Skip navigation

A decade of living dangerously – this year’s CMI BCM report

24 March 2009

This year's annual report on Business Continuity Management from the Chartered Institute of Management (CMI), supported by the UK Cabinet Office, makes for interesting reading. The report called 'A decade of living dangerously - Business Continuity Management' presents the findings of research conducted in January 2009 by the CMI. 15,000 CMI members were surveyed and 1,012 responses were received. The PDF of the full report can be downloaded from the Chartered Institute of Management.

The 2009 survey is the tenth report in the series. The CMI's first survey on BCM was conducted in 1999. It was repeated in 2001 and has been published annually since then. A particular influence on this year's report is the importance of the supply chain to organisations' BCM. This was highlighted in the increasing role of the BSIs standard BS 25999.

Role of BS 25999

The report recommends that all organisations have a robust and proportionate approach to BCM. Organisations need to act to ensure resilience in the parts of their business that are essential to ensuring continuity of operations. It also recommends that organisations conduct assessment and benchmarking of their BCM using dedicated guidelines or standards and that BS 25999 provides a basis for such an assessment. Further, that BCM should be used more extensively throughout supply networks, in particular with essential suppliers and outsourced providers.

It is important to check whether suppliers have exercised their BCM and plans should be verified and audited where possible. BS 25999 was designed to support BCM assurance throughout the supply chain. The survey asked how those who require outsource partners or suppliers to have BCPs verify those plans.

  • 19% accept a statement from the supplier/partner in question
  • 18% take the more active step of examining the supplier/partner's BCP
  • 10% are involved in the development of the supplier/partner's BCM
  • 8% use a third party audit
  • 6% assess their supplier's or partner's plans against BS 25999.

Report highlights

BS 25999

39% of respondents who have business continuity plans are aware of BS 25999, the internationally recognised British Standard for Business Continuity, which provides a basis for understanding, developing and implementing business continuity within an organisation. Of these respondents, 74% intend to use the standard in some form.

More widespread adoption of business continuity management

The number of organisations with specific business continuity plans covering their operations has increased slightly to 52%, compared to 47% in 2008. This is the highest score ever recorded by the survey.

Organisations remain complacent about continuity

Despite the more widespread adoption of BCM, the percentage of managers reporting that continuity is regarded as important in their organisation has fallen over the past year from 76% to 64%. It is thought that this may be due to the current financial situation.

Identifying risk

Electronic attack and human disease such as pandemic influenza are the two greatest concerns facing organisations, identified by 58% and 57% respectively.

Influenza pandemic planning

Despite recognising the threat posed by diseases such as influenza, 53% of organisations still have no plans to help them cope during a pandemic.

Most common disruptions

Over the past year, 40% of organisations suffered disruption due to a loss of IT. Other key sources of disruption were extreme weather, loss of people, loss of telecommunications, and utility outages.

Reliability of plans

Over two thirds of organisations rehearse their business continuity plans, suggesting a growing acceptance of the evidence that rehearsals are crucial to ensure the effectiveness of planning. 75% of those who had exercised their plans said that the exercises had revealed shortcomings.

Remote working

Around half of respondents (53%) report that they could continue to work to a great extent by working remotely in the event of a disruption.

Key drivers

Corporate governance (47%) remains the most prominent driver for organisations implementing or changing their business continuity management. Central government (33%) is another key driver. There continues to be evidence that business continuity planning is being driven through the supply chain through public sector procurement contracts (23%) and by the demands of existing customers (32%) and potential customers (19%).

Some further observations

Only 6% of small organisations were aware of BS 25999, and only 14% were aware of BCM guidance provided by their local authority. This suggests a need to further promote awareness of BCM amongst small firms.

The 2009 survey also examined which of the risks identified by the Government on its National Risk Register are of particular concern to managers. The risks ranked highest were electronic attacks (58%) and human disease, such as pandemic influenza (57%).

Want to comment? Post a message on the Talking Business Continuity Forum.

You'll find free BCM resources and links to publications in Useful Business Continuity Management resources. There are links to Business Continuity training courses and advice on getting certified to BS 25999, the internationally recognised standard for Business Continuity Management.

Email Newsletter

Subscribe to our newsletter Subscribe to our newsletter to receive the latest Business Continuity Management news and information.

Training courses

View our BCM training courses View our Business Continuity training courses offered worldwide. These cover every aspect of BS 25999, the world's first British standard for BCM.
Feedback Form