September 11: From catastrophe to complacency?

Business and IT leaders have done far too little to improve their organisations' readiness for terrorist attacks or catastrophe.

Business and IT leaders have done far too little to improve their organisations' readiness for terrorist attacks or catastrophe.

Unless action is taken soon the increased awareness of business continuity planning that followed last year's on the World Trade Centre and Pentagon could be swamped by business-as-usual complacency.

Almost 3,000 people lost their lives on 11 September. Fifteen million square feet of office space was put out of action and up to £3.5bn of IT and telecoms equipment was destroyed.

Despite these losses a survey of senior IT executives by analysts organisation Gartner revealed that few organisations have effective business continuity plans.

Just 13% of enterprises told Gartner they were "mostly" prepared for major loss of life from catastrophic damage or attacks. Only 28% reported that they had business continuity plans for dealing with the consequences of physical attacks and 36% had a plan for complete loss of physical assets and work space.

Gartner analyst Simon Mingay was deeply disappointed. "Many enterprises have not yet learned a key lesson of 11 September and have not put significant resources into establishing operational resilience in case of catastrophic damage or attacks," he commented.

Peter Sommer, senior fellow at the Computer Security Research Centre at the London School of Economics told CW360.com, the situation in the UK was patchy.

"Certain parts of industry were already well-tuned to the issues of contingency planning as a result of the last 15 years of Irish terrorist attack. For those that had not been convinced," he added, "it is doubtful whether even 11 September would change their minds."

DK Matai, chairman of e-security consultants mi2g agreed: "In some sectors, such as financial services, lessons have been learnt. In others, such as professional services, a great deal more awareness is needed," he said.

Businesses only have a brief opportunity to put into practice what they have learnt from the tragedy said Gartner's Mingay. Even disasters on the scale of 11 September, "create a relatively short window of opportunity, usually about 12 months, during which awareness is raised and executives are motivated to take action".

The LSE's Sommer echoed the point. "It is an unfortunate fact that the most persuasive practical justification for a good security budget is not thoughtful risk analysis but big disasters. The horror of 11 September created an opportunity for IT professionals. They should use it well."

Read more on IT risk management

SearchCIO
SearchSecurity
SearchNetworking
SearchDataCenter
SearchDataManagement
Close