2012 Horizon Scan: Cyber attacks and data breaches threaten company resilience and reputation
The Business Continuity Institute (BCI) publishes survey findings on top threats to business continuity in 2012. Investment in fighting threats falls for 10% of organisations.
CAVERSHAM, UK, January 19th 2012 – A new ‘Horizon Scan 2012’ survey from the BCI asked 458 organisations across 49 countries to rate their levels of concern against a range of threats to their business, based on their own risk assessment.
The top five threats evaluated through risk assessment, based on those registering extremely concerned and concerned, are as follows:
- Unplanned IT and telecom outages – 74%
- Data breach (i.e. loss or theft of confidential information) – 68%
- Cyber attack (e.g. malware, denial of service) – 65%
- Adverse weather (e.g. windstorm/tornado, flooding, snow, drought) – 59%
- Interruption to utility supply (i.e. water, gas, electricity, waste disposal) – 56%
UK based respondents reflected the international response as did Australia, Canada, South Africa and the USA. However, indicative responses from India were very different, with transport network disruption, social unrest and fire taking the top three positions. In Japan, respondents put the threat of an earthquake and tsunami as their number one threat with an environmental incident and interruption to utility suppliers in second and third positions respectively.
In individual sectors, respondents in manufacturing picked supply chain disruption as their primary concern, followed by unplanned IT/telecom outage and a product safety incident. In the other industry sectors analysed, there was significant agreement in the threats that pose most concern in terms of data breaches, cyber attack and unplanned outages. In light of the high levels of concern going into 2012, the survey also asked about expectations on investment levels in mitigating these threats. The results show that for 10% of respondents, investment levels will fall, while for 50% levels will be the same; only 25% can report increased levels of investment.
Lyndon Bird FBCI, Technical Development Director at the BCI, commented:
“The prominence of cyber attacks and data breaches in this survey reflects the need to take a more comprehensive approach to dealing with the problem, one which is strategic in nature and not purely technical. Executives need to ask why people are trying to disrupt their business or steal confidential information. Also, private and public sector organisations need to work collectively and adopt more of an ‘open sharing’ approach, so that common cyber threats can be identified more quickly.
“A comprehensive approach to resilience is required, one that Business Continuity Management (BCM) offers. BCM links the firm’s objectives with the risks that it agrees to take and the measures needed to manage the resulting vulnerabilities; it’s a proven approach to developing resilience and protecting an organization’s reputation.
“Looking beyond the top list of threats, we can see that business continuity thinking is being more widely applied than in the past. We would rarely have seen threats such as business ethics incident, new laws or regulations, the availability of credit or exchange rate volatility registering too many responses. This confirms the growing recognition among management teams that BCM is a very effective all risks approach to business resilience”.
For a full list of threats evaluated and response levels, please download the report here: http://www.bcifiles.com/BCIHorizonScan2012.pdf
To learn about how BCM practitioners are developing capabilities to deal with these threats, join us during Business Continuity Awareness Week (March 19th-23rd). Business Continuity Awareness Week (BCAW) is the global free educational event facilitated by the Business Continuity Institute (BCI). Please refer to the website www.bcaw2012.com
About Business Continuity Management
Business Continuity Management (BCM) identifies potential threats to an organization and the impacts to business operations that those threats, if realized, might cause. It provides a framework for building organizational resilience with the capability for an effective response that safeguards the interests of key stakeholders, reputation, brand and value-creating activities.
About the Business Continuity Institute
Based in Caversham, United Kingdom, the Business Continuity Institute (BCI) was established in 1994 to promote the art and science of business continuity management, and to assist organisations in preparing for and surviving minor and large-scale man-made and natural disasters. The Institute enables members to obtain guidance and support from their fellow practitioners, as well as offering professional training and certification programmes to disseminate and validate the highest standards of competence and ethics. It has approaching 7,000 members in 100 countries active in an estimated 2,500 organisations in private, public and third sectors. For more information go to: www.thebci.org
The BCI Partnership, established in 2007, offers corporate membership of the BCI with 80 member organizations including Agenci, Aon Risk Consulting, BAE Systems, BP, BSI Group, BT, ContinuitySA, Deloitte, DNV, ClearView, COOP Systems, DHL Supply Chain, eBay, Getronics, GPAA, IBM, Itau Unibanco, HP, Link Associates, Lockheed Martin, National Grid, Prudential, PwC, Royal Mail, Savant, Statoil, Steelhenge Consulting, UNICEF, VocaLink, and Zurich. To join as a corporate member, go to: www.thebci.org