City institutions were tight-lipped today about their preparations. However, Roger Marshall, the IT director of the City of London Corporation, spoke for many when he told CW360 that although the IRA bombs which hit the City in the 1990s paled into insignificance compared to yesterday's events, vital lessons had been learned.
"In the City of London we have been subjected to serious bombs which have affected firms, but we have come back stronger," he said. "After the IRA bombs firms redoubled their disaster recovery plans and the City recovered remarkably quickly. It has left the City pretty well-prepared for this sort of thing now."
Some London businesses took immediate steps to invoke their disaster recovery service agreements.
"One of our clients - a large one, I believe Docklands-based - has invoked our workplace recovery services," said Stephen Bean, the group marketing director of the business continuity specialist Guardian iT.
He said the company was in the process of moving key members of staff to a remote location "as a net result of what has happened in New York. We will be surprised if others do not invoke our services."
Margaret Smith, director for business information services at Legal & General, said, "We have full processes for business resumption and disaster recovery. We have a full rehearsal every six months, and a partial one every three months. What we usually do is take a different scenario and try that out. Given the events in the US we will be going through our rehearsal today with a slightly different slant."
UK organisations looking for official guidance on security could learn little from government Web sites. Twenty-four hours after the tragedy began unfolding there was no security advice on the Web sites of Downing Street, the E-envoy or the Home Office.
The City of London police did, however, reiterate its advice to businesses following the 1993 Bishopsgate bombing.
"You must have a business continuity scheme, with plans such as rapid relocation and IT back-up systems, to get you working again as quickly as possible in the event of a disaster or attack of this nature," a spokesman told CW360.
"Individual firms and institutions must decide how much to invest in areas such as disaster recovery and back-up systems. This is a commercial decision, but one would hope that yesterday's events would illustrate the real cost of not having these plans in place."
Bob Ayers, a former chief of security at the US Department of Defence who was still trying to come to terms with the carnage in America, told CW360: "The terrorist attack underscores the importance of having a back-up system and disaster recovery plan. You cannot prevent this kind of action but you can take steps to ensure you will continue to operate following it.
"Many firms look at disaster recovery systems, but they are expensive and are often put to one side. Theory has become reality as the results of yesterday's attacks."
The price of complacency is high. The World Trade Centre was the target for the first big terrorist attack on US soil, in 1993. After the bombing, some 40% of all businesses affected were bankrupt within two years according to analysts group IDC.
The 1996 IRA bombing of central Manchester affected 452 businesses, and 250 of them went out of business within six months, according to NatWest Insurance services.