IT-related threats provide the greatest concern for businesses, ranking above natural disasters, security incidents and industrial disputes, a report has revealed.
Just over three-quarters of business leaders polled fear the possibility of an IT outage and 73% worry about a cyber attack or data breach.
But geography and industry play an important role in determining threat levels, with respondents from Japan and New Zealand showing greater levels of concern for earthquakes, while those in the manufacturing industry rate supply chain disruption and product quality control as greater threats.
The BCI Horizon Scan also identifies long-term trends, with 73% of respondents seeing the use of the internet for malicious attacks as a major threat that needs to be closely monitored.
Top 10 threats to business continuity in 2014
- Unplanned IT and telecom outages
- Cyber attack
- Data breach
- Adverse weather
- Interruption to utility supply
- Security incident
- Health & Safety incident
- Act of terrorism
- New laws or regulations
“Developing the resilience of networks, services and business-critical information must be an integral part of an organisation’s wider business resilience strategy,” said Howard Kerr, chief executive at BSI.
“By putting in place a framework based on risk standards, you will be able to identify, prioritise and manage the range of threats to your business more effectively and keep your stakeholders reassured,” he said.
The report, designed to offer a better understanding of threats to business continuity, also revealed that while supply chain disruption was among the top 10 threats in 2013, it has moved down to 16th place.
This is despite increasing supply chain complexity featuring in the top five emerging trends, in addition to the recent BCI Supply Chain Resilience Survey, which revealed that 75% of respondents experienced at least one supply chain disruption during the previous year.
Business continuity plans being overlooked
Despite these growing levels of concern, only 18% of organisations are increasing investment in business continuity programmes, while 11% are actively reducing theirs.
More on business continuity
- Virtualising business continuity and disaster recovery activities
- Disaster recovery practices and business continuity plans for SMEs
- Business continuity and disaster recovery plans must affect IT culture
- Include vendors in your business continuity planning process
- Essential guide to disaster recovery and business continuity
- Why a business continuity policy replaces the best disaster recovery plan
- Continuity of operations versus business continuity
- Continual vigilance key to security, says Damballa
The report further revealed that 22% of organisations conducted no trend analysis as part of their business continuity process, which means they are potentially failing to assess these threats altogether.
Of the 71% of respondents who stated that they did conduct a trend analysis, a fifth of them claimed they had no access to the final output.
The report concludes that with the variation in concerns across geographical locations and industry sectors, not all threats are generic.
The report recommends that organisations invest in the development of technologies that can help counter the threats relevant to them, and the impact these threats would have should they materialise.
“With so many threats clear and present, the onus is on the industry to emphasise the immediate and very real return on investment a business continuity programme has to offer,” the report said.
Lyndon Bird, technical director at the BCI said the survey shows that there are some threats that are more common among most organisations, while others present themselves to varying degrees between different geographic locations or industry sectors.
“Organisations are different, so the horizon scanning process is essential to assess these threats and ensure that the right business continuity plan is in place to deal with the impact of them,” he said.