BCI Horizon Scan 2017

Post on 05-Apr-2017

37 views 0 download

Transcript of BCI Horizon Scan 2017

11/01/17 The Business Continuity Institute 11

The BCI Horizon Scan Report 2017

Patrick Alcantara DBCIResearch & Insight Lead, BCI

11/01/17 The Business Continuity Institute 2

• Identify near-term threats on the radar of business continuity practitioners worldwide

• Benchmark disruption data and horizon scanning activity

• Describe trends that may influence organizations in the medium- and long-term

Today’s agenda

11/01/17 The Business Continuity Institute 3

• Cyber attacks remain as the top threat practitioners are concerned about (88%), unchanged for the third consecutive year.

• The use of the Internet for malicious attacks comes out on top in the list of business trends and uncertainties (80%), reflecting the growing concern over cyber issues.

• Nearly three-quarters of respondents (73%) report maintaining or increasing their investment in business continuity programmes, reflecting increased awareness of business continuity and its benefits to the organization.

The headlinesBCI Horizon Scan Report 2017

11/01/17 The Business Continuity Institute 4


About the BCI Horizon Scan Report 2017



726 79

11/01/17 The Business Continuity Institute 5

Top threats to organizations worldwide

11/01/17 The Business Continuity Institute 6

• Cyber attacks (88%), data breach (81%) and unplanned IT and telecommunications outages (80%) comprise the top three threats, unchanged from last year’s.

• Security incidents rise from fifth (55% in 2016) to fourth (57% in 2017), reflecting increased concerns about physical security.

• Adverse weather rises three places from eighth to fifth.

• New laws and regulations enter the top 10 this year, possibly reflecting concern over changes in legislation brought about by political events.

• Outside the top 10, exchange rate volatility jumps six places (20th to 14th). Concerns over business ethics incidents and its impact on company reputation are also on the increase (22nd to 15th).

Tracking threatsWhat are organizations most concerned about?

11/01/17 The Business Continuity Institute 7

Top causes of disruption

11/01/17 The Business Continuity Institute 8

• 9 out of 10 threats listed in the horizon scanning exercise match the top causes of business disruption.

– Terrorism did not make it to the top 10.

– Transport network disruption (12th in horizon scanning) did.

• The top causes of business disruption include unplanned IT and telecommunications outage (72%), adverse weather (43%) and interruption to utility supply (40%).

• Some threats do receive more attention than others.

– Cyber attacks (54% ‘extremely concerned’, 35% report it to cause disruption)

– Data breaches (47% ‘extremely concerned’, 15% report it to cause disruption)

Measuring disruption levels Does the concern match actual levels of disruption?

11/01/17 The Business Continuity Institute 9

Emerging trends and uncertainties

11/01/17 The Business Continuity Institute 10

• Cyber issues continue to dominate the list as the use of the Internet for malicious attacks (80%) and the influence of social media (53%) are ranked on top.

• The loss of a key employee (50%) remains unchanged at third for the second consecutive year. This coincides with concern over the availability of key talents and skills on the top 10 of the Horizon Scan.

• Political change is up by two places to sixth (40%), coinciding with a wave of populism sweeping across established democracies worldwide and its anticipated effects on legislation and regulation.

Looking at trends and uncertaintiesWhat are organizations concerned about in the longer term?

11/01/17 The Business Continuity Institute 11

Looking at trends and uncertaintiesWhat are practitioners saying?

The full impact of the Brexit vote won’t be seen in the short term. In the UK, the unpicking of legislation around EU membership is so horrendously complicated.

We are more concerned as we become more dependent on ‘the cloud’, technology, important third party applications and infrastructure as it relates to our ability to react, strategise and recover.

The concentration of processing in global centres increases concentration of risk. An outage has the potential to disrupt continuity worldwide.

11/01/17 The Business Continuity Institute 12

• 25% of organizations do not perform trend analysis at all, a consistent figure across surveys done in recent years. Further awareness on the value of conducting trend analysis is recommended.

Conducting trend analysis

11/01/17 The Business Continuity Institute 13

• 32% of respondents do not have access to trend analysis results or use its findings. This points out to the continued existence of silos within many organizations that act as a barrier to building resilience.

Using trend analysis

11/01/17 The Business Continuity Institute 14

Conducting and using trend analysisWhat are practitioners saying?

We use a variety of sources [to inform in-house analysis]. The BCI Horizon Scan forms a part of the base of our research.

The risks identified at a corporate level have little or no direct link to the way we consider business continuity management. There is scope for a closer link but the risks identified are not operationally focused.

I link the results with our current risks to drive the development of related or up to date business continuity plans.

11/01/17 The Business Continuity Institute 15

• Nearly three-quarters of respondents (73%) report maintaining or increasing their investment in business continuity programmes.

Investing in business continuity

11/01/17 The Business Continuity Institute 16

Investing in business continuityWhat are practitioners saying?

Budget justification is the hardest part. The value is evident when business continuity is invoked for real events, but gaining buy in is always a difficult task.

A dedicated budget is not allocated and no dedicated department exists [at the moment]. However, more personnel will be included in the BCM programme in line with the ISO standard and BCI Good Practice Guidelines in the future.

This fiscal year was the first time we attempted to create a specific BC budget…previously it has been ‘lost’ in other departmental budgets.

11/01/17 The Business Continuity Institute 17

• ISO 22301 uptake remains unchanged with over half of organizations (51%) using the standard in some fashion. The figure is higher for some industries (e.g. IT and telecommunications, energy and utility, and finance and insurance).

Measuring ISO 22301 uptake

11/01/17 The Business Continuity Institute 18

• Organizations need to focus on the objective appraisal of threats and their particular impacts.

• Cyber issues continue to figure significantly in practitioners’ concerns. The effects of disruption from adverse weather is a growing concern as well.

• External events underscore the interconnected nature of risks and demonstrate the need for practitioners to include these in planning.

• Investments in resilience should be sustained in order for organizations to build and maintain adaptive capacity.

Key takeawaysBCI Horizon Scan Report 2017

11/01/17 The Business Continuity Institute 19

011 8372 3079patrick.alcantara@thebci.orghttp://uk.linkedin.com/in/patrickalcantara/en

Patrick Alcantara DBCI

11/01/17 The Business Continuity Institute 20

Thank you