By a quirk of language, the term “threat landscape” is currently used to refer specifically to cyber-threats. These threats alone already keep business continuity professionals on their toes, even if the nitty-gritty of protecting a company in this area is often the direct responsibility of the IT department. However, considering that threats were confined to the web would be short-sighted to say the least. BC practitioners may find themselves having to do educate their colleagues if they want their organisation to think beyond worms and viruses.
The potential problem lies between cyber-threats and the sort of threats listed in business plans. At one end, the notion of attacks via computer networks, principally the Internet, is now generally recognised. At the other, the notion of threats in top-down strategic thinking, as in SWOT (strengths, weaknesses, opportunities and threats) never went away. However, if this is all that people consider, it’s too easy for simple IT outages, floods, power cuts, denial of access and all the other risks to business continuity to get forgotten in between. Things that business continuity practitioners might be tempted to consider as self-evident may simply not get any real share of mind elsewhere in the organisation.
What’s the solution? Once again, communication is of paramount importance. Sharing the key points of business continuity risk analysis, detailing across the major risks to be addressed and explaining the procedures to be followed are all required. Some reports on the (cyber) threat landscape make a point of mentioning that risks in general also go beyond cybercrime. ENISA (European Network and Information Security Agency) for instance cites the Global Risks report from the World Economic Forum. Who knows, perhaps in the not too distant future, we will also see references to the wider field of business continuity.