![[BCM] [BB] Legal Disclaimer Banner](https://no-cache.hubspot.com/cta/default/3893111/70ed0497-3a94-4c95-a89b-4673ac7382f5.png)
![Banner [BCM] [E3] [RAR] [T1] List of Threats](https://no-cache.hubspot.com/cta/default/3893111/65957ea5-03c3-451d-aabe-bbf23d32c897.png)
Notes for BCM Institute's Course Participants: This is the template for completing the "Part 1: RAR – List of Threats."
Part 1: RAR – List of Threats
Introduction
As a fully digital bank operating across Malaysia, Boost Bank Malaysia must proactively identify and assess a comprehensive range of threats that could disrupt its operations.
Part 1 of this Risk Assessment and Review (RAR) outlines the various internal and external threats that could adversely affect the bank’s ability to deliver services, protect customer data, and maintain regulatory compliance.
Given Boost Bank’s dependence on technology infrastructure, third-party service providers, and its nationwide digital presence, the threats covered include both traditional and emerging risks.
These threats are categorised into five main areas: Denial of Access – Natural Disaster, Denial of Access – Man-made Disaster, Unavailability of People, Disruption to the Supply Chain, and Equipment and IT-Related Disruption.
This section provides a detailed breakdown of threat types within each category, offering clear descriptions and analyses of their potential impact at both the national (Malaysia) and organisational (Boost Bank) levels.
The goal is to establish a risk-informed foundation for resilience planning and business continuity strategies that align with the bank’s operational environment and regulatory obligations.
The table of potential threats to Boost Bank Malaysia, based on BCMpedia’s RAR 1‑1 framework.
It maps each Category of Threats to specific Types of Threats, with descriptions and relevance at both the national (Malaysia) and organisational (Boost Bank) levels.
Table R1: List of Threats
|
Category of Threats |
Types of Threats |
Description |
Country Level (Malaysia) |
Organisation Level |
|
Denial of Access – Natural Disaster |
Flood, Flash Flood, Cyclone/Typhoon, Haze/Smog, Lightning, Heat Wave, Earthquake Tremor |
Natural phenomena that impede physical access to facilities or major infrastructure. |
Malaysia is prone to seasonal floods (especially in Borneo/Malaysia peninsula), occasional offshore tropical cyclones, and haze from regional biomass burning. Earthquakes are less frequent but possible. |
Flooding or storms could disrupt access to operations centres or critical infrastructure; haze can affect staff health and mobility. |
|
Denial of Access – Man-made Disaster |
Fire (wild/rural/urban), Bomb Threat/Explosion, Terrorism, Power Outage |
Human-induced incidents that prevent access to facilities or services. |
Urban fires in densely populated districts, as well as regional terror or bomb threats. Power outages in vulnerable areas of grid stability. |
Fire or bomb threats at offices or data centres could halt operations. Power cuts without backup could cause system downtime. |
|
Unavailability of People |
Pandemic, Heat Wave (health-related), Haze (health), Terrorism (stress/injury) |
Situations impairing the availability or safety of staff. |
Malaysia has suffered haze-related health impacts, heatwaves, and pandemic vulnerabilities (e.g., COVID-19). |
Staff may be unable or unwilling to report to work due to illness, health advisories, or fear of threats. |
|
Disruption to the Supply Chain |
Transport Disruption (flood, storm), Utility Disruption (power, water), ICT/Telecom outages |
Interruption of external services or logistics necessary for operations. |
Nationwide risk from floods, storms, or haze affecting transport and utilities. Telecom link outages are possible due to cable damage. |
Disruption to hardware/software deliveries, cash logistics, and infrastructure support could impede service delivery. |
|
Equipment and IT-Related Disruption |
Power Outage, Network Outage, Hardware Failure, Cyber-Attack, ICT Failure |
Failures or disasters affecting systems, networks, or equipment—natural, accidental, or malicious. |
Malaysia’s evolving cyber risk landscape, occasional network outages or grid issues. Regional cyberattacks threaten digital banking systems |
System outages or cyberattacks could disrupt digital services, harm reputation, or violate compliance. Hardware failures (e.g. servers, connectivity) could prevent transactions. |
Notes & Insights
- Floods, haze, power outages, and cyber threats are especially relevant at both the national level (common in Malaysia) and the organisational level (inhibiting operations or staff safety).
- Terrorism, bombs, urban fires or extreme weather are less frequent but high-impact risks that deserve preparedness planning.
- Emerging digital threats such as cyberattacks, cloud failures, and telecom outages are crucial to a digital bank’s resilience.
![Banner [Table] [BCM] [E3] [RAR] [Summing Up] [T1] List of Threats](https://no-cache.hubspot.com/cta/default/3893111/d4dc8faf-623d-4f0d-acf8-26776beec0f4.png)
Understanding and categorising threats is a critical first step in Boost Bank Malaysia’s business continuity planning process. The threats identified in this section highlight the diverse risks posed by natural disasters, human-made incidents, staff unavailability, supply chain vulnerabilities, and technological disruptions.
As a digital-first financial institution, Boost Bank must remain vigilant against both conventional and digital-era risks, such as floods and cyberattacks.
This risk profile serves as a foundation for conducting a Business Impact Analysis (BIA), designing appropriate recovery strategies, and ensuring timely incident responses.
By maintaining an up-to-date and realistic view of the threat landscape, Boost Bank can enhance its preparedness, minimise service disruption, and uphold customer trust and regulatory compliance in the face of adversity.
.
More Information About Business Continuity Management Courses
To learn more about the course and schedule, click the buttons below for the BCM-300 Business Continuity Management Implementer [BCM-3] and the BCM-5000 Business Continuity Management Expert Implementer [BCM-5].
![Register [BL-B-3]*](https://no-cache.hubspot.com/cta/default/3893111/ac6cf073-4cdd-4541-91ed-889f731d5076.png)
![FAQ [BL-B-3]](https://no-cache.hubspot.com/cta/default/3893111/b3824ba1-7aa1-4eb6-bef8-94f57121c5ae.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
