Why you should be concerned about security incidents… even if you have a BCMS

As you might expect, the BCI Horizon Scan Report 2018 found that the majority of business continuity professionals were “concerned” or “extremely concerned” about the threat of cyber attacks and data breaches.

In this regard, they are much like any other kind of information security professional. The increase in cyber attacks would have anybody concerned. But then again, business continuity professionals aren’t just anybody: their job is focused on the eventuality of a breach or cyber attack. They are tasked with ensuring that their organisation responds promptly to disruptions and that mission-critical functions continue to provide an acceptable level of service.

Why are they concerned?

It would be easy to claim that business continuity professionals’ concern about the threat of disruption was because they weren’t confident in their organisation’s BCMS (business continuity management system). You might argue that, if they have all the right processes in place, why should they be worried?

But that’s not how it works. The goalposts for effective information security are constantly moving, with organisations’ systems frequently evolving and cyber criminals always looking for new vulnerabilities to exploit. There’s also the threat of insider breaches (whether accidental or malicious), which need to be closely monitored, and a litany of incidents that simply can’t be prevented, from natural disasters to technological failures.

Business continuity professionals will have plans for most, if not all, of these possibilities, and they may well be confident that they will work – but they can’t be sure until they put them into practice. Thus, there will always be some level of concern, particularly given that even the most sophisticated response won’t be able to prevent damage entirely.

Benefits of implementing a BCMS

According to Ponemon Institute’s 2017 Cost of Data Breach Study: Impact of Business Continuity Management, organisations with a BCMS save an average of £500,000 per incident. This is largely because of the speed with which organisations can recover; the report found that a BCMS saves organisations 43 days in identifying a breach, and 35 days in containing it.

The report also quantifies other benefits of implementing a BCMS. For example, organisations are 8% less likely to suffer future data breaches and will mitigate the negative impact of a breach, with reputational damage reported 10% less often.

How to implement a BCMS

The best practices for a BCMS are laid out in ISO 22301. The international standard includes a framework for disaster recovery that focus on specific operations, functions, sites, services and applications.

When you implement a BCMS, you should check that your plans and processes meet the Standard’s requirements. You can do this by booking our ISO 22301 gap analysis. One of our experts will visit your organisation, examine your current set-up and detail exactly what you need to do to comply with the Standard.

They will also provide you with an informed assessment of the:

  • Proposed scope of your BCMS;
  • Internal resource requirements for successfully deploying a BCMS project; and
  • Potential timeframe to achieve certification readiness.

Book your ISO 22301 gap analysis now >>