Top five business continuity risks for 2014

March 2014 Security Services & Risk Management

At the beginning of 2013, ContinuitySA warned that business risks were becoming more complex and intertwined, and so much harder to predict and plan for. But this year they are also becoming more extreme.

Michael Davies, CEO of ContinuitySA.
Michael Davies, CEO of ContinuitySA.

“As the world becomes more interconnected, issues faced in other parts of the globe can create risks here in South Africa. For example, the unprecedented cold weather in the United States and severe storms in the United Kingdom should be prompting businesses to start thinking about the extreme nature of the risks they face,” says Michael Davies, CEO of ContinuitySA. “The global business environment has created a web of interdependencies so that any untoward event has a set of knock-on effects. Directors and executive management, who have a duty to ensure the company is able to stay in business, must have a comprehensive business continuity plan in place.”

Davies and his team have identified five current categories of risk for 2014 that should be featuring in business continuity planning.

1. IT and data risk is growing

IT is strategic and, to a greater or lesser degree, every business is a digital business. However, a key risk is that internal IT departments are failing to keep pace with changing needs, in turn prompting massive use of private mobile devices to access corporate systems and the unplanned use of cloud-based services like Dropbox. Another related IT risk is ‘server sprawl’, creating complex environments that are difficult and expensive to manage, and hard to recover in the event of a disaster.

“The information on a company’s systems is increasingly valuable as advances in analytics make it more useful – its loss now represents a considerable risk,” Davies observes. “A lot of this data is client-sensitive and so is protected by law.”

In parallel, cybercrime appears to be on upward trend, with cybercriminals threatening precious (and often legally protected) data. Denial-of-service attacks can also cause systems to collapse, creating another business continuity risk. While estimates of cybercrime prevalence vary dramatically, it’s clear that it is both significant and underreported.

2. The macroeconomic climate remains problematic

Slow and inconsistent global recovery and a volatile currency are obvious risks that most businesses consider but often from a purely financial perspective. “But the impacts on your business’s viability may be much more subtle; for example, decreased economic activity could reduce tax receipts and so construction of infrastructure on which your business depends,” Davies points out.

3. Long supply chains expose companies to a wider range of risk

Locally, Gauteng e-tolling has emerged as a proxy for political dissatisfaction (and a rare unifying issue) for both the middle and working classes. It’s possible that continued protests could disrupt supply chains, and will certainly raise costs in the short term.

“Looking more broadly, I think the combination of ever longer supply chains and the just-in-time mentality is creating a huge risk that many businesses do not properly factor into their business continuity planning,” Davies says. “The strike by component manufacturers in our local automotive industry is one good example, but think of the effect of extreme weather on manufacturers in Japan and Thailand in past years, which all but crippled international car and electronics supply chains. A comprehensive business continuity management plan for the entire supply chain is now mandatory.”

4. Environmental degradation and climate change are too easy to ignore

Aside from the obvious macro risks of violent climactic events and a compromised environment, South African business needs to pay particular attention to water. Our water resources are limited and yet are becoming ever more polluted. Acid mine drainage is, if the scientists are to be believed, a ticking time bomb although, as is so often the case, experts seem prone to getting the timing of natural processes wrong.

5. Societal risks are escalating in scale and seriousness

As 2014 is an election year, political risk has to feature on business continuity plans. Electioneering raises the stakes and could make industrial action even more bitter, while marches that get out of hand could disrupt operations. South Africa is not the only country with forthcoming elections, and organisations should consider in which countries their products and services are being delivered and from where their supplies come. Generally, too, international political developments could derail the slow economic recovery; Iran and North Korea are only two of many countries that could spark a new crisis.

Following on from the attack on Westgate Mall in Nairobi, extremist violence must be a consideration particularly for companies with Pan-African operations.

Another key societal risk to business continuity is the ‘new normal’ of violent and protracted strike action. This unwelcome state of affairs is part of a widespread dynamic of social discontent and instability. Violent and disruptive service-delivery protests are one example, but so are growing rates of alcohol and drug abuse, not to forget anxiety and depression. All of these factors have an impact on absenteeism and productivity.

All of these five categories of risk carry the subsidiary, but highly dangerous, risk of reputational damage. Warren Buffet has rightly said, “It takes 20 years to build a reputation and only five minutes to destroy it” – and an unmitigated disaster is one way to achieve that destruction.

In conclusion, Davies warns that business continuity – the process for identifying and mitigating these and other risks, remains widely misunderstood. Too many businesses continue to imagine that if they have a plan in place for IT disaster recovery, their business continuity is assured.

“Strategic as it is, IT isn’t the whole business. Business continuity planning and management must cover all the risks the business faces and put in place contingency plans to keep the entire enterprise operating,” says Davies. “The call centre and work-area recovery requirements for a business need to be considered, and the company must understand the risks its supply chain faces. One’s business is now dependent on entities outside of the corporation: is each of them adequately protected?”

For more information contact ContinuitySA, +27 (0)11 554 8050,,


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Stolen credentials on the Dark Web
October 2019 , Cyber Security, Security Services & Risk Management
Over 21 million credentials belonging to Fortune 500 companies, 16 million of which were compromised during the last 12 months, are up for sale.

Stolen credentials on the Dark Web
October 2019 , Cyber Security, Security Services & Risk Management
Over 21 million credentials belonging to Fortune 500 companies, 16 million of which were compromised during the last 12 months, are up for sale.

Vodacom and SAPS launch MySAPS mobile app
October 2019 , Security Services & Risk Management
Vodacom, in partnership with the South African Police Service, will empower citizens to contribute to their own safety as well as the safety of their communities through the newly launched MySAPS app.

Enterprise security must change
October 2019 , Cyber Security, Security Services & Risk Management
The recent wave of cyberattacks against local banks has highlighted the importance of protecting data against malicious users.

Drones improve risk management
October 2019 , Security Services & Risk Management
Indwe embraces drone technology to help improve risk management and optimise insurance.

Body-worn cameras transforming security
October 2019 , CCTV, Surveillance & Remote Monitoring, Security Services & Risk Management
Police Service Northern Ireland now has over 7 000 officers using 2 500 cameras covering approximately 173 000 incidents each year.

Protecting your customers’ data
October 2019 , Training & Education, Security Services & Risk Management
Simon Murrell, head of development and executive director at BrandQuantum says companies need to protect their customers from identity theft and data breaches.

Edwards Public Address & Voice Alarm System
October 2019 , Security Services & Risk Management, Products
Carrier has added the Public Address & Voice Alarm (PAVA) range to its fire product offerings.

ContinuitySA offers ISO 22301 Lead Implementer course
October 2019, ContinuitySA , Training & Education, Security Services & Risk Management
ContinuitySA is once again offer its five-day Certified ISO 22301 Lead Implementer course on 18-22 November 2019 at the company's Midrand facility.

Preparing your data for PoPI
September 2019 , IT infrastructure, Security Services & Risk Management
When it comes to protecting any information, the way data is secured across the value chain needs to be addressed.