New research from the Business Continuity Institute argues that companies need to strengthen their resilience across three domains to ensure long-term success.
By Junita van der Colff, Manager: Advisory, ContinuitySA
Every year, the Business Continuity Institute, in collaboration with the British Standards Institution, publishes Horizon Scan Report—a look at the threats that concern companies most at present. As always, this year’s report is essential reading for anyone concerned with risk and how to mitigate it through business continuity management.
The Horizon Scan Report 2016 available from the BCI identifies the Top 10 threats that companies believe they currently face. It’s highly significant that the top three relate to ICT—surely a marker of how reliant business has become on IT systems and telecommunications. However, the influence of ICT is even broader because it has been the prime enabler of the global economy, with its long and complex supply chains.
Because everything is interconnected, all the threats we see in the Top 10 have impacts on each other. Thus a terrorist incident in France or a typhoon in South-East Asia can have devastating indirect impacts on a company in South Africa. Supply chains are global now, as are markets and, increasingly, the most sought-after talent. All of these appear on the list of most concerning risks.
Organisations, the report suggests, must thus build resilience in three main areas: information/ data, operations and the supply chain.
The very concept of resilience speaks to the fact that predicting what the impact of a particular disaster will be is more and more difficult, as well as the fact that quite severe impacts can be experienced from disasters in quite distant parts of the world that affect companies that are only indirectly connected to yours. The Japanese tsunami affected electronics manufacturers because certain components could not be produced within certain deadlines.
Another extremely interesting—and perturbing—finding in this year’s Horizon Scan Report is that despite companies’ awareness of risk, a quarter of them (26 percent) still do run any trend analysis, and 33 percent don’t use the results they do have to understand risk better.
Worrying too, though hardly surprisingly, small to medium-sized enterprises are less likely to perform trend analysis than large businesses.
On the positive side, it seems as though ISO22301, the international standard for business continuity, is gaining traction. Fifty-one percent of organisations surveyed claim to be using it as a framework for business continuity management. This is worth celebrating because a comprehensive, structured approach offers the best chance of ensuring one understands the issues correctly, and puts measures in place with the right kind of rigour—something that’s particularly important when the environment is so complex and volatile.