From theory to practice The value of exercising

From theory to practice: The value of exercising, training and awareness in building resilience. Gianluca Riglietti, CBCI Research & Insight Manager, BCI 11/01/17 The Business Continuity Institute 1 1

Today’s agenda • Introduction • Emergency communications preparedness • Supply chain preparedness • Trend analysis • Cyber preparedness • Key takeaways 11/01/17 The Business Continuity Institute

What is the BCI? • • A global membership and certifying organization for business continuity and resilience professionals Member-Owned, Not-for-Profit Professional Association • Established in 1994 in the United Kingdom • Chapters: Asia, Australia, Canada, Japan, Nordic, South Africa, Switzerland United States • Over 8, 000 members in more than 120 countries working in an estimated 3, 000 organizations in private, public and third sectors • Our membership grades provide assurance of technical and professional competency 11/01/17 The Business Continuity Institute Over Members in 124 8, 000 members countries 10 Chapters and over 50 local forums 150 Partner organizations 3

Exercising emergency communications plans 11/01/17 The Business Continuity Institute 4

Exercising your plan Organizations exercising Organizations not their plans exercising their plans Organizations activating their emergency communications plans within one hour 11/01/17 90% The Business Continuity Institute 66% 5

Training and education programmes 11/01/17 The Business Continuity Institute 6

Training and education Organizations without training and education programmes Organizations activating their emergency communications plans within one hour 91% 11/01/17 The Business Continuity Institute 80% 7

Exercising in the supply chain Organizations running exercises among their suppliers Organizations not having 21% full visibility of their supply chain disruptions 11/01/17 The Business Continuity Institute Organizations not validating their suppliers’ plans in any way 38% 8

Top management buy in Organizations with high top management commitment 11/01/17 Organizations running exercises among their suppliers Organizations not validating their suppliers’ plans in any way 44% 24% The Business Continuity Institute 9

Longer term trend analysis 11/01/17 The Business Continuity Institute 10

Longer term trend analysis 11/01/17 The Business Continuity Institute 11

Detection 11/01/17 The Business Continuity Institute 12

Response 11/01/17 The Business Continuity Institute 13

Cyber disruptions 11/01/17 The Business Continuity Institute 14

Exercising your cyber detection plans Organizations exercising their plans and conducting awareness-raising initiatives Organizations detecting a 88% cyber incident within 24 hours 11/01/17 The Business Continuity Institute Organizations not validating their plans 77% 15

Exercising your cyber response plans Organizations exercising their plans and conducting awareness-raising initiatives Organizations responding 40% to a cyber incident within one hour 11/01/17 The Business Continuity Institute Organizations not validating their plans 23% 16

Business continuity arrangements 11/01/17 The Business Continuity Institute 17

Case study: Tesco Bank 11/01/17 The Business Continuity Institute 18

Key takeaways • Preparedness is key to ensuring resilience • Training can help make staff familiar with the organization’s response plans • Exercising plays a vital role in embedding the plan • Trend analysis allows a better visibility of the threat landscape • Figures show the clear benefits of following best practice. 11/01/17 The Business Continuity Institute 19

Thank you 11/01/17 The Business Continuity Institute 20