Cyber-attacks have topped the list of biggest threats to business for the second year in a row, followed closely by data threats and an unexpected IT/telecoms outage – according to the fifth annual Horizon Scan Report published by the Business Continuity Institute (BCI) in association with BSI (British Standards Institution).
As these threats, coupled with a challenging and ever-changing business environment plague the worried minds of MDs and IT practitioners, it seems only feasible that companies would act quickly to prepare themselves for a disruption. But despite alarm bells, many companies are still uncertain about adopting a business continuity plan, sceptical about how it could make them any more resilient than usual.
Studies suggest that 75% of companies without business continuity plans fail within three years after facing a disaster. Companies can no longer afford to ignore the need to protect their business with adequate and proactive backup plans.
The world is evolving and as it becomes more digital, acts of terrorism are nowadays manifested in ransomware, malware, phishing and online fraud. Organisations need to understand that they too are vulnerable and increasingly susceptible to these threats. Organisations are not at liberty to take risks and wait for an incident to occur; they must invest in a business continuity plan to safeguard their future.
According to the BCI Horizon Scan Report, 51% of businesses that are taking precautions to improve their chance of survival in the event of a major disruption rely on the adoption of ISO 22301 – the internationally recognised standard for business continuity.
ISO 22301 specifies requirements to plan, establish, implement and monitor a Business Continuity Management System (BCMS). A BCMS is a holistic management process that provides a framework for building resilience to respond to threats. It adopts a more proactive approach than the basic reactive measures of a risk management strategy by understanding the culture of the company and identifying its weaknesses to pre-empt any open windows to disruption.
ISO 22301 helps companies define their key business processes and the disruption that could result from any threats. It provides a comprehensive set of controls based on BCMS best practice, which covers the whole BCMS lifecycle. It defines the strategic and tactical capability of an organisation to plan for and respond to incidents and business disruptions in order to continue business operations at an acceptable pre-defined level.
The ISO 22301 process begins with a risk assessment (RA) where key business methods, systems, services and people are examined to identify external and internal threats. This phase is then followed by a Business Impact Analysis (BIA) which analyses the effect of interruptions to business operations. Together these processes improve the understanding of potential business disasters and how to develop contingency plans to combat them.
Along with the broad adoption of ISO 22301, the BCI Horizon Scan Report revealed that standards exert increasing influence over resilience practice and help to provide supplier and customer assurance. ISO 22301 enhances a company’s reputation and gives them advantage over less resilient competitors. It also demonstrates due diligence and resilience to stakeholders and can improve a company’s risk profile, resulting in reduced insurance premiums. Most importantly, ISO 22301 is integral to safeguarding an organisation’s assets no matter what obstacles are thrown their way.
The 2015 Business Continuity Trends & Challenges Survey conducted by Continuity Central found that the two biggest challenges holding back business continuity developments within companies are a lack of budget, funds and resources (35.6%) and the lack of commitment, buy-in and support from top management (16.4%). It is crucial for companies to consider the ramifications of going without a business continuity plan. The positive implications of adopting a BCMS significantly outweigh the perceived negative implications to do with associated costs, time and resources.
Due to the nature of this information age and the ever-increasing threat of cybercrime it is now more important than ever for companies to devise business continuity plans to prepare for, respond to and mitigate the risks of major disruptions.