BT 2015 Annual Report Download - page 45
Download and view the complete annual report
Please find page 45 of the 2015 BT annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.43
Overview
The Strategic Report
Purpose and strategy
Delivering our strategy
0ur lines of business
Group performance
Governance
Financial statements
Additional information
Changes over the last year Risk mitigation
n the past ear we have had to deal with an unprecedented increase in
the volue and intensit of cber attacs. e recorded ore top priorit
incidents in the last three onths of 01 than were eperienced in the
previous two ears. he attacs were aied not ust at but also at our
custoers with the potential to disrupt others and cause collateral daae
to services.
ollowin a coprehensive review of the resilience and disaster recover
capabilit of our critical sstes databases and echanes we have
invested in enhancin site resilience based on our taret levels of acceptable
ris. e have also invested sinificantl in eo-resilience ie cross-site
recover for our critical sstes where this did not previousl eist and
have alread seen a return on this investent throuh sealess failover and
continuit of service durin planned and occasionall unplanned outaes.
e anae the ris of service interruption throuh a robust control
fraewor that focuses first and foreost on prevention supported b
tried-and-tested recover capabilities. e have also undertaen a lare-
scale estate resilience prorae durin the ear throuh which we have
continued to invest in developin our resilience and recover capabilities in
instances where the ris has been shown to eceed acceptable levels for us.
e have a rollin prorae of aor incident siulations to test and refine
our crisis anaeent procedures. n intensive focus on controllin the
volue of networ chanes has also reduced the nuber of incidents.
he replaceent of euipent that is approachin the end of its service life
has provided opportunities to invest in new ore resilient facilities. e also
benefit fro havin eoraphicall-distributed locations that support cross-
site recover avoidin the need to invest in new sites ust for this purpose.
ur securit strate ais to prevent deter and iniise the conseuences
of attacs. ur defences include phsical protection of our assets
encrption of data control of access rihts real-tie analsis and sharin
of intellience and continuous onitorin for intrusion odifications
and anoalies. e can rapidl adust firewalls to autoaticall bloc ost
alicious data trac. hese easures cobine to reduce the lielihood
of a aor incident and help ensure that interruption or daae can be
contained and dealt with proptl and eectivel.
n response to the increased cber threat we have strenthened our
defences invested in new tools techniues and sills to onitor threats
and increased our capacit to deal with attacs. e have also started a aor
prorae to restructure our estate to ae it uicer and easier to
anae the incidents when the occur.
ouh aret conditions and copetitive pressures continue in an
lobal reions while in soe we are eperiencin hiher rowth in volue
of business due to previous investents we have ade. he ris landscape
chanes accordinl as does our focus of ris support and review.
f particular note this ear has been the nuber of broadband contracts
with local authorities throuh the UK prorae now enterin the
deliver phase of the contract lifeccle. hile these contracts carr a
dierent ris profile we appl our established ris overnance and reportin
processes to ensure that riss and itiation activities are identified and
reported to anaeent.
ur roup-wide ris overnance and reportin alon with line of business
local overnance and ris anaeent processes provide the visibilit of
e ris and itiation activities. ssurance is provided via independent
audits and at an individual contract level throuh an independent
review prorae based on ultiple selection criteria or b senior
anaeent reuest. roress on riss and itiation actions areed at
these independent reviews are onitored and reported to relevant senior
anaers to ensure proress can be traced. separate dedicated tea
provides assurance over our UK prorae.
e have sills developent proraes to enhance the abilit of our
people to identif and anae ris and to ae sure learnin fro previous
eperience is included in trainin aterials. he scope and availabilit of
trainin opportunities continue to row in line with -wide learnin and
developent initiatives.