Cybercrime a huge BCM threat
Although SA ranks third-highest on the list of cybercrime victims (after Russia and China), local companies are not adequately committed to improving their cyber security.
"Cyber security is currently one of the biggest threats to business continuity, and yet there is limited general awareness among business continuity management (BCM) practitioners," says Jeremy Capell, senior manager: risk advisory at Deloitte.
"An article published by Aon estimated that over 70% of South African businesses are significantly unprepared for cyber liability risks."
He adds that this might be due to the fact that local businesses are not fully required to disclose incidents where vulnerabilities have resulted in successful attacks or loss of data. "An increase has, however, been noted in the number of South African companies that are beginning to invest in cyber security assessments and related initiatives."
When it comes to securing their enterprises, Capell believes that the three main challenges for professionals with a BCM mandate are a lack of capacity and focus due to BCM being added onto existing portfolios and roles; inadequate executive buy-in and budgets, and the difficulties inherent in integrating BCM into multiple components of enterprise resilience, such as corporate security, information security, and risk management.
"As with any other threat, BCM professionals should assess the threat and impact within their organisation's operational environment and ensure adequate attention is applied. It would not typically be expected for the BCM practitioner to be a cyber-expert. However, they should be expected to understand the threat and converse with the applicable subject matter expert within their organisations. BCM practitioners should integrate multiple disciplines to bring about enterprise resilience."
Capell will join other subject matters experts from both South Africa and abroad to address the challenges facing local business continuity professionals at the upcoming ITWeb Business Resilience 2014 conference. Speakers will cover a comprehensive range of topics, and the half-day workshop that follows the conference will cover how best to develop a business impact analysis.