Organizations have increased oversight of Business Continuity Management (BCM) activities, according to a new survey report released by Continuity Insights and sponsored by KPMG LLP, the U.S. audit, tax and advisory firm.
The 2013-2014 survey revealed that only 71 percent of respondents have a senior management advisory or steering committee in place, representing an increase from 65 percent in the 2011-2012 survey.
But more oversight is still required as about 30 percent of the respondents said that no such governance capability is present in their organization.
As there are different levels of BCM program maturity across organizations, business decision-makers have opportunities to improve through more effective governance and integration with other disciplines.
"Having a formal oversight function, like a steering committee, that is visible and provides guidance in the development and maturity of the BCM Program, is a key success factor for organizations that get BCM right," said Tony Buffomante, principal, Information Protection and Business Resilience at KPMG.
Findings of this study are based on a survey of 434 executives from more than 22 countries.
The research also found that 42 percent of organizations use International ISO 22301 to support their BCM program and 16 percent of organizations reported a high level of integration with all mission-critical third-party service providers.
A comprehensive analysis of the current state of BCM programs shows that 36 percent of organizations fail to address cyber terrorism in their BCM program and related plans despite a spike in cyber-related threats.
Organizations with steering committees (46 percent) are more likely to include cyber terrorism in their BCM program and related plans as compared to those that don’t have (32 percent).
"Cyber threats are a concern for many respondents, but more than a third still do not include them in planning," said Mike Janko, Manager, Global Business Continuity, The Goodyear Tire & Rubber Co. "Since cyber threats are reported by government officials as a top threat in 2014, those who choose not to include them in their strategy will need to be prepared to defend themselves if there is a loss of intellectual property, privacy issues and other related incidents."
Edited by Rory J. Thompson