disaster recovery (DR) business continuity policy

Top 10 business continuity risks to monitor

Business continuity and disaster recovery threats vary by organization, but common threads can be found across the globe. Ten worrisome trends appear to be having a big year.

For the past several years, the Business Continuity Institute, with support from the British Standards Institution, has published its annual BCI Horizon Scan Report that examines key trends and developments in business continuity. Though some constants remain, the business continuity risks detailed in the report evolve as technological and global developments are made.

In recent years, threats such as cyberattacks and data breaches have started to cause more of a stir than traditional business continuity and disaster recovery (BC/DR) threats, such as network disruptions. Weather disasters, while always a concern, are increasing in frequency as global climate change takes effect.

In the 2018 report, BCI received detailed survey responses from 657 people in 76 countries. Along with documenting the BC/DR threats currently trending, the survey sought to identify how severe the threats are, according to respondents, and what is being done to counter them.

Here are the top 10 business continuity risks identified in the report.


In the past few annual reports published by BCI, cyberattacks and threats to cybersecurity have had the highest number of responses. Many respondents to the survey are concerned that, despite their efforts, they are still at risk of cyberattacks. Major concerns are denial-of-service attacks, phishing and viruses.

Data breaches

 Almost as much as cyberattacks, respondents expressed concern about unauthorized access to their data, databases and other critical systems. The fear is that their data and systems will be damaged, corrupted or destroyed or that access to the data will be denied, as with ransomware.

For the past several years, cyberattacks and threats to cybersecurity have had the highest number of responses.

Unplanned IT and telecom outages

 Despite the improvements in recovery technology and the use of cloud-based systems, the likelihood of damage to critical data and voice systems remains a major concern to respondents.

Interruption to utility supply

Hurricanes and winter storms in the northeastern U.S. have pushed loss of electrical service to the top of many lists of major business continuity risks and threats. Backup power systems (e.g., diesel and natural gas generators, batteries, uninterruptible power systems) are the primary strategy for responding to electric utility outages. Other utilities, such as water, gas, waste disposal or steam, must also be considered for potential disruptions.

free business continuity plan templateClick on the above image to download
our free business continuity plan template.

Adverse weather

The frequency of severe storms and weather seems to be on the rise. The severity of storms also seems to be increasing. For example, hurricanes during 2017 caused billions of dollars in damage, both to property and community infrastructures.

Acts of terrorism

Active shooter incidents, use of motor vehicles as weapons and detonations of explosive devices capture headlines. Respondents to BCI were increasingly concerned about the impact of these events as compared to previous reports.

Security incidents

 Different from cyberattacks, these business continuity risks include physical security breaches, such as unauthorized building access, vandalism to a building and its facilities, fraud and civil disturbances.

Risk matrix for natural and man-made disasters
Natural and man-made disasters that could impact business continuity.


 No matter the level of preparation and prevention, fires can and do occur. One of the most important ways respondents prepare for fires is to have fully charged fire extinguishers in easily accessible locations, with their locations marked by appropriate signage. Fire detection and suppression systems are typically required by local building codes, as are fire extinguishers.

Supply chain disruptions

Whether an upstream or downstream disruption occurs, damage to an organization’s supply chain is a major concern. Supply chain continuity is probably one of the most important activities a BC/DR planning team can address, as it impacts an organization in many ways. Even organizations that provide services via the internet and have no manufacturing activities still need a functioning internet to move their services.

Transport network disruptions

 Once products have been manufactured, the organization depends on many different channels to distribute the finished products. If those channels are unavailable, the organization will not be able to fulfill its orders. Imagine an organization like Amazon without its vast network of shipping and delivery firms. The company would come to a complete standstill.

Further examination of the report revealed a considerable amount of research and analysis of the business continuity risks and issues impacting BC/DR and resilience. The full report can be found on BCI's website.

Next Steps

Updating your old business continuance plan for the new year

How to use AI for business continuity and disaster recovery planning

Dig Deeper on Disaster recovery planning and management

Data Backup