Cyber security dominates the threat landscape, according to a Horizon Scan Report, by the Business Continuity Institute (BCI). While a rise in the number of attacks has been slower than previous years, cyber criminals are becoming ever more skilful, the report states. It points also to concerns over state-sponsored cyber crime as a result of continuing global conflicts, besides concerns around the use of artificial intelligence (AI) to generate attacks and create deepfakes.
Rachael Elliott, Head of Thought Leadership, at the London-based BCI, said at the beginning of the report: “Our profession is becoming more dynamic but, for many organizations, this means that the use of industry standards is more important than ever. Bitten by supply chain disruptions during covid-19, organizations are now becoming more demanding in their supplier negotiations, with adherence to ISO 22301 (the business continuity management systems standard) now a common requirement. The report also shows that demonstrable resilience not only attracts shareholders, but also customers. As a result, alignment to ISO 22301 has reached an all-time high in this year’s report.”
Health
While the height of the covid-19 pandemic has passed for all countries, the effects and impacts of the last three years on workforces cannot be ignored, the report states. Organisations report a considerable increase in sickness absence due to health, whether depression, stress or anxiety.
Outages
A move to remote and hybrid work models due to pandemic lockdowns of 2020 has emphasised the need to deal with IT and telecom outages, the report finds. About one in five, 20.4 per cent of respondents reported that an IT or telecom outage was their most disruptive event in the previous 12 months; although cyber attack was named as the top risk for the short term (the next 12 months); and over the mid to long term (the next five to ten years). The greatest consequence of disruption in 2023 was loss of productivity; this shows the importance of the human factor, and the need to focus on staff wellbeing, the report commented.
Risk mitigation
As for the mitigating of such risks and others such as extreme weather, the report found that organizations are increasingly centralising their risk scanning processes, learning from past experiences. Centralising risk management fosters a unified perspective on risks and threats, eliminating silos, the report said. This approach streamlines risk assessments, data interpretation, and decision-making. Most, 77.5pc of organizations draw on the outputs of trend analysis for their business continuity or resilience work, in the name of preparedness. That international standard ISO 22301 remains the standard for benchmarking business continuity practices in almost nine out of ten who took part in the study. Although certification levels fell during the pandemic, the numbers being certified to 22301 marginally increased in 2023. Or, 22301 might be used as a framework – without having certified to it – as enough for a business’ own needs.
Most risk analysis work is done manually, via public sources and through peer collaboration. Moreover, most don’t have a formalised electronic system to manage disruptive incidents such as interruption to energy supply or in the supply chain.
By region
The ‘disruption landscape’ for 2023 varies by region, as might be expected. Asian and North American respondents reported extreme weather events as being the main disruption in 2023, such as record-breaking temperatures. In Africa, interruption to energy supply is the biggest cause of disruption. Most of the disruptions highlighted in the Horizon Scan survey and those mentioned by practitioners in interviews have the ability to interact and heighten the effect of one another, making the preparation for multiple simultaneous events (such as wildfires and flooding at the same time in Australia) a key element of business continuity and resilience plans, according to the report. Also flagged up in the report was ‘expecting the unexpected’; the BCI said that its research has shown that practitioners tend to focus on risks that they are experiencing, rather than taking a broader view of the risk landscape. “One prevailing issue is that organizations often maintain a reactive approach to incidents rather than adopting a proactive, longer term, mindset,” the report said.
The 47-page report, sponsored by Noggin, a cloud-based resilience software platform, is free to download if you register on the Institute’s website.
