Business continuity planning: will it save you?
Every year, security firm Pinkerton publishes a survey of the top threats that businesses believe that they have faced over that particular year writes Fran Howarth of Bloor Research.
In six out of the past seven years, workplace violence has topped the list of concerns. However, business continuity interruption or continuity planning has been placed as the second greatest threat perceived by businesses for four out of the past five years.
But just how seriously are companies taking the issue of planning for when disaster strikes? Research from Compass Management Consulting released recently shows that most companies in the UK are ill-prepared to deal with crises caused by physical or electronic disasters.
While the survey by Compass shows that 98% of an undisclosed number of FTSE 100 firms had a business continuity plan in place, only just over one-third of those companies that had suffered an IT disaster over the last five years (58% of all firms surveyed) had used the measures that they had put in place in the business continuity plan to solve the problem. Even those that had used the processes put in place as part of the business continuity plan failed to adequately protect themselves, with 71% of respondents reporting that their business was still impacted.
Compounding the problems, even those companies with plans in place were failing to review those plans on a regular basis - meaning that new potential areas of disaster were often not included, Compass reports.
These findings are echoed in other surveys and reports that have been put out recently on the subject. But it is not too late for companies to take action and this is the time to start budgeting for increased security in companies. And, fortunately, the lacklustre technology spending of the past couple of years appears to be at an end, with companies opening their purse strings once more. Just in time, perhaps, since companies are under greater threat than at any time before. Bloor's own visionary, Robin Bloor, has pointed out recently that the level of security breaches has reached crisis level, with 90% of companies experiencing security breaches of some sort in 2003 - and this is growing at a rate of 50% or more every year.
In addition, a whole host of legislation is either being passed or ratified at the moment - such as the Data Protection Act of the EU, which requires companies to apply a much higher level of protection to the data that the collect, hold in storage or even dispose of. In 2004, we can expect to see security driving a large part of technology spending. But no matter how good the technology protection that you put in place is, the onus is on the effective development of policies that will allow security officers and other personnel to react to minimise damage. A plan that is not enforced is not worth the paper that it is written on.