Are business continuity and resilience professionals planning for the most pressing issues? Our results suggest possibly not. Organizational concerns rarely coincide with the level of disruption that threats have caused in the past.
- Just under half (47%) of practitioners report being ‘extremely concerned’ about data breaches. But only 15% of organizations have experienced disruptions because of it.
- 16% of practitioners report significant concern over acts of terrorism. Only 10% of organizations have been victims of terrorist activity.
Worryingly, it seems that media coverage, rather than data, is setting the business continuity agenda.
- Top perceived threats include cyber attack, data breach and unplanned IT and telecom outages
- Top causes of disruption are unplanned IT and telecom outages, adverse weather and interruption to utility supplies
- 69% of organizations conduct long-term trend analysis – only 29% of business continuity professionals have access to the results
- Top areas for trend analysis are malicious online activity, the reputational impact of social media and disruption caused by losing key employees
- 63% of organizations use ISO 22301 to guide their business continuity programme
- 21% of organizations intend to increase their budgets for business continuity in 2017
Horizon scanning helps us make informed, strategic decisions about the future. Here’s what this year’s Horizon Scan Report says should be on your radar for 2017.
Cyber attacks are still the top concern
In 2017, as in the past three years, cyber attacks and data breaches are the biggest threat faced by organizations. If your company doesn’t already have a robust business continuity plan in place, now’s the time. It could save you from crippling financial costs and potentially serious damage to your brand reputation.
Include provision for severe weather
Adverse weather is fifth on the list of business continuity concerns but over a third of emergency communications are triggered by it –this figure is expected to grow in the years ahead. How can organizations protect themselves from increased disruption? By putting a robust weather resilience programme in place.
Consider the effects of political and regulatory change
Business threats don’t occur in isolation. Political fallouts. Significant policy changes. Rising populism. These can all impact the overall trading environment. Smart organizations are factoring these into their business continuity and resilience plans now.
Tap the potential of trend analysis
A quarter of organizations don’t carry out long-term trend analysis. Even more worryingly, of the business continuity professionals in organizations that do, less than half have access to the outputs. A more collaborative approach is always a good place to start building organizational resilience.
Up your investment in business continuity
Failing to invest in business continuity and organizational resilience programmes can undermine an organization’s long-term stability. More companies than ever are heeding the warning. Almost three-quarters of respondents said their organizations will be maintaining or increasing their investment in business continuity over the next 12 months.
If yours isn’t one of them, you can build top management buy-in by highlighting that business continuity investments translate to better long-term efficiency, lower operational costs and reduced insurance premiums.
21% of organizations will increase their budgets for business continuity in 2017
Only 69% of organizations conduct long-term trend analysis
29% of business continuity professionals are unable to access their organization’s trend analysis results
The impact of ISO 22301
How important do business continuity professionals see ISO certification? The report shows mixed results. While over half of the organizations that took part in our survey align to the ISO standard to guide their business continuity processes, only 12% are certified.
What does this mean for the future of the standard? That remains to be seen. But with a further 10% of businesses reporting that they intend to move towards it in the near future, its standing as the industry benchmark seems secure for now.
Dive into the detail. The report analyses the data gathered in six areas:
- Slow uptake – why some organizations still don’t have a plan
- Triggers and methods – why organizations triggered their emergency communications plans, and the methods they use to get the message to staff
- Who manages what – and why business continuity teams play a central role in implementing emergency communications plans
- Who’s gone where – how organizations prepare for staff travel, especially when it involves ‘high risk’ areas
- The training gap – how organizations should include emergency communications in their regular training programme
- Physical security – how should organizations respond to the increased risk of workplace violence and acts of terrorism?