Paradoxically, for many of them it is also a major blind spot. Many will abdicate responsibility to the IT department, then they will tick boxes on forms with an uneasy conscience whenever asked, to tell the auditors everything's OK.
That approach all too often results in the IT department trying to keep track of critical applications and business priorities as they chop and change. This is a thankless and impossible job, with IT directors struggling to second-guess the business.
It is only slowly dawning on many companies that disaster recovery does not necessarily equate to business continuity.
I know of one user which has decided to install a mirror storage area network at huge expense, simply because it is easier than keeping a list of business-critical applications.
Current approaches to business continuity cluster towards unsatisfactory extremes. There is either indifference in business departments, or everything is planned to death. The first approach leads to the anxious abdication discussed above. The second micro-plans in far too much detail to be practicable in an emergency. One business continuity plan I came across even specified the type of pens to be used.
Having a plan, however unworkable, is an important first step. The only workable business continuity plans draw on military practice: you plan to keep things going for 24 hours regardless while having the lateral people and the basic processes in place to live off your wits after that - not an easy box to tick.