The latest and greatest from Sungard AS



/ 0


How well do you evaluate risk?

16th May 2017

Chris Butler, principal consultant, Sungard Availability Services poses these questions….

With Business Continuity Awareness Week underway, here’s a quick quiz to test your risk awareness. Are you sitting comfortably?

Here goes:

  1. What inflicts a higher death toll than shark attacks?  You may be surprised to know the answer is, in fact, cows[1].
  2. My next question: what are more Americans likely to be killed by than a terrorist? According to the statistics, it is a toddler[2] – due to liberal gun laws.
  3. And finally, what causes injuries that cost the NHS £40 million every year? The answer is the humble flip flop[3].

These are not ‘alternative facts’ – they are all true and my purpose in raising them is to illustrate an important point: human risk perception is notoriously flawed. The events that exercise and outrage us the most are the most unlikely to happen. Despite the shock news headlines and loss of life in the aftermath of March’s Westminster car ramming and stabbing attack, the reality is we are more likely to be felled by some form of health-related condition or an accident than be caught up in terrorism.

Statistically, far more people die in hospitals or on the roads than in aeroplane crashes yet it is the latter that hits the news. Consequently, our perception is of a risk-averse “health-and-safety-gone-mad” world.

So, what then are the real risks to business today?

  • Reputational damage This need not necessarily be caused by a fatal accident and ecological disaster like the Deepwater Horizon oil spill after which BP’s reputation and ability to bid for new contracts plummeted following its mishandling of crisis communications. As KitchenAid found to its cost, an employee inadvertently sharing a tasteless joke on the company Twitter account instead of his/her personal handle also has the potential to do damage. (To its credit, the company responded with a swift, credible apology and explanation within eight minutes of the tweet appearing – an excellent example of good crisis communications).
  • Communications failures Our own invocation statistics confirm that, communications failures share equal first place with hardware and power failures as the leading reason for customers invoking their recovery arrangements with us. This was the cause of just over a fifth (21%) of all invocations in 2016
  • Weak links in the supply chain It may be an oldie, but our digital age makes it no less true than before; an organisation is only as strong as its weakest link and it is vulnerable to any shortcomings in its third-party ecosystem – that is vendors, partners, contractors and suppliers – which can have serious consequences. In 2016, supply chain failure meant Nando’s, whose menu is centred around chicken dishes, ran out of chicken over the New Year bank holiday weekend, resulting in ridicule and thousands of furious customers[5].
  • Compliance with new legislation Looking specifically at the General Data Protection Regulation (GDPR), an organisation’s readiness to adapt to the new challenges of data privacy and reduced tolerance for data breaches represents both an opportunity and a threat. We expect data breaches to increase this year as hactivists or blackmailers expose data privacy failings, leading to GDPR non-compliance issues.

And, of course with Cyber Security – the theme of this year’s BCAW – there is the ongoing and growing threat posed by:

  • Malware Home Depot took six months to discover malware had been installed that allowed hackers to steal the data of 56m customers before the breach was identified. Making a bad situation worse, it transpired that the management’s attitude towards staff raising concerns over poor information security was “We sell hammers”.
  • Cyberattacks Hackers were able to gain entry to French media organisation TV5Monde and take down its social media, websites and emails. The reconnaissance took place over an estimated five months before the attack was launched and it was over two hours before the station regained some control. Overall, 12 TV channels were taken off-air for 18 hours.

Closer to home, Tesco suffered the largest cyberattack ever on a UK bank with some £2.5m stolen from 9,000 people[6]. Quite apart from the reputational damage, Tesco could face a theoretical fine under the EU’s imminently enforceable General Data Protection Regulations that could be as high as £2bn. The financial sector is four times more likely to suffer a cyberattack than other sectors and in 2016 there was a 40% increase in cybercriminal activity targeting the financial services industry[7].

  • Ransomware This continues to increase with the FBI estimating it will become a $1bn industry this year[8]. However, its ‘success’ is largely due to the human factor. Social engineering and phishing are two of the criminal methods that hinge on poor personal behaviours or lack of awareness in the individual.

While many think the elderly are more vulnerable, they are by no means the only target. Younger people may be tech-savvy but they are also more inclined to be more trusting and unaware of the proliferation of threats and means of attack. With one in 20 Twitter accounts estimated to be a fake bot account, we should all be aware of the dangers posed by social media and sceptical of potentially fake sites offering too-good-to-be-true deals on the latest Raybans or tempting links on Facebook.

Despite increasing awareness of the cyberthreats, hazards and risks that abound, human frailties and impulses will continue to provide challenges to business leaders in 2017 and beyond. Educating the workforce has never been more important and the messages promoted in Business Continuity Awareness Week should continue to be hammered home in the other 51 weeks of the year.





[4] Sungard Availability Services Availability Trends Report 2016


[6] 8.11.16