The Business Continuity Institute’s recently released survey report, “Horizon Scan 2015” shows a shift in focus among business continuity practitioners away from weather and natural disaster-related concerns towards cyber security. BCI conducts this global study across a wide variety of industries annually to track both threat concerns and business continuity best practices. Some of the most notable findings in 2015 include:
- Fear of cyber-attacks has moved from the number three position to the top spot since 2013 with 43% of respondents reporting it is an “extreme concern”
- Supply chain disruption concerns are on the rise – up 11 positions since 2014
- Those reporting extreme concern for weather/natural disasters dropped from 28% to 18%
Clearly, some of these findings are related to external factors. The percentage of respondents extremely concerned about human illness nearly doubled based on the ebola epidemic in western Africa, and the rise of ISIS has increased focus on the threat of terrorism.
Investment in business continuity grew more in 2015 than the prior year with 23% of respondents reporting that they were dedicating increased resources to meet organizational demands. Another sign of growing business continuity program maturity is a sharp increase in the number of respondents using ISO 22301 as a framework for their BCM implementation which increased from 44% in 2014 to 52% in 2015. Another 17% report plans to adopt the standard in the next year.
Surprisingly, there are not significant differences between large businesses and SMEs in terms of the threats they are most worried about. The biggest difference is that larger businesses tend to be more prepared. Seventy-seven percent of large businesses report doing regular trend analysis to guide their business continuity program strategies compared to just 59% of small businesses.
The bulk of respondents (77%) were from business continuity or risk management functions while only 8% were responsible for IT Disaster Recovery. Given that the top three threats are IT related, it’s clear that cyber security is no longer an IT centric problem.
MissionMode helps business continuity programs standardize response processes for IT and non-IT related incidents. To learn more about how our incident management system can help you improve response times and recovery effectiveness, schedule a demo today.