Publicly, City firms point to their rigorous disaster recovery and business continuity arrangements, insisting that they have been updated and thoroughly tested since the 11 September terror attacks in 2001. However, some City IT managers have painted a more worrying picture of the robustness of financial companies' safeguards against threats to their IT infrastructure.
"I think some people in financial firms have learned the lessons of September 11 but in general they haven't," said one veteran IT manager at a large City firm. "In general, people are very bad at preparing for low-probability high-consequence scenarios."
Predicting and preparing for the myriad modern-day threats to a company's IT infrastructure can be difficult. "[A few years ago] I worked in a building that was half taken over by anti-capitalist protesters," the City IT manager said.
"There were blood stains on the marble floor. They did not manage to damage any IT systems but they did take out some electronics. We reviewed our disaster recovery arrangements about a week afterwards, but how likely to happen was that?"
Most firms have a dedicated person responsible for business continuity and disaster recovery arrangements, and this person will often have a background in IT.
But within City IT circles, being head of business continuity is not seen as a prestigious role. This is likely to stop the brightest people applying for the job and limit their influence within companies.
"Business continuity chief in financial services is seen as a career dead-end and is generally a place to go and retire because you haven't reached central management," the IT manger said.
Financial firms use a variety of disaster recovery arrangements, ranging from the most sophisticated and expensive twin-system (in which IT systems are mirrored at the disaster recovery datacentre site) to nightly back-up of data on tapes.