Cyber-attack seen as top business threat
Report shows shock fall in business preparedness
Failure to analyse trends creates dangerous blind spot for organizations
Cyber-attack is the top threat perceived by businesses, according to the fourth annual Horizon Scan report published today by the Business Continuity Institute (BCI), in association with BSI. Supply chain disruption is reported as the fastest rising threat, up 11 places since last year.
The annual BCI Horizon Scan assessed the business preparedness of 760 organizations worldwide and shows that three quarters (82%) of Business Continuity Managers fear the possibility of a cyber-attack, with 81% worried about the possibility of unplanned IT outages and 75% data breaches similar to that suffered by Sony in 2014. A recent industry report1 highlights the annualized cost of cyber-crime per global company now stands at $7.6 million, a 10.4 per cent year-over-year increase.
Concerns over supply chain disruption were the fastest rising threat, climbing to fifth place in this year’s report, up from 16th in 2014. Almost half of those polled (49%) identified increasing supply chain complexity as a trend, leaving their organization vulnerable to disruption from conflict or natural disasters.
This year’s global top ten threats to business continuity are:
- Cyber-attack - up 1
- Unplanned IT and telecoms outages – down 1
- Data breach – static
- Interruption to utility supply - up 1
- Supply chain disruption - up 11
- Security incidents – up 1
- Adverse weather – down 3
- Human illness – up 3
- Fire – down 3.
- Acts of terrorism – down 1
Howard Kerr, Chief Executive at BSI, commented: “Globalization has brought the world’s conflicts, epidemics, natural disasters and crime closer to home. It is of real concern that this year’s report shows that businesses are not fully utilising information to identify and remedy blind spots in their organizational resilience strategies. Tracking near and long-term threats provides organizations of all sizes with an objective assessment of risks and how to mitigate them. Failing to apply best practice leaves organizations and their employees, business partners and customers at risk.”
Despite growing fears over the resilience of their firms, the report records a shock fall in the use of trend analysis by business continuity practitioners, with a fifth of firms (21%) failing to invest in protective discipline. A similar proportion (22%) report not employing trend analysis at all, making it a blind spot for organizations. Globally business preparedness shows variations with 8 out of 10 (82%) organizations in the Netherlands utilising trend analysis, while just 6 in 10 firms in the Middle East and Africa do so (63%). Small businesses, evaluated for the first time in this year’s report, are seen to lag behind industry best practice with just half currently applying international standards for business continuity management.
The report provides the strong recommendation that the rising costs of business continuity demand greater attention from top management. Encouragingly, adoption of ISO 22301, the business continuity standard, appears to have reached a tipping point with more than half (53%) of organizations now relying upon this, up from 43% last year. Almost three quarters of firms (71%) intend to better align their activities with ISO 22301 over the next 24 months.
Lyndon Bird FBCI, Technical Director at the BCI, commented: “The world faces diverse problems from cybercrime and political unrest to supply chain vulnerabilities and health hazards. This report shows the vital importance of business continuity professionals understanding such trends. No longer can those working in the field believe they can resolve all their problems themselves. As an industry we must work together with our fellow practitioners to deal with the complexity of these threats.”