Top five business continuity risks for 2014

March 2014 Security Services & Risk Management

At the beginning of 2013, ContinuitySA warned that business risks were becoming more complex and intertwined, and so much harder to predict and plan for. But this year they are also becoming more extreme.

Michael Davies, CEO of ContinuitySA.
Michael Davies, CEO of ContinuitySA.

“As the world becomes more interconnected, issues faced in other parts of the globe can create risks here in South Africa. For example, the unprecedented cold weather in the United States and severe storms in the United Kingdom should be prompting businesses to start thinking about the extreme nature of the risks they face,” says Michael Davies, CEO of ContinuitySA. “The global business environment has created a web of interdependencies so that any untoward event has a set of knock-on effects. Directors and executive management, who have a duty to ensure the company is able to stay in business, must have a comprehensive business continuity plan in place.”

Davies and his team have identified five current categories of risk for 2014 that should be featuring in business continuity planning.

1. IT and data risk is growing

IT is strategic and, to a greater or lesser degree, every business is a digital business. However, a key risk is that internal IT departments are failing to keep pace with changing needs, in turn prompting massive use of private mobile devices to access corporate systems and the unplanned use of cloud-based services like Dropbox. Another related IT risk is ‘server sprawl’, creating complex environments that are difficult and expensive to manage, and hard to recover in the event of a disaster.

“The information on a company’s systems is increasingly valuable as advances in analytics make it more useful – its loss now represents a considerable risk,” Davies observes. “A lot of this data is client-sensitive and so is protected by law.”

In parallel, cybercrime appears to be on upward trend, with cybercriminals threatening precious (and often legally protected) data. Denial-of-service attacks can also cause systems to collapse, creating another business continuity risk. While estimates of cybercrime prevalence vary dramatically, it’s clear that it is both significant and underreported.

2. The macroeconomic climate remains problematic

Slow and inconsistent global recovery and a volatile currency are obvious risks that most businesses consider but often from a purely financial perspective. “But the impacts on your business’s viability may be much more subtle; for example, decreased economic activity could reduce tax receipts and so construction of infrastructure on which your business depends,” Davies points out.

3. Long supply chains expose companies to a wider range of risk

Locally, Gauteng e-tolling has emerged as a proxy for political dissatisfaction (and a rare unifying issue) for both the middle and working classes. It’s possible that continued protests could disrupt supply chains, and will certainly raise costs in the short term.

“Looking more broadly, I think the combination of ever longer supply chains and the just-in-time mentality is creating a huge risk that many businesses do not properly factor into their business continuity planning,” Davies says. “The strike by component manufacturers in our local automotive industry is one good example, but think of the effect of extreme weather on manufacturers in Japan and Thailand in past years, which all but crippled international car and electronics supply chains. A comprehensive business continuity management plan for the entire supply chain is now mandatory.”

4. Environmental degradation and climate change are too easy to ignore

Aside from the obvious macro risks of violent climactic events and a compromised environment, South African business needs to pay particular attention to water. Our water resources are limited and yet are becoming ever more polluted. Acid mine drainage is, if the scientists are to be believed, a ticking time bomb although, as is so often the case, experts seem prone to getting the timing of natural processes wrong.

5. Societal risks are escalating in scale and seriousness

As 2014 is an election year, political risk has to feature on business continuity plans. Electioneering raises the stakes and could make industrial action even more bitter, while marches that get out of hand could disrupt operations. South Africa is not the only country with forthcoming elections, and organisations should consider in which countries their products and services are being delivered and from where their supplies come. Generally, too, international political developments could derail the slow economic recovery; Iran and North Korea are only two of many countries that could spark a new crisis.

Following on from the attack on Westgate Mall in Nairobi, extremist violence must be a consideration particularly for companies with Pan-African operations.

Another key societal risk to business continuity is the ‘new normal’ of violent and protracted strike action. This unwelcome state of affairs is part of a widespread dynamic of social discontent and instability. Violent and disruptive service-delivery protests are one example, but so are growing rates of alcohol and drug abuse, not to forget anxiety and depression. All of these factors have an impact on absenteeism and productivity.

All of these five categories of risk carry the subsidiary, but highly dangerous, risk of reputational damage. Warren Buffet has rightly said, “It takes 20 years to build a reputation and only five minutes to destroy it” – and an unmitigated disaster is one way to achieve that destruction.

In conclusion, Davies warns that business continuity – the process for identifying and mitigating these and other risks, remains widely misunderstood. Too many businesses continue to imagine that if they have a plan in place for IT disaster recovery, their business continuity is assured.

“Strategic as it is, IT isn’t the whole business. Business continuity planning and management must cover all the risks the business faces and put in place contingency plans to keep the entire enterprise operating,” says Davies. “The call centre and work-area recovery requirements for a business need to be considered, and the company must understand the risks its supply chain faces. One’s business is now dependent on entities outside of the corporation: is each of them adequately protected?”

For more information contact ContinuitySA, +27 (0)11 554 8050, [email protected],





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Risk management and compliance enforcement
Security Services & Risk Management
Having a risk management and compliance programme (RMCP) is not just a procedural formality; it is a legal requirement under Section 42 of the Financial Intelligence Centre Act (FICA).

Read more...
The dangers of poor-quality solar cables
Security Services & Risk Management Smart Home Automation
Reports indicate that one in six fires attended by South African firefighters is linked to substandard solar installations, often due to faulty wiring or incompatible components.

Read more...
Growing risks for employers
Security Services & Risk Management
With South Africa’s unemployment rate exceeding 32% and expected to rise beyond 33% this year, desperation is fuelling deception in the job market. Trust is no longer a given, it is a gamble.

Read more...
Chubbsafes celebrates 190 years
Gunnebo Safe Storage Africa News & Events Security Services & Risk Management
Chubbsafes marks its 190th anniversary in 2025 and as a highlight of the anniversary celebrations it is launching the Chubbsafes 1835, a limited edition 190th-anniversary collector’s safe.

Read more...
New law enforcement request portal
News & Events Security Services & Risk Management
inDrive launches law enforcement request portal in South Africa to support safety investigations. New portal allows authorised South African law enforcement officials to securely request user data related to safety incidents.

Read more...
Continuous AML risk monitoring
Access Control & Identity Management Security Services & Risk Management Financial (Industry)
AU10TIX, launched continuous risk monitoring as part of its advanced anti-money laundering (AML) solution, empowering businesses to detect behavioural anomalies and emerging threats as they arise.

Read more...
Growing risks for employers
Security Services & Risk Management
With South Africa’s unemployment rate exceeding 32% and expected to rise beyond 33% this year, desperation is fuelling deception in the job market. Trust is no longer a given, it’s a gamble.

Read more...
Managing mining physical security risks
Zulu Consulting Security Services & Risk Management Mining (Industry) Facilities & Building Management
[Sponsored] Risk-IO, a web app from Zulu Consulting, is designed to assist risk managers in automating and streamlining enterprise risk management processes, ensuring no steps are skipped and everything is securely documented.

Read more...
SAFPS issues SAPS impersonation scam warning
News & Events Security Services & Risk Management
The Southern African Fraud Prevention Service (SAFPS) is warning the public against a scam in which scammers pose as members of the South African Police Service (SAPS) and trick and intimidate individuals into handing over personal and financial information.

Read more...
Rewriting the rules of reputation
Technews Publishing Editor's Choice Security Services & Risk Management
Public Relations is more crucial than ever in the generative AI and LLMs age. AI-driven search engines no longer just scan social media or reviews, they prioritise authoritative, editorial content.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.