Educate the board in the importance of IT continuity to reduce the business' exposure to risk, says Russell Flower.
We operate in an era of heightened corporate risk awareness. Corporate scandal, the threat of terror and high-profile disasters mean businesses are expected to be whiter than white, cleaner than clean and safer than safe.
It is well recognised that business continuity and IT security are integral to keeping a business running and protecting the corporate reputation. Despite paying lip-service to security and continuity, in practice business strategy, process and culture have yet to match the scale of the threat.
Most blue-chip companies have succumbed to pressure from the London Stock Exchange, the Financial Services Authority and the Bank of England and have implemented basic-level business continuity plans. But are we falling victim to tick-in-the-box syndrome? After the initial planning activity is over, strategies and procedures are quickly forgotten and left to gather dust.
A tunnel fire in Manchester in April threatened a number of businesses which did not have up-to-date business continuity plans for telecoms services. Manchester Chamber of Commerce estimated that the disaster cost those companies affected up to £4.5m a day.
This summer we have seen the threat of Tube and rail strikes and petrol blockades. That is on top of the ongoing threat of terrorism, industrial espionage and environmental issues, not to mention day-to-day IT continuity issues. Nevertheless, an alarming number of companies have continuity plans which have not been updated or tested for several years.
UK plc's reliance on IT, and customers' demands for immediate service, mean that relatively minor IT problems have the potential to cause significant damage to customer service and brand reputation. However, the tendency is to focus on planning for the extreme and sidelining the mundane.
Faced with the prospect of guarding against sensational disasters, a board of directors is susceptible to overlooking everyday threats such as IT outages. As a result, the IT director has a huge educational role to play because failing to safeguard an IT system could leave an organisation exposed to downtime and the loss of millions of pounds.
The IT outage at National Air Traffic Services in June is proof enough that an hour's downtime has severe repercussions. Thousands of passengers experienced serious delays, with the consequential media coverage damaging Nats' reputation far beyond the duration of the problem.
So, big threats aside, IT downtime is a crisis in itself. Losing IT systems can be tantamount to business paralysis, and organisations' reliance on IT will only increase over time.
Therefore, we need to put IT continuity higher on the priority list - both for the IT department and the boardroom. Saviour or scapegoat has long been the fate of the CEO. Something as fundamental as IT continuity could make or break a career.
Russell Flower is director of the managed services centre of excellence at Synstar