[BCM] [Boost] [E3] [RAR] [T1] List of Threats

Safeguarding Digital Finance: Boost Bank's Approach to Business Continuity Management

[Risk Analysis and Review] [Template 1]

Bann_BCM_RAR_List of Threats

Risk Analysis and Review (RAR)

Part 1: RAR – List of Threats

Introduction

Red-alert dashboards As a fully digital bank operating across Malaysia, Boost Bank Malaysia must proactively identify and assess a comprehensive range of threats that could disrupt its operations.

Part 1 of this Risk Assessment and Review (RAR) outlines the various internal and external threats that could adversely affect the bank’s ability to deliver services, protect customer data, and maintain regulatory compliance.

Given Boost Bank’s dependence on technology infrastructure, third-party service providers, and its nationwide digital presence, the threats covered include both traditional and emerging risks. These threats are categorised into five main areas: Denial of Access – Natural Disaster, Denial of Access – Man-made Disaster, Unavailability of People, Disruption to the Supply Chain, and Equipment and IT-Related Disruption.

This section provides a detailed breakdown of threat types under each category, offering a clear description and analysis of their potential impact at both the national (Malaysia) and organisational (Boost Bank) levels.

The goal is to establish a risk-informed foundation for resilience planning and business continuity strategies that align with the bank’s operational environment and regulatory obligations.

The table of potential threats to Boost Bank Malaysia, based on BCMpedia’s RAR 1‑1 framework.

It maps each Category of Threats to specific Types of Threats, with descriptions and their relevance both at the national (Malaysia) and organisational (Boost Bank) levels.

Category of Threats	Types of Threats	Description	Country Level (Malaysia)	Organisation Level
Denial of Access – Natural Disaster	Flood, Flash Flood, Cyclone/Typhoon, Haze/Smog, Lightning, Heat Wave, Earthquake Tremor	Natural phenomena that impede physical access to facilities or major infrastructure.	Malaysia is prone to seasonal floods (especially Borneo/Malaysia peninsula), occasional tropical cyclones offshore, and haze from regional biomass burning. Earthquakes are less frequent but possible.	Flooding or storms could disrupt access to operations centres or critical infrastructure; haze can affect staff health and mobility.
Denial of Access – Man-made Disaster	Fire (wild/rural/urban), Bomb Threat/Explosion, Terrorism, Power Outage	Human-induced incidents that prevent access to facilities or services.	Urban fires in dense districts, as well as regional terror threats or bomb threats. Power outages in vulnerable areas of grid stability.	Fire or bomb threats at offices or data centres could halt operations. Power cuts without backup could cause system downtime.
Unavailability of People	Pandemic, Heat Wave (health-related), Haze (health), Terrorism (stress/injury)	Situations impairing the availability or safety of staff.	Malaysia has suffered haze-related health impacts, heatwaves, and pandemic vulnerabilities (e.g., COVID-19).	Staff may be unable or unwilling to report to work due to illness, health advisories, or fear of threats.
Disruption to the Supply Chain	Transport Disruption (flood, storm), Utility Disruption (power, water), ICT/Telecom outages	Interruption of external services or logistics necessary for operations.	Nationwide risk from floods, storms, or haze affecting transport and utilities. Telecom link outages are possible from cable damage.	Disruption to hardware/software deliveries, cash logistics, and infrastructure support could impede service delivery.
Equipment and IT-Related Disruption	Power Outage, Network Outage, Hardware Failure, Cyber-Attack, ICT Failure	Failures or disasters affecting systems, networks, or equipment—natural, accidental, or malicious.	Malaysia’s evolving cyber risk landscape, occasional network outages or grid issues. Regional cyberattacks threaten digital banking systems	System outages or cyber-attacks could block digital services, harm reputation, or breach compliance. Hardware failures (e.g. servers, connectivity) could prevent transactions.

Notes & Insights

Floods, haze, power outages, and cyber threats are especially relevant both at the national level (common in Malaysia) and organisational level (inhibit operations or staff safety).
Terrorism, bombs, urban fires or extreme weather are less frequent but high-impact risks that deserve preparedness planning.
Emerging digital threats like cyber-attacks, cloud failures, or telecom outages are crucial for a digital bank’s resilience.

Summing Up ...

Understanding and categorising threats is a critical first step in Boost Bank Malaysia’s business continuity planning process. The threats identified in this section highlight the diverse risks posed by natural disasters, human-made incidents, staff unavailability, supply chain vulnerabilities, and technological disruptions.

As a digital-first financial institution, Boost Bank must remain vigilant against both conventional and digital-era risks, such as floods and cyberattacks. This risk profile serves as a foundation for conducting a Business Impact Analysis (BIA), designing appropriate recovery strategies, and ensuring timely responses to incidents.

By maintaining an up-to-date and realistic threat landscape, Boost Bank can enhance its preparedness, minimise service disruption, and uphold customer trust and regulatory compliance in the face of adversity.

More Information About Business Continuity Management Courses

To learn more about the course and schedule, click the buttons below for the BCM-300 Business Continuity Management Implementer [BCM-3] and the BCM-5000 Business Continuity Management Expert Implementer [BCM-5].