Survey Conducted at DRJ Fall World
For these reasons, we collected reactions and perceptions of disaster recovery experts attending the DRJ Fall World in Orlando, Fla. We distributed a survey questionnaire to the DRJ Fall World participants on Sept. 18, 2001 – exactly one week after the horrible events of Sept. 11. Their feedback and input offers unique and important “snapshot” of the thinking of disaster recovery experts during the first days after Sept. 11.
One driving principal for useful post-mortem analysis is to gather perceptions and insights while the events are still fresh in the minds of those involved. This principal demands the immediate investigation into the thinking of disaster recovery planners in the period quickly after Sept. 11, while these events are fresh. Often insights developed immediately after disastrous events are lost with the passage of time. The results of this investigation offers insight into how the Sept. 11th terrorist attacks had affected the thinking and planning of the disaster recovery managers in the immediate aftermath of Sept. 11.
Clearly different industries were affected differently. We asked respondents to report how Sept. 11 had affected their business operations on both Sept. 11 and Sept. 14, 2001. We asked respondents to indicate if their business was "completely shut down" to "business as usual or went on as usual with no tangible alterations in performance or production." Overall, respondents reported a moderate to significant alternation in performance and production on Sept. 11 but by Sept. 14, no tangible alterations in performance was the norm all industry sectors.
Some industry sectors were more likely to have been significantly more disrupted on Sept. 11 than other business sectors. For example, insurance, education, and petrol/chemical were more deeply affected than other sectors. These three industries all reported significant business disruptions on Sept. 11. Healthcare, telecom, retail/wholesale, and insurance sectors still had disruptions or alterations to routine operations at about twice the level of other sectors on Sept. 14.
Nearly 20 percent of companies represented still do not have a written crisis management plan (we presume that the lack of a plan for their organization may be a motivation for their attending and participating in the DRJ Fall World Expo). While three-quarters of represented companies had written crisis management plans in place on Sept. 11th, only a small minority of those plans specifically addressed “terrorist acts” and fewer still of those plans specifically addressed “acts of war.” The 15.5 percent plans that did address terrorism and 7 percent acts of war were the exception to the general trend. An overwhelming 79 percent of existing crisis management plans failed to address “terrorist acts” and 88 percent of plans failed to address “acts of war.”
When asked generally how much existing plans need to be altered in light of the terrorist events, 97 percent of respondents said that their plans needed to be altered. When asked about the degree of modification needed, the largest percentage, 39 percent, responded “significantly,” and 6 percent responded “completely.” Only a third responded that their plans need to be changed “moderately,” and 19 percent responded “slightly.” Clearly, there is urgency to rethink disaster planning, risk assumptions, and preparation contingencies in the aftermath of Sept. 11.
In reviewing their existing plans, 12 percent of the respondents said that their organization’s plans could still be executed as written with no modifications to meet the newly manifest circumstances. However, 84 percent felt that their existing plans (some of which were still in declared active mode) needed to be modified to adapt to current circumstance and over half (46 percent) of that number stated the plan needed to be “modified significantly.” Several specific planning areas emerged that needed significant alteration. Specifically, these included threat identification, simulation training, criteria for resumption of “normal operations,” and threat monitoring. This suggests that the terrorist attacks have provided exigencies for companies to rethink their threat and risk assessment categories, running mock simulation drills to prepare for these contingencies, redefine their criteria for what are “normal operations,” and upgrade their threat monitoring systems. Disaster recovery planning has fundamental changed in ways that threats are assessed, training preparation, and means of monitoring threat risks.
We asked respondents about the sense of intensity for disaster recovery planning in their organizations, specifically had the events of Sept. 11 affected their company’s priorities, strategic planning, or willingness to commit resources for upgrading disaster and contingency preparedness. Two-thirds reported that the events of Sept. 11th have increased the company’s commitment, sense of urgency, and intensity of disaster recovery planning in their organizations. It is noteworthy that 10 percent of companies had doubled their commitment to disaster recovery planning within the first week after Sept. 11. Less than one-third (31 percent) reported that they did not change or alter the existing level of commitment or intensity of their planning, which presumably was already high. The attacks increased the profile of disaster recovery planners in most organizations and made the disaster recovery plans an agenda item for strategic planners across industry sectors.
In light of the events of Sept. 11, respondents reported their perceptions overall of the threat risks of a number of disaster scenarios had been changed. Four threat risks were considered as substantially higher risks in the aftermath of Sept. 11, terrorism, war, biological hazards, and explosions. Rated, as now approaching high risks were bomb threats, sabotage, radiation exposure, civil disorder, airport proximity, computer crime, hazardous waste, work stoppages, chemical spills, kidnapping, and vehicle crashes. The “changed world” post-Sept. 11 hypothesis may well be reflected in these responses. Respondents were now seriously beginning to prepare to mitigate and responds to these threat risks in substantially greater intensity than before Sept. 11. It is also interesting to note that DRJ Fall World participants recognized a significantly increased threat risk of belligerent biological hazards on Sept. 18, before the subsequent anthrax infestations and media coverage. Some planners apparently began to consider some risks for the first time (i.e., the dangers and risks associated with nearby airports). Some perceived threat risks such as theft/robbery, kidnapping, and burglary experienced unchanged. Remarkably, the risk of embezzlement was seen as lower.
There are some noteworthy differences in perceptions by industry sectors. Some industry sectors had unique changes in perceived threat risk when compared to businesses as a whole.
For example, financial/banking respondents rated computer crime, work stoppages, kidnapping, and airport proximity as significantly higher risks than did other industries. The telecom industry respondents rated significantly higher kidnapping, vandalism, airport proximity, and biological hazard events. Healthcare had a significantly higher risk of biological hazard events and insurance respondents had a significantly higher risk of computer crime than did other sectors.
While some industry sectors had higher perceived risks than the general trend, some industry sectors stood out in that they rated some threat risks significantly lower. Manufacturing respondents rated the risk of war as significantly lower than did respondents in general. Retail/Wholesale respondents rated the risk of bomb threats, sabotage, and civil disorder significantly lower than did other respondents.
Note that these findings reflect the perceptions of participants in the DRJ Fall World that represented a wide variety of companies and organizations. The largest group (42 percent) of respondents represented large companies that have more than 10,000 employees. Different sized companies ranging from 100 employees to 5,000 employees each contributed between 10-20 percent. Companies with less than 100 employees comprised only 4 percent of our sample. The industry sectors represented in this sample were 19 percent financial; telecom 9 percent; manufacturing, project management, DP/IT systems, retail/wholesale, education, and insurance were between 4-6 percent each; petrol/chemical, transportation, and utilities each represented 3 percent or less; and 14 percent of the sample were “other” (not included on our demographic checklist). Conspicuously absent from our sample were representatives from the media/entertainment, event/amusement, property management, and lodging and food services.
The events of Sept. 11, 2001 appear to have significantly changed subject matter experts’ perceptions, risk assessment, company urgency of commitments, and planning for disaster mitigation and recovery. While clearly the financial and long-term impacts of the attacks have yet to be accounted, this data suggests that in this sample the companies were getting back to normal. Most industry sectors had resumed normal business operations within one week of the attacks. Yet, it is also clear that business (and disaster recovery planning) had in fact changed.
Disaster recovery planners were not fully prepared. While they were not prepared, they did have an accurate threat assessment forecast for the dangers of biological attacks as subsequent events proved out. Existing written crisis management, emergency operations, and disaster recovery plans did not adequately address the terrorism that occurred, and planners uniformly recognized that weakness in the aftermath of Sept. 11. Plans need to be and are being rethought and revised in terms of the newly recognized threat risks.
Upper management and organizational support for disaster recovery planning has dramatically increased. Two-thirds of companies have increased their support, commitment, and sense of urgency for disaster recovery planning. Disaster recovery planning has advanced as an organizational priority across all industry sectors and in one of ten companies has actually doubled their commitment to disaster planning within the first week of the aftermath. Disaster recovery planning in the aftermath must now fully and adequately address the type, intensity, scale, and severity of terror disasters.
Planning for such events is now a high priority across all industry sectors and company sizes.
The entire field of disaster recovery planning has been affected. Fully 97 percent of respondents reported that their specific plans needed to be altered in light of the new realities of the Sept. 11 attacks, and about half of those said that the needed alterations had to be complete or significant. These results suggest that disaster recovery planners in all industries were under prepared for terrorism, war, biological hazards, and explosions. Planners now consider these threats significantly higher than before and planning for such disasters has now become a high priority goal. A prudent company will take heed of these new realities and make disaster recovery planning a strategic priority.
Further research should ask disaster recovery experts to list things that they had learned or observed during the Sept. 11 terrorism attack disasters that they could share with other disaster planning professionals. We had the opportunity to collect open-ended data during our study and we anticipate reporting those results in the near future. Such subsequent research should be of tremendous benefit to others who are only now beginning to consider, assess, and plan to mitigate and recovery from possible future disasters.
Dr. Robert C. Chandler is the Blanche E. Seaver professor of communication at Pepperdine University specializing in organizational crisis management communication, crisis teamwork, crisis team selection and training, crisis leadership, crisis team assessment, and employee ethical conduct. He can be contacted at: email@example.com.
Dr. J. D. Wallace is an assistant professor and Seaver fellow in communication at Pepperdine University. His most recent research has been corporate image restoration strategies, workplace ethics and coordination in computer-mediated environments.