After the advent of COVID-19, Brexit, the energy crisis, widespread strike action and the war in Ukraine, key trends indicate that enhancing operational resilience remains high on every businesses’ to-do list for the year ahead. Business leaders need to challenge some long-standing assumptions about the things they’ve hitherto taken for granted – like uninterrupted electricity supply – but how do they prioritise their efforts most effectively, when business risk is everywhere?
To help, Daisy experts from across our business continuity and cyber security practice have put together the following key trends for 2023:
Supply chain testing becomes key
Our conversations with customers over the past year have revealed a growing awareness of the criticality of relationships with third-party suppliers and partners. That’s especially true of organisations in highly regulated sectors like financial services, which rely on partners to deliver important business services (IBS). They understand the need to demonstrate control of these relationships, but often don’t know how to. While many are looking to develop questionnaires, audits and frameworks to evaluate these suppliers, they will increasingly look for more sophisticated ways to gain visibility into levels of resilience. Industry guidelines such as those provided by the FCA will be a good starting point.
The energy crisis hits home
A spell of mild weather over the Christmas period may have dampened speculation about unplanned power cuts this winter, but already concerns are mounting about energy security in 2023. If Europe endures a cold snap early in the year and is unable to replenish its gas storage sufficiently during the summer, energy supply could be a more enduring problem to overcome. Key trends show that potential blackouts or power outages could not only impact office-bound workers but also their hybrid-working colleagues. Organisations would do well to plan for this possible scenario now.
Ransomware spurs business continuity invocations
Ransomware continued to surge last year, with detections increasing 20% year-on-year in the UK in the first three quarters of 2022, according to one estimate. There’s no end in sight, as long as organisations keep paying their extorters and hostile nations continue to shield the perpetrators. That’s bad news on two fronts: compromises can take months to fully recover from, denting productivity and operational efficiency in the process. And the theft of sensitive data can add major financial and reputational risk. These trends will in turn drive an increase in business continuity invocations during 2023.
A false sense of security
Key trends suggest that the COVID-19 should have been a wake-up call for many organisations and their business continuity planning processes. But instead, it may have inadvertently given them false confidence in their levels of resilience, following a successful shift to mass home working for many employees. The mindset of “we survived COVID, so we’ll be OK in the future”, could undermine efforts to prepare for the next major crisis. During COVID everyone was impacted in a similar way, what if the next major event is more selective and your competitors are not affected as much as you? Organisations should instead be looking at reasonable worst-case scenarios and stress-testing their plans against these assumptions.
The security market consolidates
After burning white hot over recent years, the cyber security market has begun to consolidate of late, as niche startups struggle to maintain the investment needed to serve their customers. Part of this is down to a growing trend among IT security leaders to rationalise: reducing their management overheads and eliminating point solutions. In 2023, the trend will continue as organisations flock to vendors that are able to provide multiple solutions from a single platform and “pane of glass”.
Security skills shortages worsen
The global shortfall of cyber security professionals now stands at 3.4 million workers, including more than 56,800 in the UK, a 73% increase on 2021 figures. The situation is made worse by inadequate tooling which can overwhelm stretched analysts. The stress caused by alert overload and other pressures are forcing many out of their roles, meaning a greater burden for those left behind. Some 60% of security operations centre (SOC) staff are reportedly planning to quit in 2023.
Firms to tighten security of digital supply chain
Another critical area of cyber security in 2023 will be managing the risk of malware and vulnerabilities in open source components. These are increasingly favoured by DevOps teams to accelerate time-to-market, but also provide a wealth of opportunities for threat actors. Integrating security into these processes via DevSecOps will become more popular as a result.
Rising cyber insurance costs
The rising cost of cyber-attacks is sending insurance policy charges soaring. The global cyber insurance market is anticipated to grow from $12bn worth of annual premiums to $60bn in the next five to ten years according to Lloyds. Ensuring they have the right resilience measures in place to manage cyber risk will help organisations to increase protection, and at the same time reduce their insurance premiums.
Time for a reset
The pandemic may finally be receding from view, but its disruptive impact on corporate resilience programmes is still being felt. Some organisations have not been able to maintain their training and business continuity exercise programmes amidst staff changes. By working with a trusted partner, such as Daisy, to review business continuity arrangements, policies and project plans, organisations can reinvigorate resilience planning workstreams for a busy 2023.