Cyber-attack top business threat for second year
Concerns over lack of talent and key skills enter top ten
Failure to analyse trends creates dangerous blind spot for organizations
Cyber-attack is the top threat perceived by businesses, according to the fifth annual Horizon Scan report published today by the Business Continuity Institute (BCI), in association with BSI. Similarly, the threat of a data breach rises to second in the list, up one place from 2015.
The annual BCI Horizon Scan assessed the business preparedness of 568 organizations worldwide and shows that three quarters (85%) of Business Continuity Managers fear the possibility of a cyber-attack, with 80% worried about the possibility of a data breach similar to those suffered by Carphone Warehouse and Sony. A recent industry report highlights the annualized cost of cyber-crime per UK company now stands at £4.1 million, a 14 per cent increase in mean value since last year.
Concerns over supply chain disruption remained in the top ten, but fell two places from fifth last year to seventh this year. Almost half of those polled (47%) identified increasing supply chain complexity as a trend, leaving their organization vulnerable to disruption from conflict or natural disasters.
Concerns over the availability of talent and key skills entered the top ten for the first time this year, with 13% indicating they are ‘extremely concerned’ and 34% ‘concerned’ about the threat.
This year’s global top ten threats to business continuity are:
- Cyber-attack – static
- Data breach – up 1
- Unplanned IT & telecom outages – down 1
- Act of terrorism – up 5
- Security Incident – up 1
- Interruption to utility supply – down 2
- Supply chain disruption – down 2
- Adverse weather – down 1
- Availability of key skills – new entry
- Health and Safety incident – new entry
Howard Kerr, Chief Executive at BSI, commented:
“2015 saw a number of high profile businesses across the world hit by cyber-attacks, so it’s reassuring to see that so many are aware of the threat it poses. Our research finds it to be the top concern in six out of the eight regions surveyed.
“However, we remain concerned to see that businesses are still not fully utilizing the information available to them to identify and remedy weaknesses in their organizational resilience.
“It is difficult to conceive that either investors or employees will be reassured that the leaders of the organizations they trust are making strategic decisions without an effective evaluation of risk.
“Ultimately, organizations must recognize that, while there is risk, and plenty of it, there is also opportunity. Taking advantage of this means that leaders can steer their businesses to succeed by not just surviving, but thriving.”
The report also measures sentiment towards specific business trends and uncertainties. The use of the internet for malicious attacks remains on top this year, with 83% indicating their concern. Increasing supply chain complexity also features in the top ten and on the radar of 47% of respondents.
Despite growing fears over the resilience of their firms, the report records another fall in the use of long-term trend analysis to assess and understand threats, down 3% to 70% this year.
Of those carrying out trend analysis, a worrying third (33%) are not using the results to inform their business continuity management programmes.
Globally, business preparedness shows variations with 9 out of 10 (94%) organizations in Canada utilising trend analysis, while just 3 in 10 firms (29%) in the Caribbean and Latin America do so. Small businesses, evaluated for the second time in this year’s report, continue to lag behind with only 58% compared to 74% of larger businesses.
The report provides the strong recommendation that the rising costs of business continuity demand greater attention from top management. Encouragingly, adoption of ISO 22301, the business continuity standard, appears to be a common framework, with more than half (51%) of organizations now relying upon this.
David James-Brown FBCI, Chairman of the Business Continuity Institute, commented:
“The need perceived by organizations to identify and build resilience to this range of threats reveals the importance of this survey for business continuity professionals, the Horizon Scan’s reputation and reliability make it one of the most popular reports in the industry on a global scale. It is indeed crucial for practitioners to advise organizations on what to prepare for and adjust their recovery plans accordingly.
“The industry landscape is rapidly changing, and so should our discipline in order to keep up with both traditional and modern challenges. At the top of the list this year we continue to see threats such as cyber-attack, data breach and unplanned IT outages. More traditional threats such as terrorism continue to be ’front-of-mind’ for organizations. Given the rise of new challenges and the fact that old ones remain, horizon scanning techniques are even more valuable in assisting organizations to be prepared to the best of their potential.”
- Ends -
Notes to the editor
-  12015 Ponemon ‘Cost of Cybercrime’ report
- Note to the online survey: respondents were from 74 countries. The total number of respondents was 568
- For a full copy of the report, please contact the press office