The BCI has released its annual survey-based Horizon Scan Report, which identifies the risks and threats which have been dominating the agenda for organizations over the past year as well as those which are expected to cause an impact over the coming 12 months. The 2022 Horizon Scan Report was sponsored by BSI.
After being considered the primary risk in 2021, the threat of the pandemic still lingers with non-occupational disease remaining the primary risk to organizations and their staff over the next 12 months. The report also finds that the top four survey responses in the risk and threat assessment for the past year are all linked to the pandemic.
Practitioners should continually review the risk landscape to ensure they are prepared for all events. Interviewees for this report admitted that had they known that war would occur in Ukraine they would have answered the survey questions differently – an example in itself of relying on current incidents only and deprioritizing the threats of other incidents, says the BCI. Indeed, the conflict in Ukraine has already resulted in an increased number of cyber-attacks and varied disruptions to the supply chain.
In the light of the above, the main theme arising from this report is preparing for the unexpected. In this effort, while organizations are seeing a better awareness of disruptions from their management, work still needs to be done to improve the interdisciplinary nature of business continuity management.
Despite both falling a few places in the threat and risk assessment ranking for the past 12 months, ‘IT and telecoms outages’ and ‘cyber-attacks and data breaches’ are still critical considerations for organizations, particularly those operating on a hybrid or remote working basis. Indeed, both are in the top five risks for the coming 12 months, on the basis of frequency and expected impact.
The number of cyber attacks increased by around 50 percent in 2021 but the conflict in Ukraine has increased the number of attacks by up to 800 percent, according to some sources says the report. Of course, as the report shows, the security of global supply chains are at particular risk from the threat of cyber attacks. If an organization’s critical supplier is hit, then one cyber attack has the potential to impact many organizations down the line. This highlights the importance of building resilience into a supply chain at all levels, from the pre-contract stage all the way to delivering to market.
The Horizon scan report also marks the first time practitioners were asked what they see as the greatest threats on a medium- to long-term (5-10 years) basis. Alongside cyber security concerns, organizations also highlighted climate risk as an emerging threat.
While extreme weather events, such as storms and floods, have received much coverage over the last few months alone, many organizations view extreme weather as an ‘acute’ risk.
This scale of risk would see plans regarding extreme weather regularly exercised and eventually enacted in the event of a flood, for example. However, discussions regarding the upgrade of extreme weather to a ‘chronic’ risk should now be taking place says the BCI. This could, for example, entail pre-emptively moving offices out of areas prone to extreme weather events.
Other key findings include:
- The effect on staff morale, wellbeing and mental health are now the greatest consequence of disruptions for respondents.
- After the pandemic, there has been an 11 percentage point increase in the number of organizations who are seeking to align their processes and procedures to the ISO 22301 business continuity management standard.
- Remote working remains among the primary risks for 2022, with organizations starting to find ways of embedding their new working practices.