Businesses have contingency plans for dealing with
terrorist attacks but are failing to plan for disruption caused by
more mundane events such as telecoms and power failures, the
Business Continuity Institute has warned.
Businesses have identified terrorism, which has assumed a high
profile following political debate over Iraq and ID cards, as their
greatest threat over the coming year.
But companies may be focusing on terrorism to the detriment of
other threats which are more likely to cause business disruption,
the BCI said.
"Although terrorism has a high profile, it is more likely that
companies are going to suffer from something more mundane, such as
a power failure or flood," said BCI president Steve Mellish.
Research by the BCI released last week revealed that 28% of
firms regard terrorism and war as their biggest threats, followed
by natural disasters, fire and floods.
Despite this, 20% of businesses still do not have disaster
recovery plans in place for their IT systems. And 30% do not have
general business continuity plans to ensure that they can continue
to operate after a disaster.
Of the companies surveyed, 25% do not test their continuity and
recovery plans regularly.
The survey, based on interviews with 250 companies, found that
most have failed to plan for potential telecoms failures.
More than 70% of firms agreed that the failure of telecoms would
damage the reputation of their business, but most relied on
business continuity plans that assumed telecoms links would be
working. Only 12% of firms had second-tier telecoms in place, and
just 9% had a third-party recovery site.
The survey also highlighted weaknesses in businesses’ supply
chains. About 18% of businesses said they were happy to rely on a
statement from the supplier that they had business continuity plans
in place. Thirty-three per cent asked to read the supplier’s
business continuity plan, and another 27% said they did not know
how suppliers’ business continuity plans were verified.
The BCI is calling for the government to appoint a minister to
take responsibility for business continuity and disaster recovery
and to step-up information campaigns to businesses.
Businesses warned of e-terror threat >>