Cyberattacks and data breaches are once again the top two threats to business continuity in 2017, according to the latest Horizon Scan Report, published by the Business Continuity Institute in association with the British Standards Institute. Nearly 90 percent of the 726 responding organizations from 79 countries report they are concerned about the possibility of a cyberattack, while 81 percent of respondents say the same about a data breach. According to the report, the eight other top threats are: unplanned IT and telecom outages, security incidents, adverse weather, interruption to utility supply, acts of terrorism, supply chain disruption, availability of key skills, and new laws or regulations.
Such threats can test an organization's resiliency. Risk Management magazine recently presented a list of 30 actual risk events that occurred last year. The "Year in Risk 2016" shows how broad the spectrum of threats is. For example:
- A massive denial of service attack blocks access to dozens of websites, including Reddit, Twitter, Amazon, and Netflix. The hacker's identity is still unknown.
- The U.S. federal government declares a state of emergency in Flint, Mich., after unsafe lead levels are found in the water supply. Five local and state government officials resign or are fired, and criminal charges are filed against nine others.
- Following foodborne illness outbreaks at Chipotle Mexican Grill that sickened hundreds of customers, sales are down and the restaurant's stock price has dropped nearly 50 percent since its August 2015 peak.
- Terrorist attacks kill more than 340 people in a shopping center bombing in Baghdad; 87 people in the Bastille Day massacre in Nice, France; 49 people in a nightclub shooting in Orlando, Fla.; and 35 people in a train station bombing in Brussels — sadly, to name just a few.
- In June, 52 percent of U.K. voters elect to leave the European Union. It is yet to be seen how Brexit will affect commerce and trade.
Business resiliency is all about the organization's ability to quickly adapt to risk events such as these while maintaining continuous operations and safeguarding its employees, assets, and brand equity. In this month's cover story, "Resilience Through Crisis," author Mike Jacka takes a comprehensive look at internal audit's role in business resiliency — from crisis plan development, to plan implementation, to post-crisis analysis. In a world full of risk, internal audit can take a proactive role in organizational well-being.
On a separate note, welcome to Charlie Wright, our new "Risk Watch" contributing editor. Wright is director, Enterprise Risk Solutions, for BKD LLP in Oklahoma City. He replaces Paul Sobel, who has contributed his time and expertise to the department since 2008. Thank you, Charlie and Paul!