Spring World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Winter Journal

Volume 28, Issue 1

Full Contents Now Available!

Jon Seals

Regulatory and legislative change has assumed the prime position as the leading risk for Australian and New Zealand businesses in 2013/2014, followed by concern regarding deteriorating local economic conditions and the impact of people risk.

These are the major findings of Aon’s 12th annual Australasian Risk Survey, which provides a snapshot of the risk management practices of 380 businesses operating in 15 key industry sectors, including 23 of the ASX top 100 Australian companies.

According to the survey, the top ten risks to Australian and New Zealand businesses are:

...

http://www.continuitycentral.com/news07199.html

The number seven crops up in many contexts: the Seven Wonders of the World, the seven dwarfs, and now the seven levels of cyber security. Let’s start with the different levels of threats posed by hackers. In order of increasing severity, we have: script kiddies (hacking for fun); the hacking group (often the first level of threat for SMBs); hacktivists (politically/socially motivated); black hat professionals (expert coders); organised cyber-criminals; nation states (NSA-style); and finally, the automated malicious attack tools that can infect huge numbers of organisations. With these seven levels of threats, what are the solutions?

...

http://www.opscentre.com.au/blog/is-seven-the-magic-number-for-it-security/

Today we published a new Forrester Wave: Social Risk & Compliance (SRC) Solutions, Q2 2014. This report evaluates 10 vendors emerging to help organizations enable companywide use of social media while providing the necessary controls and oversight to mitigate associated risks and enforce compliance.

Why now

Use of social media today is rampant.

It’s no longer just your marketing team that uses social media for business purposes. Employees across the entire organization use social media for personal and professional reasons, leveraging social to drive real business for your company. The opportunities to enhance your brand, deepen customer relationships, and glean new customer insights are all too valuable to ignore -- but the risks are real too.

...

http://blogs.forrester.com/nick_hayes/14-05-07-announcing_the_social_risk_compliance_src_solutions_wave

Thursday, 08 May 2014 16:06

What if...?

Keynote speaker and facilitator at this year’s BCI Executive Forum, Dr James Bellini sets the scene and identifies some of the major issues that will face business continuity professionals in the years ahead:

As a futurologist of many years’ standing I am regularly confronted with requests to ‘predict’ the outcome of some activity or development in the world of tomorrow. On occasion I’m even asked the name of the winner of an important upcoming horse race, or the score line of a major soccer match a few weeks hence. If only my crystal ball were that magical ... but it also reveals a basic misunderstanding of what futurology is all about.

I see my task as threefold: to apply a reality check on popular perceptions of the world around us, to create a framework for examining how ‘the future’ might unfold and to identify one or two possible future events or issues that would, if they actually occurred, pose very serious challenges for either business, government or the wider society – or all of these together.

...

http://thebceye.blogspot.com/2014/05/what-if.html

Generally speaking, I think internal auditors do a good job of assessing risks and developing risk-based audit plans. But there is always a danger that unfamiliar risks may be overlooked or that rapidly emerging risks will render even the best-crafted audit plans obsolete. If you typically undertake risk assessments only once or twice a year, you may not have incorporated several risks that have suddenly burst onto the radar of management or the Board of your organization.

Here are some areas that should be in our risk crosshairs in 2014:

...

http://www.corporatecomplianceinsights.com/5-risks-that-should-be-on-the-internal-audit-radar-now/

A new study, “The Valuation Implications of Enterprise Risk Management Maturity,” released by the Journal of Risk and Insurance, has found that organizations exhibiting mature risk management practices realize a value growth potential of up to 25%.

The survey is the first wholly independent research project that confirms the value connection of mature enterprise risk management practices in organizations. Using data from the RIMS Risk Maturity Model (RMM) gathered from 2006 to 2011, Mark Farrell, the paper’s author and the actuarial science and risk management program directorat Queens University Management School of Belfast (QUMS) and Dr. Ronan Gallagher of the University of Edinburgh Business School, provided evidence through this research that firms that have reached mature levels of enterprise risk management qualities exhibit a higher firm value. The broad data set encompassed publicly-traded organizations from a variety of industries. Nearly half the data tabulated by the researchers were submitted by RIMS members.

...

http://www.riskmanagementmonitor.com/strong-erm-program-gives-companies-higher-market-value/

The Ponemon Institute has published its ninth annual Cost of Data Breach Study, which was sponsored by IBM.

According to the benchmark study of 314 companies spanning 10 countries, the average consolidated total cost of a data breach increased 15 percent in the last year to $3.5 million. The study also found that the cost incurred for each lost or stolen record containing sensitive and confidential information increased more than nine percent to a consolidated average of $145.

Interestingly, the research was able to provide quantified evidence for the advantages of linking information security management and business continuity management programs, finding that the involvement of business continuity management reduced the cost of a data breach by an average of almost $9 per record.

...

http://www.continuitycentral.com/news07192.html

On May 5, 2014, Target announced the resignation of its CEO, Gregg Steinhafel, in large part because of the massive and embarrassing customer data breach that occurred just before the 2013 U.S. holiday season kicked into high gear. After a security breach or incident, the CISO (or whoever is in charge of security) or the CIO, or both, are usually axed. Someone’s head has to roll. But the resignation of the CEO is unusual, and I believe this marks an important turning point in the visibility, prioritization, importance, and funding of information security. It’s an indication of just how much:

...

http://blogs.forrester.com/stephanie_balaouras/14-05-05-if_you_are_ceo_of_a_consumer_organization_you_have_a_new_job_responsibility_security

Small and medium sized business (SMBs) in the UK are missing out on possible insurance deals that could be available to them if only they had a business continuity plan in place. This is according to a survey conducted by Cloud Direct of more than 500 UK SMBs.

The survey of 558 business and IT decision-makers revealed that 54% of respondents were unaware there were insurance benefits to having a business continuity plan, yet the British Insurance Brokers’ Association (Biba) has long committed to supporting business resilience measures with reduced insurance premiums and excesses. To promote this stance in 2012, they conducted a joint survey with the Cabinet Office, which found that 83% of insurers questioned would give a discount or improve terms to a business interruption policy if a business continuity plan were in place.

...

http://www.thebci.org/index.php/about/news-room#/news/smbs-missing-out-on-insurance-perks-due-to-no-business-continuity-planning-83651?utm_source=rss

undefined

Many business activities and the resources that support them can be disrupted by severe weather. In fact, a survey by the Chartered Management Institute, in association with the BCI, BSI and the Cabinet Office, found that 54% of businesses reported being disrupted by severe weather in 2012, making it the number one cause of business disruption for the fourth year running. Most recently the winter of 2013/14 has been reported as the wettest winter in England and Wales since records began with heavy rainfall and storms causing widespread flooding and disruption.

It is not possible to say that climate change alone is causing the increase in these disruptive events. Other changes are putting more value at risk, such as increasingly lean and complex supply chains and development in vulnerable locations. However, what is clear is that both the frequency of severe weather events and the value at risk are increasing. This has implications for business continuity and broader business objectives.

Organizations need to be prepared for severe weather regardless of the cause. This can involve making physical, operational or strategic changes and includes actions that tackle the likelihood of damage or disruption as well as those aimed at managing its impacts. It can include preparing for opportunities as well as threats.

In partnership with BSI, the Environment Agency has developed a Smart Guide on Adapting to Climate Change using a business continuity management system. Aimed at BC professionals, the guide is freely available and is intended to help:

  • Understand how climate change is influencing their risks
  • Take the lead on managing such risks
  • Be confident that their BCMS will remain effective during disruptive events
  • Make the case for additional resources to implement BC or adaptation measures
  • Communicate effectively about risk management from severe weather and the approach to climate change adaptation both internally and externally.

The Smart Guide can be downloaded for free from here.