Similar types of disruptions continue to cause significant damage to organisations, as seen in previous years, according to the Business Continuity Institute (BCI) ‘Horizon Scan 2024’ report. IT and telecom outages still are frequent and impactful. The CrowdStrike incident in July has played a key role in this trend, according to the report, having a global impact.
Less headline-grabbing disruptions are having the most extreme effects on organizations, the BCI added. For the first time in these annual reports, financial fraud is at the top of the list of disruptions for 2024. Employee tips are the leading detection method, while fraud is also commonly detected through email or web-based reports, surpassing telephone hotlines. Frauds involving multiple perpetrators or long-tenured employees, and especially higher-ranking executives, cause significantly higher losses. For instance, the involvement of owners or executives results in losses seven times greater than regular employees. The report noted: “The line between fraudulent actions and digital threats is hard to draw, since the two often collide.” The BCI pointed to a recent report by Interpol, on ‘the alarming rise of cybercrime and financial fraud globally, largely fuelled by new technologies’.
In the short term (the next 12 months) and the medium term (five to ten years) cyber-attacks are seen as the number one risk. Cyber is in the words of the report ‘traditionally a top-of-mind concern for senior management’ and, practitioners all-too-often are having to deal with the aftermath of a successful cyber-attack. Interviewees highlighted that humans are the weak link in cyber security, highlighting also the importance of training. Similarly most respondents indicated that their latest serious IT and telecom outages could have been avoided with improved management practices or better processes.
The report noted a ‘complex geopolitical backdrop’. Some businesses are having to deal with the reality of climate change. For example, Spain in November was dealing with the aftermath of its worst flood in modern history.
The report covered ‘tightening regulatory environments’, particularly with deadlines for the coming of the European Union’s Digital Operational Resilience Act (DORA), NIS2 for ‘network and information systems’; and in the UK, Bank of England financial services regulations around the corner. Hence, the report found, a wider range of challenges that makes the operating context ‘frantic’.
In a foreword to the document, sponsored by Noggin, part of Motorola Solutions, Rachael Elliott of the BCI noted that use of industry standards is more important than ever; and that last year’s report showed an all-time high in alignment to the ISO 22301 international standard (‘Security and resilience — Business continuity management systems — Requirements’). The report stated that some use 22301 as a framework for business continuity, and a significant portion are certified to it. On the whole organisations say that they will maintain their investment in business continuity, or even increase it.
You can freely download the report at https://www.thebci.org/resource/bci-horizon-scan-report-2024.html.
