If nothing else, 2017 provided proof positive that the unexpected does happen: South Africa’s political and economic crisis entered a new phase with the GuptaLeaks revelations, Kenya had to rerun its elections and the seemingly indomitable Robert Mugabe was forced from office in disgrace.
Although the election of Cyril Ramaphosa as ANC president has could be seen as reducing risk, his ability to stem corruption, rebuild social cohesion and reignite the economy remains unclear, at best.
The ongoing GuptaLeaks saga has already compromised the reputations of several international firms, with more likely to be affected.
“GuptaLeaks is just another reminder that the risk landscape continues to develop in often unexpected ways, and it is no longer viable to see risks as discrete and separate incidents,” comments Michael Davies, CEO of ContinuitySA, Africa’s leading provider of business resilience solutions. “The materialisation of one risk is more than likely to affect the organisation’s entire risk profile, and the effects will be felt along the entire supply chain. Disasters are also coming from left field.
“For all these reasons, identifying and mitigating individual risks is not sufficient—organisations must build business resilience into their DNA in order to be able to adapt to changing circumstances, protect themselves against threats, withstand attack and, ultimately, recover quickly from any disaster.”
The ContinuitySA ExCo has identified the risks that should be top of mind within an overall drive towards building business resilience:
Cyber risk remains the most likely and most feared risk
Business, and increasingly government, is now more dependent than ever on IT systems, and the data they contain. IT and data outages thus represent a pervasive risk. Recent research indicates that 79% of senior IT managers in the public sector, and 85% of those in the financial services sector, consider data and system security the top priority. The risk is exacerbated by the emergence of sophisticated, well-resourced cyber-criminal networks.
The ongoing march of technology must be seen as a great contributor to the cyber risk all organisations face. Mobility, cloud computing and ubiquitous connectivity within the Internet of Things all introduce new risks that must be confronted.
Cloud introduces a hidden but very serious risk: the assumption that cloud adoption will suffice as a disaster recovery plan and the abdication of accountability for business continuity to cloud providers. Without establishing what the cloud provider’s own business continuity plan is, and its commitment to its clients, IT services (especially continuity of data) and overall resilience cannot be assured.
Brand and reputational risk
This is not a new risk, but one that is growing in importance in the social media age. From the perspective of business continuity, a crisis communication plan is essential to recovering with a reputation and brand that are intact, or even enhanced. Several examples in the past year, among them BA’s IT outage, have shown the impact a tarnished reputation can have on the share price and bottom line.
Compromised state capacity
South Africa is one the many African countries where state capacity to provide utilities and other basic infrastructure continues to be a risk. Water is currently top of mind, but power and other public services can never be taken for granted.
Extreme weather risk
Whatever the causes and longer term trends, extreme weather events seem to be becoming more severe and frequent within the current cycle. The direct risks are harm and injury to people, as well as physical denial of access to workplaces, but the indirect risks of shortages of clean water, power outages and so on also impact business continuity.