Ten Business Continuity Trends to Watch in 2024

The first bulletin of the year highlights some trends that Charlie thinks will show up this year, and he gives some advice to organisations on how to be prepared for these.

Happy New Year to all readers! I hope you were able to have a good break. This is the time of year to look forward to 2024 and examine what the year might offer. I always think it is the brave person who makes predictions of what will happen, but in this bulletin, I will identify what I think are the ten trends we as business continuity people should be aware of and watch out for.

1. Permacrisis: Although it was the Collins Dictionary’s word of the year for 2022, “permacrisis” will continue to affect all of us in 2024. Already this week, we have seen flooding in the south of England and the assassination of Hamas leader Saleh al-Arouri in Beirut. Crises one after the other are likely to continue. I think we need to be conducting horizon-scanning to see how new events and existing events worldwide, such as the conflict in the Middle East, will affect our organisation.
2. Cyber Incidents Continue, But With Less Lockout of Files: According to a number of articles I have read, the encryption of an organisation’s files is the most complex of ransomware attacks to achieve by attackers. It is easier to exfiltrate files and then threaten to release them if a ransom is not paid. We need to make sure that our plans take this into account and that crisis teams have practice dealing with a situation where they have lost data.
3. Map and Then Monitor Our Supply Chain: Although the price of shipping goods has been going down, the attacks by the Houthis from Yemen are forcing ships to go via the horn of Africa, increasing costs and time to market. This may have an impact on your supply chain and the cost of shipping.
4. Climate Change Awareness: According to the Met Office, 2023 was the second warmest year on record, so we could have another year of extreme weather this year with extreme temperatures, weather, and wildfires. Just because a weather-related event has not happened before, we should still revisit our exposure to climate-related events.
5. Changes in Work From Home: This is a trend for some organisations to encourage their staff to come back to the office. Business continuity plans need to take into account the impact of more people working in offices and ensure that work from home capabilities developed over COVID are not lost. The impact of the loss of the building may need to be revisited.
6. AI Impact: The impact of AI will continue to accelerate, affecting jobs, ways of working, and processes. So far, there has not been a great impact on business continuity processes and delivery. As business continuity is a niche activity, there will not be a huge change or investment in automating our profession, but clever practitioners will make use of general AI tools and tools developed for non-business continuity purposes, and adapt them.
7. Cloud and SaaS Solutions: Lots of our organisations are moving our IT to the cloud or using a diverse set of SaaS solutions, all of which are critical to our organisation’s delivery of services. As practitioners, I think we should better understand the risks and issues associated with incidents involving the cloud and SaaS.
8. Regulatory Compliance and Insurance: Regulatory requirements for business continuity and data privacy may become stricter and further enforced. Organisations will need to ensure their plans, planning, and risk management comply with relevant regulations and mitigate financial losses from disruptions.
9. Policy Change: According to The Economist, 2024 will be the biggest year in history for elections, with over 4 billion people having the opportunity to cast their vote. Changes in government will lead to new policies, which could have organisational and supply chain impacts, and there could be violence around the time of the election.
10. Exercise and Training: The requirement for training and exercising is on the rise, with many organisations, as part of their compliance requirements, ensuring that their senior managers are trained and practised at responding to incidents. Organisations should be considering two to three short exercises alongside a more extended annual exercise, to ensure that they are ready to respond to many of the issues outlined above.

Perhaps we can revisit these at the end of 2024 and see how these trends have fared!