The Business Continuity Institute (BCI) has released the Horizon Scan Report 2022 which identifies the risks and threats which have been dominating the agenda for organizations over the past year as well as those which are expected to cause an impact over the coming 12 months. The 2022 report is sponsored by BSI.
After being considered the primary risk in 2021, the threat of the pandemic still lingers with non-occupational disease remaining the primary risk to organizations and their staff over the next 12 months.
The report also finds that the top four survey responses in the risk and threat assessment for the past year are all linked to the pandemic. It is essential, therefore, that businesses prepare not just for global threats, but also the associated risks from the same. It is also questionable as to why the pandemic is still viewed as the primary threat in 2022, particularly given restrictions are being lifted globally and workplaces are returning to normal. Practitioners should continually review the risk landscape to ensure they are prepared for all events.
Interviewees for this report admitted that had they known about the escalating situation in Ukraine, they would have answered the survey questions differently – an example in itself of relying on current incidents only and deprioritizing the threats of other incidents. Indeed, the conflict in Ukraine has already resulted in an increased number of cyber-attacks and varied disruptions to the supply chain.
Therefore, the main theme arising from this report is preparing for the unexpected. In this effort, while organizations are seeing a better awareness of disruptions from their management, work still needs to be done to improve the interdisciplinary nature of Business Continuity Management.
Despite both falling a few places in the threat and risk assessment ranking for the past 12 months, ‘IT and telecoms outages’ and ‘cyber-attacks and data breaches’ are still critical considerations for organizations, particularly those operating on a hybrid or remote working basis. Indeed, both are in the top five risks for the coming 12 months, on the basis of frequency and expected impact.
The number of cyber-attacks increased by around 50% in 2021, but the conflict in Ukraine has increased the number of attacks by up to 800%, according to some sources. Of course, as the report shows, the security of global supply chains are at particular risk from the threat of cyber-attacks. If an organization’s critical supplier is hit, then one cyber-attack has the potential to impact many organizations down the line. This highlights the importance of building resilience into a supply chain at all levels, from the pre-contract stage all the way to delivering to market.
This report also marks the first time practitioners were asked what they see as the greatest threats on a medium- to long-term (5-10 years) basis. Alongside cybersecurity concerns, organizations also highlighted climate risk as an emerging threat.
While extreme weather events, such as storms and floods, have received much coverage over the last few months alone, many organizations view extreme weather as an ‘acute’ risk.
This scale of risk would see plans regarding extreme weather regularly exercised and eventually enacted in the event of a flood, for example. However, discussions regarding the upgrade of extreme weather to a ‘chronic’ risk should now be taking place. This could, for example, entail pre-emptively moving offices out of areas prone to extreme weather events.
- The effect on staff morale, wellbeing, and mental health are now the greatest consequence of disruptions for respondents.
- After the pandemic, there has been an 11% increase in the number of organizations who are seeking to align their processes and procedures to the ISO 22301 standard.
- Remote working remains among the primary risks for 2022, with organizations starting to find ways of embedding their new working practices.
Rachael Elliott, Head of Thought Leadership at The BCI, commented:
“This year’s report has been written at the juxtaposition of two major global incidents: the COVID-19 pandemic and the conflict in Ukraine. After business continuity (BC) and resilience professionals made learnings during the pandemic, transformed their BC programmes and won the attention required from senior management to breathe additional investment into their departments, the findings of this report show that the old adage is still ringing true. Practitioners’ concerns when it comes to scanning for future risks are still dominated by events which are happening now. Professionals need to continue to broaden their view of the risk landscape to ensure their organizations are fully prepared for a myriad of risks – even if the likelihood of some is perceived as low.”
Pietro Foschi, BSI Group Executive Director Assurance Services, commented:
“I welcome this latest BCI report which sheds additional light on the ongoing and emerging global risks for organizations, their people, their data and their extended ecosystems. It is encouraging to see the progress achieved in managing risks using best practice-based standards, not only the international standard on Business Continuity Management Systems (ISO22301) but also others that contribute to the long-term resilience of organisations, large and small. This report, more than previous editions, confirms that leaders need to focus on enhancing their resilience as a direct response to increasing threats from cyberattacks, changes to working practices, the climate crisis or geopolitical disruptions. To become truly resilient and future-ready, organizations embedding best practice will increase the agility of their teams and accelerate their response to new, emerging global risks, as well as to unpredicted and somewhat unpredictable events.”
The report is available to download on the BCI website.