But which disruptions are most common and what are the consequences? The answers might surprise you.
We asked 500 C-suite respondents at US companies with 500+ employees about the crises their businesses have faced. They chronicled both the disruptions and the aftermath, from lost customers and damaged reputations to lost data and increased technology spend.
The results should be a wake up call for all organisations of the need to prepare to weather any of these disasters and ensure their business is truly resilient.
The biggest threats to businesses in 2019
According to respondents, the biggest threat is an IT outage.
Some 40% of respondents said an IT outage was most likely to threaten their business in 2019, the highest percentage of any of the threats. Close behind, with 36%, was cyberattacks, followed by data corruption/loss at 27% and network failure at 24%.
While cyberattacks earn a lot of attention, more companies are concerned about an IT outage. According to our own data on disaster declarations, power outages were the top reason organisations declared a disaster in 2018. Hardware failure was the third most common reason for the second year in a row. Among the 10 major airline outages in 2018, half were caused by computer outages, hardware issues, or technical issues with computer systems.
Cyberattacks, however, are a persistent concern. Unfortunately, organisational leadership is divided over how severe the threat might be. Some 52% of CIOs and CTOs think cyberattacks are the most likely crisis to threaten their business in 2019, while only 30% of CEOs said the same.
These are the threats that organisations are most concerned about this year, but how many have actually experienced these different types of disaster?
How common are cyberattacks, IT outages and other issues?
Matching up almost exactly to their fears for 2019, many organisations experienced multiple IT outages, cyberattacks and data losses in the last 12 months. Some 42% of respondents have experienced 1-4 IT outages in that period, while only 36% have experienced 1-4 cyberattacks.
The least likely crisis to affect businesses in the past year seems to be natural disasters. Some 40% said their company hasn’t experienced any natural disasters in the past 12 months. Another 30% experienced between 1-4 natural disasters.
While the portion of organisations experiencing natural disasters falls far short of those experiencing IT outages, the fact that a third of companies have faced 1-4 disasters in the past year suggests every company would do well to review its plan in the face of hurricanes, flooding, and other natural disasters. Failing to do so can put their data at risk, among other consequences.
Data loss is the biggest consequence for a number of crises
Looking at the impacts of different crises, one stands at the top of the list for nearly every issue: data loss. Around a quarter of organisations reported data loss from a number of disasters, from cyberattacks and natural disasters to IT outages and network failures.
Some 27% of organisations said they lost data following an IT outage, 26% after network failure and 24% following cyberattacks. After a natural disaster, 23% of respondents experienced data loss.
The secondary consequences were more variable. Following a cyberattack, organisations experienced increased technology expenditures (23%) and loss of customers (19%). IT outages created a negative impact on brand reputation (22%) and increased technology expenditures (19%). After a natural disaster, resignation of the CEO (22%) and temporary relocation of staff and operations (22%) were the next most common impacts after loss of data.
What this means for your organisation
Sometimes the disasters that get the biggest billing in the news and might seem to be most common affect fewer organisations than it might seem. At the same time, more mundane disasters like IT outages can happen more frequently and with just as serious — if not more serious — consequences.
Nevertheless, all predictions point to both natural disasters and cyberattacks increasing in frequency. So while the data over the last 12 months suggest your organisation is more likely to be hit by an IT outage than a natural disaster, it doesn’t mean you should ignore a less-common threat. More and more, resilience is imperative, and it’s time to take a discerning look at whether and how quickly you can bounce back from a disaster.