BT 2014 Annual Report Download - page 54

Download and view the complete annual report

Please find page 54 of the 2014 BT annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 213

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213

51
The Strategic Report
Delivering our strategy
Delivering our strategy
Security and resilience
The volume of trac through our systems and networks is always
growing, and our customers tolerance of service interruption is
reducing as the world becomes increasingly dependent on information
technology. Expectations are even higher when we stream live
action through BT Sport. We have a responsibility to many millions
of customers, both business and consumer, to safeguard their
electronic information and to maintain the continuity of our services.
We also need to safeguard the availability and security of our own
data and intellectual property. This all requires the highest levels of
operational resilience and security, which can be threatened at any
time by malicious cyber-attacks, damage or theft of copper cable
and equipment, vandalism, sabotage, extreme weather, component
overload, loss of power and human error.
Impact
A breach of our security, or compromise of data or resilience aecting
our operations, or those of our customers, could lead to an extended
interruption to our services or even aect national infrastructure.
Such failure may lead to a loss of customer condence, termination of
contracts, loss of revenue, and lower cash generation through penalties
and unplanned costs of restoration and improvement. Additional
reputational damage and nancial loss may arise from a legal or
contractual failing such as breaching data protection or handling
requirements. Failure or interruption of data transfer could also have a
signicant adverse eect on our business.
Changes over the last year
The external cyber threat continues to rise, as shown by the amount
of data trac blocked by our malware lters and intrusion detection
systems, and by the number of attempts to disrupt the websites that
we manage. Criminal use of targeted phishing messages and other
deception techniques are seen as the fastest growing risk. Government
agencies around the world have raised their threat warning levels
for cyber-attacks as larger numbers of credit and debit card records
are reported stolen. In response, we have reinforced our cyber
defences and automated them wherever possible. We have stepped
up campaigns to educate and train our people in security awareness,
vigilance and regulatory obligations. Access rights to our premises,
systems and data continue to be closely monitored and restricted.
The replacement of equipment that is approaching the end of its
service life provides an opportunity to invest in new, more resilient
facilities. As new technologies allow us to rationalise our property and
systems estate, the need for greater fall-back capacity increases. A
comprehensive review of our disaster recovery capability is therefore
underway, focusing on our most critical systems, databases and
exchanges.
Risk mitigation
Our security strategy aims to prevent, deter and minimise the
consequences of attacks. Our defences include physical protection
of our assets, encryption of data, control of access rights, real-time
analysis and sharing of intelligence, and continuous monitoring for
intrusion, modications and anomalies. We can rapidly adjust rewalls
to automatically block most malicious data trac. Our resilience
stems from a combination of formal business continuity planning,
well-tested, rapid and exible responses and a widely distributed
network with inherent spare capacity. We have a rolling programme
of major incident simulations to test and rene our crisis management
procedures. Together, these measures reduce the likelihood of a major
incident and ensure that any potential interruption or damage can be
contained and dealt with as quickly as possible.
Major contracts
We have a number of complex and high-value national and
multinational contracts. The revenue arising from, and the protability
of, these contracts are subject to a number of factors including
variation in cost achievement of cost reductions anticipated in the
contract pricing (both in terms of scale and time) delays in the delivery
or achievement of agreed milestones owing to factors either within
or outside our control changes in customers requirements, budgets,
strategies or businesses and the performance of our suppliers. Any of
these factors could make a contract less protable or even loss-making.
The degree of risk generally varies depending on the scope and life of
the contract and is typically higher in its early stages. Some customer
contracts require investment in the early stages, which is expected
to be recovered over the life of the contract. Major contracts often
involve the implementation of new systems and communications
networks, transformation of legacy networks and the development
of new technologies. The recoverability of these upfront costs may
be impacted by delays or failure to meet milestones. Substantial
performance risk exists in these contracts.
Impact
Failure to manage or meet our commitments under these contracts,
as well as changes in customers requirements, budgets, strategies or
businesses, may lead to a reduction in our expected future revenue,
protability and cash generation. Unexpectedly high costs associated
with the delivery of contracts could also negatively impact protability.
We may lose revenue due to the merger, acquisition or business failure
of customers, or due to contract termination, and contracts may
therefore become loss-making. Failure to replace the revenue and
earnings lost from those customers could lead to an overall reduction in
group revenue, protability and cash ow.
Changes over the last year
Tough market conditions and increased competitive pressures continue
to persist in many global regions. In some regions we are experiencing
higher growth in volume of business due to previous investments. This
changes the risk landscape and the focus of risk support and review.
In the year, the increasing number of broadband delivery contracts
with local authorities through the BDUK programme is of particular
note. While these contracts carry a dierent risk prole from our other
major contracts, we are applying our established risk governance and
reporting processes to ensure that any risks and mitigation activities
are identied and reported to management.
Risk mitigation
We have a group-wide risk governance and reporting framework and
line of business local governance and risk management processes
to track key risks and mitigation activities. This governance has
been enhanced through the establishment in BT Global Services of
a Contract Centre of Excellence, an additional Contract Compliance
Function, and a Contract Bid Governance Board. Assurance is also
provided through independent audits and at an individual contract
level through an independent review programme. Progress on risks and
mitigation actions agreed at such independent reviews are monitored
and reported to relevant senior managers to ensure progress can be
tracked.
Development programmes are in place to improve our peoples skills
and ability to identify and manage risk and to ensure learning from
previous experience is passed on in training programmes. The scope
and availability of training opportunities continues to improve in line
with BT-wide learning and development initiatives.
Our principal risks