by Brianna Crandall — March 7, 2016—Cyberattack is the top threat perceived by businesses, according to the fifth annual Horizon Scan report recently published by the Business Continuity Institute (BCI), in association with U.K.-based business standards company BSI. Similarly, the threat of a data breach rises to second in the list, up one place from 2015.
The annual BCI Horizon Scan Report assessed the business preparedness of 568 organizations worldwide and shows that three-quarters (85%) of business continuity managers fear the possibility of a cyberattack, with 80% worried about the possibility of a data breach similar to those suffered by Carphone Warehouse and Sony.
BSI cites a recent “Cost of Cybercrime” report from Ponemon that concludes the annualized cost of cybercrime per U.K. company now stands at £4.1 million, a 14% increase in mean value since last year.
Concerns over supply chain disruption remained in the top ten but fell two places, from fifth last year to seventh this year. Almost half of those polled (47%) identified increasing supply chain complexity as a trend, leaving their organization vulnerable to disruption from conflict or natural disasters.
Concerns over the availability of talent and key skills entered the top ten for the first time this year, with 13% indicating they are “extremely concerned” and 34% “concerned” about the threat.
This year’s global top ten threats to business continuity are:
- Cyberattack (same place)
- Data breach (up 1)
- Unplanned IT and telecom outage (down 1)
- Act of terrorism (up 5)
- Security incident (up 1)
- Interruption to utility supply (down 2)
- Supply chain disruption (down 2)
- Adverse weather (down 1)
- Availability of key skills (new entry)
- Health and safety incident (new entry)
Howard Kerr, chief executive at BSI, commented:
2015 saw a number of high-profile businesses across the world hit by cyberattacks, so it’s reassuring to see that so many are aware of the threat it poses. Our research finds it to be the top concern in six out of the eight regions surveyed.
However, we remain concerned to see that businesses are still not fully utilizing the information available to them to identify and remedy weaknesses in their organizational resilience. It is difficult to conceive that either investors or employees will be reassured that the leaders of the organizations they trust are making strategic decisions without an effective evaluation of risk.
Ultimately, organizations must recognize that, while there is risk, and plenty of it, there is also opportunity. Taking advantage of this means that leaders can steer their businesses to succeed by not just surviving, but thriving.
The report also measures sentiment towards specific business trends and uncertainties. The use of the Internet for malicious attacks remains on top this year, with 83% indicating their concern. Increasing supply chain complexity also features in the top ten and on the radar of 47% of respondents.
Despite growing fears over the resilience of their firms, the report records another fall in the use of long-term trend analysis to assess and understand threats, down 3% to 70% this year. Of those carrying out trend analysis, a “worrying” third (33%) are not using the results to inform their business continuity management programs, points out BSI.
Globally, business preparedness shows variations, with 9 out of 10 (94%) organizations in Canada utilizing trend analysis, while just 3 in 10 firms (29%) in the Caribbean and Latin America do so. Small businesses, evaluated for the second time in this year’s report, continue to lag behind, with only 58% compared to 74% of larger businesses.
The report provides the strong recommendation that the rising costs of business continuity demand greater attention from top management. Encouragingly, adoption of ISO 22301, the business continuity standard, appears to be a common framework, with more than half (51%) of organizations now relying upon this.
The Horizon Scan Report 2016 is available to download from the BSI Web site.