Tag Archives: BCI

BCI publishes Manifesto for Organisational Resilience as part of Business Continuity Awareness Week 2018

Working together is the key for successfully delivering organisational resilience. This is the core concept of the Manifesto for Organisational Resilience issued by the Business Continuity Institute (BCI) in tandem with Business Continuity Awareness Week 2018.

In the new 15-page document, the BCI explains what it will do in order to deliver its vision of a resilient world. To this end, the Manifesto lists four main points:

*Research: The BCI will champion academic research and new thinking for the benefit of the practitioner community

*Global Alliances: The BCI will create a series of global and local Resilience Alliances with other like-minded professional bodies

*Best Practice Groups: The BCI will aim to utilise the ‘collective brain power’ of some of the most experienced practitioners to create practice groups in the UK, Europe, India, North America and Australasia

*Online Resilience Tool: The BCI will develop a free online tool designed to increase awareness among organisations of all sizes and across all sectors

BCAW2018Logo

In this Manifesto, the BCI provides a detailed explanation of the concept of organisational resilience (ie ‘the ability of an organisation to absorb and adapt in a changing environment’) and how disciplines should collaborate in order to achieve it.

David Thorp, executive director of the BCI, stated: “Our view at the BCI is that no organisations can claim ownership of the resilience ground. What we propose is to work with other professional bodies and membership organisations in the resilience spectrum to provide a range of benefits for the mutual gain of all of our members. Collaboration is the key to a resilient future for organisations, This Manifesto is the first step towards making that future happen.”

The BCI’s Business Continuity Awareness Week 2018 was sponsored by Strategic BCP and SAI Global.

Founded back in 1994 with the aim of promoting a more resilient world, the BCI has established itself as the world’s leading Institute for business continuity and resilience. The BCI has become the membership and certifying organisation of choice for business continuity and resilience professionals globally with over 8,000 members in more than 100 countries working in an estimated 3,000 organisations in the private, public and third sectors.

The vast experience of the Institute’s broad membership and partner network is built into the organisation’s education, Continuing Professional Development and networking activities. Every year, more than 1,500 people choose BCI training, with options ranging from short awareness raising tools through to a full academic qualification available online and in a classroom.

The Institute stands for excellence in the resilience profession and its globally recognised certified grades provide assurance of technical and professional competency.

The BCI offers a wide range of resources for professionals seeking to raise their organisation’s level of resilience, while its extensive thought leadership and research programme helps drive the industry forward. With approximately 120 Partners worldwide, the BCI Partnership offers organisations the opportunity to work with the BCI in promoting Best Practice in business continuity and resilience.

The BCI welcomes everyone with an interest in building resilient organisations, be they newcomers, experienced professionals or organisations. Further information about the BCI is available online at www.thebci.org

Leave a comment

Filed under Risk Xtra

Social engineering “a top cause of cyber incidents” finds Cyber Resilience Report

Research commissioned by Crises Control from the Business Continuity Institute for its annual Cyber Resilience Report 2016 confirms much of what we already suspected about the changing nature of the cyber threat and the way that cyber criminals have found new ways to defeat corporate perimeter security.

66% of respondents to the survey reported that their companies had been affected by at least one cyber security incident over the last 12 months. The costs of these incidents varied greatly, with 73% reporting total costs over the year of less than €50,000, but 6% reporting annual costs of more than €500,000.

The increased difficulty of breaching perimeter security and the increased human resources available to cyber criminals has combined to produce a new point of attack. This is focused on the weakest link in the corporate security chain, which is now human beings rather than technology.

The term ‘social engineering’ describes this attack vector, which relies heavily on human interaction and often involves tricking people into breaking normal security procedures. The BCI research shows clearly that phishing (ie obtaining sensitive data through false representation) and social engineering is now the single top cause of cyber disruption, with over 60% of companies reporting being hit by such an incident over the past 12 months.

A further 37% were hit by spear phishing (ie phishing through identity fraud).

BCICyber

The research has also confirmed that, to effectively counter this threat, companies now need behavioural threat detection provided by a cyber security network monitoring solution. These plug-in devices monitor your network for signs of suspicious insider activity and failed attempts to hack into the system.

They can also provide invaluable intelligence to be acted upon proactively to nip a successful hack or insider threat in the bud.

Traditional anti-virus monitoring software is no longer enough. The BCI research shows that 72% of companies have this software in place, but only 26% of real cyber security incidents were actually discovered through this route. Much worse, 18% of incidents came to attention through an external source such as a customer, a supplier or the impact on a public website.

Network monitoring solutions are much more effective than anti-virus software in terms of alerting companies to a cyber breach, with 63% of businesses having network monitoring software in place and 42% of cyber incidents being brought to attention through the work of the IT Department to whom such systems report.

The scale of the cyber threat can feel overwhelming at times, but educating your own employees about the nature of the threat and then putting in place the right solutions can go a long way towards mitigating the social engineering threat and significantly enhancing your corporate cyber resilience.

The message is simple… Act now before it’s too late.

Leave a comment

Filed under Risk UK News

BCI European Awards 2017: Shortlist of finalists announced

The Business Continuity Institute (BCI) is pleased to announce the shortlist for the 2017 BCI European Awards. Some of the most outstanding business continuity and resilience professionals and organisations have made it to the final stage.

BCIEuropeanAwards

Continuity and Resilience Consultant 2017

Alberto Mattia (Panta Ray)
Petra Morrison (Daisy Group)
Werner Verlinden (Musena Consulting)

Most Effective Recovery 2017

BPER Banca
IBM
West Yorkshire Fire & Rescue

Continuity and Resilience Innovation 2017

Barclays Group Resilience
Crises Control
Everbridge

Continuity and Resilience Newcomer 2017

Elodie Huet (Arup)
Linda McAllorum (MUFG Investor Services)
Patrick Teves (Nestle Deutschland AG)
Timothy Dalby-Walsh (Needhams 1834)
Tinne Dewolf (Goffin Consulting)

Continuity and Resilience Professional (Private Sector) 2017

Joseph McClean (Ulster Bank)
Ken Clark (ARM)
Rob van den Eijnden (Philips)
Sarah Armstrong-Smith (Fujitsu)

Continuity and Resilience Professional (Public Sector) 2017

Carl Mayfield (Milton Keynes Council)
Rina Singh (NHS Professionals)
Russ Parramore (South Yorkshire Fire & Rescue)

Continuity and Resilience Provider (Service/Product) 2017

Alert Cascade
Business Continuity Training
ClearView Continuity
Send Word Now
Sungard Availability Services

Continuity and Resilience Team 2017

Aon
BT
Chief Fire Officers Association
Marks & Spencer

Sponsored by Sungard Availability Services, the BCI’s European Awards Gala Dinner and Ceremony takes place at The Principal Hotel in Edinburgh on Thursday 11 May. The awards will be presented by David Thorp, the BCI’s executive director.

Tickets to the event include reception drinks, a three-course meal with fine wines and the awards ceremony. Individual tickets costs £75.00 +VAT. Tables of ten are priced at £675 +VAT.

*To book your tickets for this event click here

Leave a comment

Filed under Risk UK News, Uncategorized

“Faster response times needed to combat cyber threat” finds BCI survey

Two thirds of respondents to a global survey carried out by the Business Continuity Institute report that they had experienced at least one cyber incident during the previous twelve months, while 15% stated they had experienced at least ten incidents during the same period.

The frequency of these cyber incidents demonstrates exactly why it’s so important for organisations to have plans in place to mitigate them or otherwise lessen their impact.

The Cyber Resilience Report, conducted by the BCI and sponsored by Crises Control, found that there was a wide range of response times for cyber incidents. Almost a third of organisations (31%) stated that they responded within one hour. However, one fifth (19%) take a worrying four hours or more in responding to a cyber event, while almost half (44%) take more than two hours to respond. This has clear implications for the time taken to return to business as usual, and the ultimate cost of the incident to the host organisation.

IntelligenceLedSecurity2

Even if businesses wish to respond immediately to a cyber attack, the nature of the attack may render them unable to do so. The research finds that phishing and social engineering are the top causes of cyber disruption, with over 60% of companies reporting being hit by such an incident over the past 12 months and 37% attacked by way of spear phishing.

The BCI has discovered that 45% of companies were hit by a malware attack and 24% by a Distributed Denial of Service episode. All these forms of attack will, in different ways, render an organisation’s own network either contaminated or inoperable. Their website may have been taken down and they may well have to switch off their Internet connection until they can secure themselves from further attack.

A detailed study of 369 business continuity and resilience professionals from across the world, the research also reveals that the costs of these incidents varied greatly, with 73% reporting total costs over the year of less than €50,000, but 6% reporting annual costs of more than €500,000.

David James-Brown FBCI, chairman of the BCI, commented: “This piece of research is one of the most timely, insightful and relevant the BCI has ever produced. Cyber attacks tend to target the weakest links of an organisation. That calls for a greater awareness of cyber crime. As the cyber threat evolves, it’s crucial to stay on top of it, building long-term initiatives and regularly updating recovery plans.”

Rickie Sehgal, chairman of Crises Control, added: “Rapid communication with employees, customers and suppliers is vital for any company in terms of responding effectively to a major business disruption event such as a cyber attack. When your business is at risk, even a one-hour delay in responding to an incident can be too long. Taking more than two hours to respond, as almost half of companies appear to do, is simply unacceptable.”

Leave a comment

Filed under Risk UK News, Uncategorized

Advent IM confirmed as cyber security solution supplier to Her Majesty’s Government

Holistic security consultancy and a member of the Malvern Cyber Security Cluster, Advent IM Ltd has announced its confirmed status as cyber security solution supplier to Her Majesty’s Government.

The announcement follows on from the company’s long-standing and successful supplier relationships with several Government departments.

The cyber certification scheme is administrated by the Department for Business, Innovation and Skills and enables certified cyber security suppliers to Government to be able to publicise the fact. This offers a distinct advantage to those businesses, further enables the Government’s plan to work with more SMEs and also supports the export of UK cyber security expertise.

Speaking about the news, Advent IM director Julia McCarron told Risk UK: “The supply of specialist IA consultancy services to the UK Government is the foundation upon which Advent IM was built and this remains a very important sector for us. As an SME, we value the relationships we have with Her Majesty’s Government’s departments and agencies. Being awarded this status is important for our continued partnership development in this area and we’re delighted that we’ve been recognised as an official cyber security solution provider.”

Advent IM joins other members of the Malvern Cyber Security Cluster who have been recognised for their contribution to UK Government cyber security by being part of this scheme.

Advent IM has announced the company’s confirmed status as a cyber security solution supplier to Her Majesty’s Government

Advent IM has announced the company’s confirmed status as a cyber security solution supplier to Her Majesty’s Government

Holistic security management solutions

Advent IM is an independent specialist consultancy focusing on holistic security management solutions for information, people and physical assets across both the public and private sectors.

Established in 2002, Advent IM is a Centre of Excellence for security services, promoting the benefits of Best Practice guidelines and standards and the need to address risk management to protect against potential threats.

From offices in the Midlands and London, Advent IM’s consultants work nationwide and are members of the CESG Listed Advisor Scheme (CLAS), the Institute of Information Security Professionals (IISP), The Security Institute, the Business Continuity Institute and the British Computer Society.

Julia McCarron: director at Advent IM

Julia McCarron: director at Advent IM

Advent IM consultants are also lead auditors relating to the international standards for Information Security Management (ISO 27001) and Business Continuity Management (ISO 22301), practitioners of PRINCE2 (a recognised project management methodology widely used within the public sector), CISSP-qualified and Home Office-trained physical security assessors.

Leave a comment

Filed under Risk UK News

“Businesses facing high costs of supply chain disruption” states BCI’s research

Business Continuity Institute (BCI) research has exposed the high costs that businesses are facing as a result of supply chain disruptions in this increasingly interconnected world. Nearly a quarter of businesses surveyed have suffered from disruptions within the past year that cost in excess of €1 million, with 40% of them not having sufficient insurance to cover those losses. 20% were only insured against half of these losses.

Organisations simply cannot bury their heads in the sand and pretend an incident will never happen to them. The BCI survey shows that 76% of respondents had experienced at least one supply chain disruption during the previous twelve months, yet a quarter of respondents (28%) still had no business continuity arrangements in place to deal with such an event.

Supported by global insurer Zurich Insurance Group, the BCI report concludes that supply chain disruptions are costly and may cause significant damage to an organisation’s reputation.

While the survey results indicate a growing awareness of business continuity and its role in ensuring supply chain resilience, many organisations have yet to improve on their reporting and business continuity arrangements. Budgets for business continuity and ensuring supply chain resilience are often slashed in favour of other priorities, but this latest study demonstrates why such a move is often found to be an unwise course of action.

With the growing cost of disruption worldwide and the potential reputational damage caused as a result of failing to have appropriate transparency in the supply chain, investments in this area are essential and can make the difference when disaster strikes.

Business Continuity Institute research has exposed the high costs that businesses are facing as a result of supply chain disruptions in this increasingly interconnected world

Business Continuity Institute research has exposed the high costs that businesses are facing as a result of supply chain disruptions in this increasingly interconnected world

Further findings from the research are as follows:
• 78.6% of respondents don’t have full visibility of their supply chains
• Only 26.5% of organisations co-ordinate and report supply chain disruption on an enterprise-wide basis
• 44.4% of disruptions originate below the Tier 1 supplier
• 13% of organisations don’t analyse their supply chains to identify the source of the disruption
• The primary sources of disruption to supply chains in the last 12 months were unplanned IT and telecommunications outages (52.9%), adverse weather conditions (51.6%) and outsourced service failure (35.8%)
• Loss of productivity (58.5%) remains the top consequence of supply chain disruptions for the sixth year running
• Increased cost of working (47.5%) and loss of revenue (44.7%) are also more commonly reported this year and round out the Top Three
• Respondents reporting low top management commitment to this issue have risen from 21.1% to 28.6%. This is a worrying finding as low commitment is likely to coincide with limited investment in what is a key performance area
• The percentage of firms having business continuity arrangements in place against supply chain disruption has risen from 57.7% to 72.0%. However, segmenting the data reveals that small and medium-sized enterprises (SMEs) are less likely to have such arrangements in place than large businesses (with scores of 63.9% and 76.2% respectively)

Commitment to business continuity

Lyndon Bird FBCI, technical director at the BCI, commented: “Should we be alarmed by some of the figures revealed in this survey? Perhaps so. Should we be surprised by them? Probably not. As long as organisations are failing to put business continuity mechanisms in place, and as long as top management is failing to give this issue the level of commitment it requires, supply chain disruptions will continue to occur and they will continue to cost organisations dearly. In our globally connected world, these supply chains are becoming ever more complex and more action is needed to make sure that an incident in one organisation doesn’t become a crisis for another.”

Nick Wildgoose, global supply chain product leader at Zurich Insurance Group, commented: “Top level management support is fundamental to driving improvements in supply chain resilience. I’ve witnessed the significant disruption cost reductions can have in this area. This should be regarded as a business change programme in the context of driving value through supplier relationship management and becoming the customer of choice for your strategic suppliers to improve your business performance.”

Now in its sixth year, the BCI’s annual Supply Chain Resilience Survey has established itself as an important vehicle for highlighting and informing organisations of the importance of supply chain resilience and the key role it plays in achieving overall organisational resilience in today’s volatile global economic climate.

The outcomes of previous surveys have provided organisations with critical insights and valuable information to support the development of appropriate strategic responses and approaches to mitigate the impact and consequences of disruptions within their supply chains.

In terms of this year’s online survey, 525 respondents emanated from 71 countries working in 14 SIC industry sectors. The majority of respondents were from outside the UK.

A major survey from State of Flux – entitled: ‘2014 Global Supplier Relationship Management Research Report’ – was published on 6 November and reinforces the importance of this area as part of overall business performance.

Leave a comment

Filed under Risk UK News

BCI: “Don’t wait for an emergency to prepare an emergency communications plan”

A newly-published report from the Business Continuity Institute (BCI) highlights the fact that, while overall results indicate a good uptake of emergency communications planning, a significant minority of companies remain passive or have difficulty securing management buy-in.

Supported by Everbridge, the report concludes that emergency communications remain an essential part of any business continuity programme. This research demonstrates that, while a great majority of companies are aware of the importance of such communications, there are some gaps in implementation that demand to be addressed.

In order to be effective, emergency communications plans must be continuously updated to reflect the risks that a business faces and embedded well enough within the organisation. Relevant training and education programmes – as well as ensuring top management buy-in – are necessary in promoting a culture of awareness and reducing the risk of communications failure during incidents.

It’s worrying to note that, among those organisations without an emergency communications plan, two-thirds (63.4%) of them would only consider adopting one after a business-changing event. Something akin to shutting the stable door once the horse has bolted. This could have dire consequences as previous BCI research suggests that business-affecting events may often severely affect an organisation’s viability.

A newly-published report from the Business Continuity Institute highlights that, while overall results indicate a good uptake of emergency communications planning, a significant minority remain passive or have difficulty securing management buy-in

A newly-published report from the Business Continuity Institute highlights that, while overall results indicate a good uptake of emergency communications planning, a significant minority remain passive or have difficulty securing management buy-in

Further findings from the report are as follows:

• In a sign of growing awareness, only less than 13.5% of organisations surveyed do not have an emergency communications plan in place
• Emergency communications plans are quite comprehensive in their scope. At least 70% of organisations have plans covering the following threats: IT outages (81.2%), fire (77.8%), power outages (76.2%), weather-related incidents (75.6%), natural disasters (74.9%) and security-related incidents (70.0%). These mirror the top three causes of business disruption as reported by respondents in the last 12 months: IT outages (59.8%), power outages (51.6%) and weather-related incidents (47.2%)
• Almost one fifth of respondents (18.7%) belong to organisations where more than 500 staff members travel internationally on a regular basis. More than 30% report travelling to ‘high risk’ countries
• Almost two-thirds of companies (64.7%) report having training and education programmes in place related to emergency communications. Most have regularly scheduled programmes (64.2%)
• Around 15% of organisations regularly schedule exercises of their emergency communications plans. Most schedule their exercises once a year (55.8%). This is a worrying finding considering that almost half of organisations (49.6%) are likely to invoke their plans more than once during any given year
• More than 70% of organisations take 30 minutes or less to activate their emergency communications plans. Nonetheless, more than a quarter of organisations (27.4%) do not request responses from their staff in the event of an incident or have defined acceptable response rates (28.2%)
• Social media appears to play an important role in an emergency communications plan. 42% of respondents report using social media to monitor their staff during emergencies and almost a third (31.6%) use it to inform stakeholders

Benchmarking of arrangements

Patrick Alcantara, research associate at the BCI and author of the new report, commented: “This survey is seen as the first step towards benchmarking an organisation’s emergency communications arrangements. It’s hoped that it will allow companies to take a second look at their emergency communications capabilities and introduce improvements that will rebound to their benefit. Given how emergency communications may improve survival during extreme situations, it’s important that organisations take heed and aspire towards a robust capability before it’s too late.”

In a sign of growing awareness, only less than 13.5% of organisations surveyed do not have an emergency communications plan in place

In a sign of growing awareness, only less than 13.5% of organisations surveyed do not have an emergency communications plan in place

Imad Mouline, CTO at Everbridge, added: “Fluctuating global threat levels, sophisticated cyber attacks and an ever-growing mobile workforce present increasingly diverse and complex risks to business interests. In this unpredictable environment, business continuity practitioners are consistently faced with the challenge of planning for the unexpected while ensuring the safety of their staff and communities and protecting their businesses from both financial loss and reputational damage. Undoubtedly, this survey provides a benchmark for emergency communications planning.”

This is the first dedicated piece of research into understanding the emergency communications plans of a wide range of organisations and learning how they’re integrated within wider recovery programmes. The results support the anecdotal feedback from the industry, demonstrating that such plans form an established and vital element of continuity plans for medium-to-large size enterprises while also offering some practical ideas for those looking to improve their capabilities in this area.

Leave a comment

Filed under Risk UK News