Most small and medium-sized businesses are not making contingency plans for staff who might be unable to access company offices following an emergency, research by Cable & Wireless has revealed.
More than 65% of SMEs admitted their businesses would be materially impacted if staff were unable to access the office for a day or less.
Yet one-third of SMEs outside London and two-thirds of those inside London have not put business continuity plans in place, the survey of 100 organisations revealed. And less than one-third of small businesses have updated their business continuity plans since the 7 July London bombings.
Jim Norton, senior policy adviser at the Institute of Directors, said business leaders had a responsibility to plan for business continuity.
"The tragic events of 7 July and Hurricane Katrina, as well as potential fuel shortages, have each shown in their own way that businesses are vulnerable to events beyond their control," he said.
The survey showed that although one-third of small businesses recognised the need to back up data, they did not keep backup copies outside their headquarters - placing them at risk if their offices became inaccessible.
Two-thirds of the companies had made no provision for their staff to work from home or to access company networks.
Such lack of planning could leave businesses vulnerable if police cordons, fires, floods or terrorist attacks left buildings inaccessible.
"We are calling for businesses to take business continuity planning in all its aspects - technology, people and processes - very seriously," said Norton. "That means backing up data off-site, having access to alternative facilities and giving employees technology to work from home."
Mark Hanvey, chief security officer of Cable & Wireless, said it paid businesses to be pessimistic. "While large enterprises are more aware of the risks, small to medium businesses need to wake up and make preparations fast. As the research shows, many businesses aren't even backing up data off-site - a simple and cost-effective means of protecting against data loss and ensuring business survival."
* Viruses and worms present the biggest security risk for small and medium-sized businesses, according to a survey of more than 700 organisations by Forrester Research.
The businesses also saw spyware and spam as more significant threats than external hackers and identity theft. However, European businesses were less concerned than US firms about malicious code.