Despite regulatory tightening globally, business continuity continues to be a dangerous blind spot in world business, according to a major survey.
An Economist Intelligence Unit (EIU) study found that more than one third of companies have no business continuity plan or do not know if they have one, despite the fact that 28 per cent of firms surveyed have experienced a total shutdown of key business operations as a result of a disaster.
Moreover, less than half of those surveyed had confidence in their ability to protect their businesses from threats to digital assets and general infrastructure, but few firms were confident in their ability to ensure the safety of their employees in the event of a disaster.
The study also highlighted imbalances in opinions of business continuity. Nearly 50 per cent of companies surveyed said planning for business continuity had always been a priority, while 18 per cent added it had become a priority due to security fears and terrorism.
However, in Australia and the UK, moves are underway to force corporates to take business continuity seriously. Here, the Australian Prudential Regulation Authority has given its regulated entities a 12-month transitional period to identify potential areas of non-compliance with its new business continuity prudential standard, while the NSW Government, among others, has mandated its entities to get their continuity houses in order.
In the UK, meanwhile, the government is facing calls for the appointment of a minister to be responsible for business continuity awareness and practice. But it is Basel II, the global banking accord designed to shore up operational risk practices in the global finance industry, that is having the biggest impact, according to Ian Bond, a consulting engineer at Cisco Systems.
He added that regulation such as Basel was turning the tide of executive refusal to invest in business continuity.
“The biggest driver for spend on business continuity is regulatory compliance,”he said. “This is seen by executives as a ‘must spend’ area.”
EIU also found that 25 per cent of respondents had never tested their business continuity plans. While business continuity experts and APRA recommend tests at least every 12 months, or six months if possible, just 15 per cent of surveyed firms tested that regularly.
The survey also unearthed what are seen as the most difficult business continuity risks to measure and manage. At the top of the pile were terrorism/sabotage/cyberterrorism, followed by natural disasters. Human error – so often the cause of problems – was ranked third.
However, labour unrest and corporate governance failures ranked low on the scale despite the impact of corporate governance failures at Enron, WorldCom and others.
One emerging trend within global business continuity is that global organisations are setting up “inter regional” business continuity capabilities which allow, for example, a data centre in the US to take over an Asia Pacific site during an outage, according to Bond. This trend has been cemented by the consolidation of regional data centres to cut costs, which left organisations more vulnerable and unable to swap between local sites.
“They need to feel resilient, with a smaller number of larger sites,” said Bond.
Who’s in charge?
The EIU survey lifted the lid on the fragmented nature of business continuity responsibilities within organisations. It found that among surveyed firms, there was a wide diversity in exactly who has responsibility for business continuity, with CFOs making up the largest named percentage. However, in only 9 per cent of cases is a business continuity specialist in charge.
News