In the event of a terrorist attack, companies need to ensure their staff and IT systems can relocate quickly and carry on operations, perhaps with the help of a business continuity specialist.
Investment in disaster recovery and business continuity services increased in the months following the 11 September terrorist attacks, but this was cut short by the global economic slowdown. "Companies did not have any real money to put into IT projects that did not deliver a quick return on investment," said Paul Williams, an independent consultant on IT corporate governance.
However, with war looming, business continuity has been pushed up the corporate agenda. Last week the head of the UK's National Infrastructure Security Co-ordination Centre advised companies to review the security of their systems in the face of the threat of cyberattacks from Islamic groups.
"It gives a heightened opportunity for IT directors to go to the board and say there may be a heightened threat [to IT systems] and they may need to increase funding for disaster recovery and business continuity planning," said Williams.
The importance of IT within corporate governance was underlined in 2000 when the recommendations of the Turnbull report came into force for listed companies. Companies will be liable if they do not assess the internal and external risks to their systems. IT directors at board level could be held personally accountable if risks to the business have not been assessed.
n Digital risk specialist mi2G last week warned of growing concern that a war against Iraq could see terrorist groups launching digital attacks on parts of the UK's critical national infrastructure such as financial services, water services and nuclear power plants.