Skip to content
English
Back to adoptech.co.uk
  • There are no suggestions because the search field is empty.

What are common BCP Threats to an SME 

Business Continuity Planning: Common Threats (excluding technology) 

Overview

Business Continuity Planning (BCP) helps organisations prepare for, withstand, and recover from events that could disrupt normal operations. While many software companies focus their BCP on information security risks - such as data breaches, cyber-attacks, or system outages and plan disaster recovery for those, there remain several non-infosec threats that can significantly impact business continuity.

This article outlines the most common non-cyber threats relevant to an SME, including environmental, operational, people-related, and third-party risks. These threats can be used to broaden the scope of an existing BCP and support more comprehensive continuity planning.

1. People-Related Threats

1.1 Loss of Key Personnel

  • Sudden departure or long-term absence of critical staff (e.g., CTO, lead engineer, security lead)

  • Impact includes delays in development, incident response capability gaps, or inability to support customers effectively.

1.2 Wide-Scale Staff Unavailability

  • Illness outbreaks (e.g., flu, COVID etc).

  • Industrial action affecting commuting.

  • Childcare or transport disruptions following major public incidents.

1.3 Workplace Harassment, Violence, or Insider Misconduct

  • Situations requiring immediate removal of individuals or closure of office space for investigation.

2. Physical Site & Facility Threats

2.1 Loss of Office Premises

Particularly relevant if located in large cities, where companies may be based in shared offices or high-rise commercial buildings.

  • Fire, smoke damage, or localised building failures.

  • Gas leaks, water leaks, or flooding in the building.

  • Evacuation due to security threats in surrounding areas.

2.2 Utility Failures

  • Power outages affecting office productivity.

  • Water supply failures.

  • Heating/ventilation (HVAC) outages that render the office unsafe or unusable.

2.3 Access Restrictions

  • Closure of building due to landlord issues, structural defects, or emergency maintenance.

  • Police cordons or public order incidents preventing access to key areas in London.

3. Environmental & Natural Threats (UK-Specific)

3.1 Severe Weather

  • Snow and ice affecting travel and staffing.

  • Storms causing public transport closures or power disruptions.

  • Heatwaves causing office cooling failures.

3.2 Flooding

  • Cities such as London located on a river are at risk due to heavy rain or tidal influence.

  • Localised street or basement flooding preventing access to workspace.

3.3 Air Quality Events

  • Wildfire smoke drift (rare but increasingly possible).

  • Industrial accidents affecting air quality or requiring shelter-in-place.

4. Operational & Supply Chain Threats

4.1 Failure of Critical Third-Party Services

  • Office broadband or telecom outages.

  • Postal/courier disruptions impacting hardware deliveries or customer fulfilment.

  • Managed office closure or landlord insolvency.

4.2 Supply Chain Disruptions

Relevant for companies dependent on hardware or equipment:

  • Shortages of laptops or networking equipment.

  • Delays in onboarding new staff due to procurement issues.

4.3 Business Process Failures

  • Ineffective internal processes leading to missed regulatory deadlines.

  • Failure of customer support operations (e.g. outsourced call centre problems).

5. Financial & Corporate Threats

5.1 Supplier or Partner Insolvency

  • Important for companies relying on specialist service providers (e.g. payroll, HR, design, legal).

5.2 Cashflow or Funding Problems

  • Sudden budget constraints impacting staff retention, product development, or ability to continue operations.

5.3 Legal or Regulatory Actions

  • Investigations, lawsuits, or compliance breaches requiring operational pauses or reallocation of staff.

6. Public Safety & City-Wide Events

6.1 Major Transport Disruptions

  • Tube strikes, train cancellations, or major accidents impacting staff availability.

  • Closure of stations or bus routes during significant public events.

6.2 Terrorist Incidents or Security Alerts

  • Cities remains a key location where threat levels and police response can impact business districts.

  • Area lockdowns or advice to avoid travel.

6.3 Major Public Demonstrations

  • Protests near offices that restrict building access or create safety concerns.

7. Pandemics & Health-Related Threats

7.1 Local or National Health Emergencies

  • New viral outbreaks leading to staff illness or government restrictions.

7.2 Mental Health Challenges

  • High stress or burnout impacting team capacity.

8. Reputation & Client-Facing Operational Threats

8.1 Negative Media Coverage

  • Issues unrelated to security, for example, leadership controversies, ESG matters, or workplace culture issues that affect customer trust.

8.2 Product or Service Delivery Failures

  • Bugs, outages, or poor service caused by process issues rather than security incidents.

9. Recommended Enhancements to a Broader BCP

Use categories such as People, Facilities, Operations, Supply Chain, and External Events. Remember to still include the Business impact analysis, communication plans, recovery playbooks.

For organisations even those just supplying software - business continuity threats extend beyond information security. A robust BCP should recognise people, environmental, operational, supply chain, and external location specific threats. By broadening the scope of the plan, companies can better maintain service delivery during unexpected events and strengthen overall resilience.