credit or exchange rate volatility registering too many responses. This confirms the growing recognition among management teams that BCM is a very effective all risks approach to business resilience.”
For a full list of threats evaluated and response levels, download the report here: http://www.bcifiles.com/BCIHorizonScan2012.pdf
