Six risks which should make African organizations take business resilience seriously in 2018
- Published: Tuesday, 09 January 2018 09:44
ContinuitySA looks at the changing risk landscape facing Africa-based organizations and how it is likely to develop during 2018.
If nothing else, 2017 provided proof positive that the unexpected does happen: South Africa’s political and economic crisis entered a new phase with the GuptaLeaks revelations, Kenya had to rerun its elections and the seemingly indomitable Robert Mugabe was forced from office.
The ongoing GuptaLeaks saga has already compromised the reputations of several international firms, with more likely to be affected:
“GuptaLeaks is just another reminder that the risk landscape continues to develop in often unexpected ways, and it is no longer viable to see risks as discrete and separate incidents,” comments Michael Davies, CEO of ContinuitySA. “The materialisation of one risk is more than likely to affect the organization’s entire risk profile, and the effects will be felt along the entire supply chain. Disasters are also coming from left field.
“For all these reasons, identifying and mitigating individual risks is not sufficient: organizations must build business resilience into their DNA in order to be able to adapt to changing circumstances, protect themselves against threats, withstand attack and, ultimately, recover quickly from any disaster.”
According to the ContinuitySA and IT Web Business Resilience Survey 2017, a substantial proportion of respondents (41 percent) still have no business continuity or disaster recovery plans, and only one-third indicated that they were very confident that their organization would be able to continue functioning with negligible disruption in the event of a disaster. This is even though most executives would concur on the necessity of having business continuity or disaster recovery plans.
“Our experience is that the picture is even worse across Africa as a whole,” says Mr. Davies. “However, certain African countries, among them Kenya, Mauritius, Botswana and Ghana, are starting to make some headway in ensuring that their business continuity management plans are fit for purpose.
“Business continuity management, which is key to building organizational resilience, is gaining traction but more needs to be done. As we continue to integrate into global supply chains, current and potential business partners will see resilience as a key criterion,” he says. “We must build a risk culture within organizations, with the chief risk officer occupying a seat on the board, and a proactive attitude towards risk.”
ContinuitySA has identified six risks that should be top of mind within an overall drive towards building business resilience. These are as follows:
Cyber risk remains the most likely and most feared risk. Business, and increasingly government, is now more dependent than ever on IT systems, and the data they contain. IT and data outages thus represent a pervasive risk. Recent research indicates that 79 percent of senior IT managers in the public sector, and 85 percent of those in the financial services sector, consider data and system security the top priority. The risk is exacerbated by the emergence of sophisticated, well-resourced cyber-criminal networks.
The ongoing march of technology must be seen as a great contributor to the cyber risk all organizations face. Mobility, cloud computing and ubiquitous connectivity within the Internet of Things all introduce new risks that must be confronted.
Cloud introduces a hidden but very serious risk: the assumption that cloud adoption will suffice as a disaster recovery plan and the abdication of accountability for business continuity to cloud providers. Without establishing what the cloud provider’s own business continuity plan is, and its commitment to its clients, IT services (especially continuity of data) and overall resilience cannot be assured.
Brand and reputational risk
Brand and reputational risk is not new, but it is a risk that is growing in importance in the Social Media Age. From the perspective of business continuity, a crisis communication plan is essential to recovering with a reputation and brand that are intact, or even enhanced. Several examples in the past year, among them BA’s IT outage, have shown the impact a tarnished reputation can have on the share price and bottom line.
Compromised state capacity
South Africa is one the many African countries where state capacity to provide utilities and other basic infrastructure continues to be a risk. Water is currently top of mind, but power and other public services can never be taken for granted.
Extreme weather risk
Whatever the causes and longer term trends, extreme weather events seem to be becoming more severe and frequent within the current cycle. The direct risks are harm and injury to people, as well as physical denial of access to workplaces, but the indirect risks of shortages of clean water, power outages and so on also impact business continuity.
Coming on the heels of Ebola in West Africa, the outbreak of bubonic plague in Madagascar reminds us that Africa’s uneven health infrastructure makes us particularly vulnerable to pandemics that could affect business.
Geopolitical and labour risks
Most organizations recognise that geopolitical risks seem heightened at present, from North Korea and the Middle East to political instability and insurrection on our own continent. The threat of labour disruption is increasingly tied to political volatility, especially as various parties contest the basic economic model of society.
“All of the above are risk flashpoints, but the real point is that the risk landscape is highly volatile and interconnected,” Mr Davies concludes. “Organizations must put their main focus on building resilience to ensure they can adapt to, and recover from, disruptions, retain their reputations and thus confirm their places in the global economy.”