Businesses have contingency plans for dealing with terrorist attacks but are failing to plan for disruption caused by more mundane events such as telecoms and power failures, the Business Continuity Institute has warned.
Businesses have identified terrorism, which has assumed a high profile following political debate over Iraq and ID cards, as their greatest threat over the coming year.
But companies may be focusing on terrorism to the detriment of other threats which are more likely to cause business disruption, the BCI said.
"Although terrorism has a high profile, it is more likely that companies are going to suffer from something more mundane, such as a power failure or flood," said BCI president Steve Mellish.
Research by the BCI released last week revealed that 28% of firms regard terrorism and war as their biggest threats, followed by natural disasters, fire and floods.
Despite this, 20% of businesses still do not have disaster recovery plans in place for their IT systems. And 30% do not have general business continuity plans to ensure that they can continue to operate after a disaster.
Of the companies surveyed, 25% do not test their continuity and recovery plans regularly.
The survey, based on interviews with 250 companies, found that most have failed to plan for potential telecoms failures.
More than 70% of firms agreed that the failure of telecoms would damage the reputation of their business, but most relied on business continuity plans that assumed telecoms links would be working. Only 12% of firms had second-tier telecoms in place, and just 9% had a third-party recovery site.
The survey also highlighted weaknesses in businesses’ supply chains. About 18% of businesses said they were happy to rely on a statement from the supplier that they had business continuity plans in place. Thirty-three per cent asked to read the supplier’s business continuity plan, and another 27% said they did not know how suppliers’ business continuity plans were verified.
The BCI is calling for the government to appoint a minister to take responsibility for business continuity and disaster recovery and to step-up information campaigns to businesses.