This newsletter highlights all the feature articles published on Continuity Central during July 2019 as well as various resources.

NOTE: If you cannot read this newsletter properly visit www.continuitycentral.com/roundupaug2019.html

FEATURE ARTICLES

ClearView

Where next for the BIA?
It seems clear from Continuity Central’s recent ‘To BIA or not to BIA... revisited’ survey that the majority of business continuity professionals see the business impact analysis (BIA) as a vital aspect of the business continuity process… but is that the end of the conversation? Is the current bipolar state of the 'keep the BIA as it is' and 'ditch the BIA' discussion nuanced enough?
Read the article
• World

Traditional DR vs DRaaS: six questions to ask
When reviewing the differences between traditional disaster recovery and business continuity methods, compared to the more recent DRaaS (disaster recovery as a service) approach, Steve Blow suggests there are six main things to consider before making a decision on what’s best for your company.
Read the article
• World

Critical alarm management: is an ARC the best way to manage alarms?
External alarm receiving centres (ARC) are employed by many organizations to monitor their alarms around the clock, or after hours when few or no staff are physically on site. But are they always the best way for businesses to effectively manage their alarms and keep employees safe? Klaus Allion gives his view...
Read the article
• UK / World

Daisy

BEC attacks: a low profile but increasingly damaging risk
In 2018, the costs of Business Email Compromise (BEC) attacks passed the $1 billion mark, doubling from the prior year. Crane Hassold looks at the issue and highlights the measures that organizations can take to reduce the risk of becoming a victim of a successful BEC attack.
Read the article
• World

Are you ready to deal with security-breaching insiders?
A hacker is not necessarily someone sitting somewhere in China or Russia trying to hack your bank account; it can be your employee or contractor too. Devin Smith explores the threat and looks at what organizations can do to reduce risks in this area.
Read the article
• World

Three often-overlooked questions to ask when evaluating business continuity software vendors
Organizations looking to purchase a new business continuity software solution tend to focus on software features but often fail to thoroughly evaluate risks specific to the vendor, says Mike Jennings. In this article, Mike examines three commonly overlooked vendor evaluation criteria and provides suggested questions for exposing hidden risks.
Read the article
• US / World

Assurance Software

What are the risks of not responding to a critical alarm in time?
For any organization that operates within a high-risk environment, critical alarms are a fundamental component to assure the safety of staff and continuity of operations.
Read the article
• UK

Implementing IoT: transformation without business disruption
While successful Internet of Things (IoT) implementations can bring big benefits, many projects fail with associated business impacts. Jörg Hecke looks at how businesses can make the most of IoT, without impacting on business as usual.
Read the article
• Europe

RESEARCH, REPORTS & PUBLICATIONS

eBRP

Two sides of the same coin: business resilience and community resilience
An early view version of a paper to be published in an upcoming edition of the Journal of Contingencies and Crisis Management has been made available in the Wiley Online Library.
Read the article
• UK / World

Cyber insurance may create false sense of security among senior financial executives suggests survey
Seven in 10 senior financial executives at the world’s largest companies believe their insurer would cover most or all of the losses their company would incur in a cyber attack. Many of the losses they foresee, however, are rarely covered by insurance. This is according to a new FM Global survey.
Read the article
• US / World

First ever guidelines on public risk management published
Underwriters Laboratories (UL), a global safety science leader, has announced the publication of ‘CAN/UL 2984, Management of Public Risks – Principles and Guidelines’.
Read the article
• Canada / World

Fortress

New academic paper looks at systems engineering for resilience
A new paper, written by John S. Brtis and Michael A. McEvilley from MITRE Corporation introduces the subject of ‘Systems engineering for resilience’ looking at ways of addressing system resilience within systems engineering methodologies.
Read the article
• US / World

Latest Emerging Risks Monitor Report shows that ‘pace of change’ is the top emerging risk
Organizations are concerned about their ability to keep up with a rapidly changing business landscape, driven in part by concerns about their own organizations’ lagging and misconceived digitalization strategies, according to Gartner, Inc.’s latest Emerging Risks Monitor Report.
Read the article
• US / World

83 percent of organizations have been hit with a DDoS attack in the last two years
US Signal has released its 2019 State of Web and DDoS Attacks survey. The study revealed that 83 percent of organizations have experienced a DDoS attack within the last two years, and more than half of them experienced multiple attacks.
Read the article
• US

Capital Continuity

Disaster resilience and business continuity guide launched for Philippines-based organizations
During the 2019 National Summit on Strengthening MSME Disaster Resilience, which took place last week, the Philippines National MSME Resilience Core Group (RCG) launched a new guide to disaster resilience and business continuity.
Read the article
• Philippines

BCI launches ‘Organizational Resilience: Perspectives from the Industry’ report
The Business Continuity Institute has published its latest industry report, which looks at attitudes and approaches to organizational resilience.
Read the article
• UK / World

UK mid-market boards are ‘ignoring cyber risk’; only a minority have a cyber incident response plan
New research from Grant Thornton UK LLP has found that 63 percent of UK mid-market businesses do not have a board member responsible for cyber security. Additionally, over half of the business surveyed (59 percent) do not have a cyber incident response plan in place.
Read the article
• UK

Risk Logic

Cloud security report identifies trends in cloud usage and protection
Bitglass has released ‘Guardians of the Cloud’, its 2019 cloud security report. Each year, Bitglass conducts research on the state of enterprise cloud security in order to identify key trends and common vulnerabilities.
Read the article
• World

2019 Cloud Security Report identifies the leading enterprise security challenges in public clouds
Check Point and Cybersecurity Insiders have released the results of a global Cloud Security Report highlighting the challenges faced by enterprise security operations teams in protecting their public cloud data, systems, and services.
Read the article
• World

Certificate-related outages impact a third of financial sector organizations
Venafi has released the results of a study examining the scale and frequency of certificate-related outages in financial services organizations. Over 100 chief information officers (CIOs) in the financial services industry from the US, UK, France, Germany and Australia participated in the study.
Read the article
• Various

Malicious insider attacks are the most expensive and lengthy attacks to resolve for financial services firms
The cost to address and contain cyber attacks is greater for financial services firms than for companies in any other industry and the containment costs continue to rise, according to a report from Accenture and the Ponemon Institute.
Read the article
• World

Sam Mannan's Safety Triad: a framework for risk assessment
In a paper published in the latest issue of the Process Safety and Environmental Protection Journal, Michael O'Connor, Hans J.Pasman, and William J.Rogers from the TEES Mary Kay O'Connor Process Safety Center, look at the use of Sam Mannan's Safety Triad in organizational protection.
Read the article
• US / World

Cyber threat ‘dwell time’ in small and mid-sized organizations explored
Infocyte has released its inaugural Threat and Incident Response Report, which found that despite sophisticated prevention security tools, small to mid-sized organizations continue to be especially vulnerable to long lasting breaches due to their inability to support the level of IT staffing traditionally required to run a comprehensive detection and response function.
Read the article
• World

Survey finds that cyber security budgets are up; with additional investments being made in risk identification and resilience
Companies worldwide expect to boost their cyber security investments by 34 percent in the next fiscal year, after raising them by 17 percent the previous year, according to a new study covering 467 firms across industries and based in 17 countries.
Read the article
• World

Inadequate identity practices are exposing many businesses to risks
LastPass by LogMeIn has announced the results of a new study conducted by Vanson Bourne to offer businesses insights into the state of identity and access management (IAM) and actionable steps to improve their IAM programme.
Read the article
• World

Business continuity plan ownership is shifting from IT to operations and business leadership
Databarracks has published its 2019 Data Health Check, its annual report into IT resilience, cyber security and cloud computing. The survey, which has been running since 2008, questions over 400 IT decision makers in the UK.
Read the article
• UK

Equipment breakdown identified as a leading cause of business disruption
Equipment breakdown now rivals fire loss in both frequency and severity of claims, according to an analysis of large risk losses reported in 2018 to FM Global, one of the world’s largest commercial property insurers.
Read the article
• World

Tenable Research discovers high impact vulnerability in Siemens critical infrastructure design and automation software
Tenable has announced that its research team has discovered a critical vulnerability in Siemens STEP 7 TIA Portal, design and automation software for industrial control systems (ICS).
Read the article
• US

No sign of a reduction in ransomware attacks against UK organizations
Databarracks has shared new data from its soon-to-be-released Data Health Check survey which highlights that ransomware remains a serious issue for UK organizations.
Read the article
• UK

Report identifies the top climate risks for Canada and looks at resilience by adaptation
An expert panel convened by the Council of Canadian Academies (CCA) has identified Canada's top climate change risks and determined that many costs and damages could be avoided with ‘prompt and thoughtful’ adaptation.
Read the article
• Canada

UK CFOs see Brexit and geopolitics as posing the two greatest risks to their businesses
More than eight in ten CFOs (83 percent) say they expect the long-term business environment to deteriorate as a result of the UK leaving the EU, according to Deloitte’s latest Q2 CFO Survey. This is the highest reading since the referendum in June 2016.
Read the article
• UK

Building resilience and managing post-disruption supply chain recovery: lessons from the information and communication technology industry
A new academic paper proposes an integrated framework to establish an effective post-disruption management process.
Read the article
• World

Have you assessed the organizational impacts and the business continuity benefits of 5G adoption?
A new study from Cradlepoint shows that businesses expect 5G to be a major part of their technology roadmap but have a long way to go before they are ready to implement a solution.
Read the article
• World

To combat potential risks, organizations need to take a holistic approach to responsible AI practices
The estimated $15.7trn economic potential of artificial intelligence (AI) will only be realised if the integration of responsible AI practices occurs across organizations, and is considered before any developments take place, according to a new paper by PwC.
Read the article
• World

IEC 31010:2019 - updated standard for risk assessment techniques now available
ISO has announced the availability of an updated standard, IEC 31010:2019 ‘Risk management - Risk assessment techniques’. This provides guidance on the selection and application of techniques for assessing risk in a wide range of situations.
Read the article
• World

Resilience First releases guide to resilience planning for businesses
The London-based organization Resilience First has produced an aide-memoire that contains key guidance and actions to help business resilience. The ‘Guide to Resilience Planning for Business Communities’ provides some straightforward advice on building resilience...
Read the article
• UK

Report explores cyber resilience, defining its differentiation from cyber security
The Financial Education & Research Foundation (FERF), the independent non-profit research affiliate of Financial Executives International (FEI), has released the ‘Protection vs. Preparation: The Critical Difference Between Cybersecurity and Cyber Resilience’ report sponsored by Microsoft.
Read the article
• US / World

Majority of industry sectors experienced an increase in disruption over the past eight years: Accenture report
Nearly three-quarters (72 percent) of industry sectors experienced an increase in disruption over the past eight years, according to a new report from Accenture.
Read the article
• US / World

Canadian Financial Sector Resiliency Group launched to help improve financial sector resilience
The Bank of Canada has announced the launch of a public-private partnership to strengthen the resilience of Canada’s financial sector. The Canadian Financial Sector Resiliency Group (CFRG) will be responsible for coordinating a sector-wide response to systemic-level operational incidents.
Read the article
• Canada

Australian Securities & Investments Commission consults on proposed technological and operational resilience rules
The Australian Securities & Investments Commission (ASIC) has published a consultation paper proposing new market integrity rules for securities and futures market operators and participants. The rules promote technological and operational resilience of critical systems.
Read the article
• Australia

CALL FOR PAPERS

Written a relevant article or white paper? We'd like to consider it for publication on Continuity Central. Simply e-mail editor@continuitycentral.com

PRIVACY NOTICE

You can read our privacy information at https://www.continuitycentral.com/index.php/privacy-and-cookies

You have subscribed to this newsletter. To unsubscribe visit:
http://www.continuitycentral.com/index.php/unsubscribe or e-mail webmaster@continuitycentral.com

This email was from:
Portal Publishing Ltd, PO Box 1393, Huddersfield, HD1 9TN, UK

Continuity Central is a registered trademark