Opinion: Are you ready for a crisis?

Business leaders must beware creeping complacency.

Business leaders must beware creeping complacency.

As we grow older, most of us lose our childhood fears. But those responsible for the integrity of their company's data should never lose their sense of dread about things that go bump in the night.

Seven months on from the terrorist attacks in London it seems that complacency about business continuity is setting in again. A recent survey of IT managers, conducted on behalf of Cable & Wireless and supported by the Institute of Directors, showed that one in five firms had no plan to help them continue trading after extreme disruption or disaster.

The recent Buncefield oil storage tank explosion, which damaged the datacentre of Northgate Information Systems and took down the services of various organisations, demonstrates that simply handing over your responsibility to a third party is not a failsafe option.

Instead, business leaders must begin to think the unthinkable and consider their levels of preparedness and how their firms might cope were the worst to happen.

Business continuity is a balance of risk. The cost of any protection you put in place must be proportionate to the possibility of loss - in other words, the risk.

But all too often, the risk assessment is not done properly, resulting in under-investment - over-investment is a rare occurrence. Without a proper assessment it is also impossible to outsource business continuity with any confidence that your organisation is securing value for money.

The buck stops here

All too often, organisations outsource their IT and assume that their service provider will put in place all the failover, dual datacentres, and so on. But unless business continuity measures are specifically contracted for, they will not happen.

Regardless of whether something is outsourced or insourced, the management and acceptance of risk remains the responsibility of the organisation and those risks must be reviewed regularly.

An organisation's continuity plan is not worth the paper it is written on unless it both complies and integrates with that of its suppliers. Just ask those firms left in the lurch after the Buncefield fire, which disrupted more than 400 businesses, many of them warehouses and wholesalers to some of the UK's largest brands.

The weakest link in a company's supply chain, online or offline, is critical. More than half of the IT managers quizzed by Cable & Wireless had no idea about the business continuity plans of the firms on which they relied.

Cause of death:data loss

According to research from the London Chamber of Commerce and Industry, four out of five businesses affected by a major incident close within two years, and the figure rises to nine out of 10 for those that lose data.

Making sure your business is not one of them can be a very simple exercise, and most risks can be managed with minimal investment. Keeping hard copies of both key staff and supplier contact details both on and off site and ensuring data back-up is not kept on the same premises are two easy ways to greatly increase the resilience of your firm.

Common sense, you might think, but a third of businesses store their back-up tapes next to the system they are duplicating.

Having sorted out the simple things, it is worth considering how your staff might react, and how they would work if they could not use their usual desks.

Thanks to the ubiquity of broadband, modern telecoms and IT systems are both reliable and cost-effective to roll out to the workforce. Firms are increasingly spreading the cost of such systems by rolling their business continuity requirements into their obligation to consider home working requests.

Having staff able to work from home in the event of a disaster is a cheaper and more flexible option than renting additional premises.

Given that 65% of the firms we surveyed believed that a single day of disruption would undermine the viability of their business, it is worth planning for every eventuality.

But business leaders must remember that being able to survive the bump in the night is only one side of business continuity planning. The ability to bear the cost of your chosen protection in a competitive market is equally important. Striking the right balance between cost and consequence for your business in these uncertain times will mark out the paranoid from the practical.

Mark Hanvey is chief security officer at Cable & Wireless

Read more on IT risk management