THE BUSINESS Continuity Institute (BCI) has issued its Horizon Scan Report 2022. Sponsored by the British Standards Institution (BSI), the report identifies the risks and threats which have been dominating the agenda for organisations over the past year as well as those expected to realise an impact over the coming 12 months.
After being considered the primary risk in 2021, the threat of the pandemic still lingers with non-occupational disease remaining the primary risk posed to organisations and their staff over the next 12 months.
The BCI’s report also finds that the Fop Four survey responses in the risk and threat assessment for the past year are all linked to the pandemic. It’s essential, therefore, that businesses prepare not just for global threats, but also for the associated risks posed by the same.
It’s questionable as to why the pandemic is still viewed as the primary threat in 2022, particularly so given that restrictions are being lifted globally and workplaces are returning to normal. Practitioners should continually review the risk landscape to ensure they’re prepared for all events.
Interviewees for this report admitted that, had they known about the escalating situation in Ukraine, they would have answered the survey questions differently (an example in itself of relying on current incidents only and deprioritising the threats of others). Indeed, the conflict in Ukraine has already resulted in an increased number of cyber attacks and varied disruptions to the supply chain.
The main theme arising from this report is ‘preparing for the unexpected’. In this effort, while organisations are seeing a better awareness of disruptions from their management, work still needs to be done to improve the interdisciplinary nature of business continuity management.
Despite both falling a few places in the threat and risk assessment ranking for the past 12 months, ‘IT and telecoms outages’ and ‘cyber attacks and data breaches’ are still critical considerations for organisations, particularly so those operating on a hybrid or remote working basis.
Indeed, both are in the Top Five risks for the coming 12 months on the basis of frequency and expected impact.
The number of cyber attacks increased by around 50% in 2021, but the conflict in Ukraine has increased the number of attacks by up to 800%, according to some sources. Of course, as the BCI’s report shows, the security of global supply chains are at particular risk from the threat of cyber attacks.
If an organisation’s critical supplier is hit, then one cyber attack has the potential to impact many organisations down the line. This highlights the importance of building resilience into a supply chain at all levels, from the pre-contract stage all the way through to delivering to market.
This report also marks the first time that practitioners were asked what they believe to be the greatest threats on a medium-term to long-term (five-to-ten years) basis. Alongside cyber security concerns, organisations also highlighted climate risk as an emerging threat.
While extreme weather events, such as storms and floods, have received much coverage over the last few months alone, many organisations view extreme weather as an ‘acute’ risk.
This scale of risk would see plans regarding extreme weather regularly exercised and eventually enacted in the event of a flood, for example. However, discussions regarding the upgrade of extreme weather to a ‘chronic’ risk should now be taking place. This could, for example, entail pre-emptively moving offices out of areas prone to extreme weather events.
The effects on staff morale, well-being and mental health are now the greatest consequence of disruptions for respondents. After the pandemic, there has been an eleven percentage points increase in the number of organisations who are seeking to align their processes and procedures to the ISO 22301 standard.
Remote working remains among the primary risks for 2022, with organisations starting to find ways of embedding their new working practices.
Major global incidents
Rachael Elliott, head of thought leadership at the BCI, commented: “This year’s report has been written at the juxtaposition of two major global incidents: the COVID-19 pandemic and the conflict in Ukraine. After business continuity and resilience professionals made learnings during the pandemic, transformed their business continuity programmes and won the attention required from senior management to breathe additional investment into their departments, the findings of this report show that the old adage is still ringing true. Practitioners’ concerns when it comes to scanning for future risks are still dominated by events which are happening now.”
Elliott added: “Professionals need to continue to broaden their view of the risk landscape to ensure their organisations are fully prepared for a myriad of risks, even if the likelihood of some is perceived as low.”
Pietro Foschi, BSI Group executive director for assurance services, commented: “I welcome this latest BCI report which sheds additional light on the ongoing and emerging global risks for organisations, their people, their data and their extended ecosystems. It’s encouraging to see the progress achieved in managing risks using Best Practice-based standards, not only the international standard on Business Continuity Management Systems (ISO 22301), but also others that contribute to the long-term resilience of organisations large and small.”
Foschi added: “More so than previous editions, this Horizon Scan Report confirms that leaders need to focus on enhancing their resilience as a direct response to increasing threats from cyber attacks, changes to working practices, the climate crisis or geopolitical disruptions. To become truly resilient and future-ready, organisations embedding Best Practice will increase the agility of their teams and accelerate their response to new and emerging global risks, as well as to unpredicted and somewhat unpredictable events.”