There is no escaping it. Cyber security is no longer something that can just be passed to the IT department to deal with. Managing the risk is a team effort – from the frontline to the boardroom. This is a guide for members of the latter.

On the importance of being covered for IT downtime

The 2025 Business Continuity Awards are open for entries. Celebrating achievement in business continuity, security and resilience, the Business Continuity Awards are the most anticipated and celebrated event in the business continuity calendar, providing unrivalled networking, alongside a night of entertainment and celebration.

There are no shortcuts for buyers of governance, risk and compliance tools, who must navigate a complex and time-intensive process to identify and select the right tools for their businesses. This is the conclusion drawn by Gartner in its latest analysis of the GRC market, published this week.

This decade looks set to be unlike any other in recent history. A short time after the world emerged from the Covid-19 pandemic, armed conflict erupted in Europe for the first time since World War II, and a major war flared up in the Middle East. At the same time, hostilities have escalated between both autocratic and ostensibly democratic nations, creating tensions around the world. As we explore in this issue of the magazine, so-called high-impact, low probability events are in fact a lot more likely than they once seemed.

Over half of organisations were impacted by cyber threats in the past 12 months with a significant number of incidents leading to job losses, according to research by Databarracks. Of 500 UK IT, resilience and cyber security professionals surveyed, 37% reported that cyber attacks resulted in dismissals.

The average probable maximum loss from a cyber event targeting intangible assets is 43% higher than the anticipated PML for tangible assets. This is amongst the findings of Aon’s 2024 Intangible versus Tangible Risks Comparison Report, which points to an insurance gap in EMEA, where 54% of businesses experienced a material security threat or data breach at least once in the past 24 months.

The NHS has issued an Amber Alert over a shortage of blood supplies following the recent cyber attack on Synnovis. An Amber Alert is a part of the NHS’s business continuity plan for blood stocks that triggers hospitals to implement their emergency measures to minimise usage; move staff to laboratories to vet the use of all O type blood; and use patient blood management systems to minimise use of O type blood.

The 26th annual Business Continuity Awards took place last week at the London Marriott Grosvenor Square. Congratulations to all our finalists and especially to Business Continuity Resilience Manager of the Year, James Parrish from London Stansted Airport, Newcomer of the Year, Adam Bartlett from Virgin Atlantic...

Technology and business resilience specialist, Databarracks, has secured a growth finance facility from Allica Bank to help fuel its further expansion.

Facilities management company, Mitie, has achieved ISO 31000:2018 certification, the international standard that validates organisations’ guidelines and principles for risk management.

With four months remaining until the deadline for implementation, EU member states are being urged to finalise their preparations for compliance with the new Network and Information Security Directive.

The 10th May saw an historic in-person event with our East African, Nigerian, Zimbabwe and South African Groups for ‘IRM’s Strategy for the African continent’ combined with the institute’s maiden board visit to Kenya. Set against this backdrop, the meeting offered a unique opportunity for around 150 senior-level professionals specialising in risk, quality assurance, compliance, audit and accounting to convene.

Technology and business resilience specialist Databarracks has acquired Glasgow-based PlanB Consulting. Customers of the combined business can now benefit from a full suite of end-to-end operational resilience services. from data protection, disaster recovery, business continuity and incident response, through to cyber incident exercising.

The Institute of Risk Management is embarking on a significant milestone in its globalisation strategy with a forthcoming board visit to Kenya. The purpose of this visit is to showcase the strategic commitment of the IRM and the East Africa Regional Group to the risk management profession in Africa.