Perception is not reality because executives graded themselves with a B, while substantial deficiencies exist in their disaster preparation practices.
The surveyed executives graded themselves with a B, which is a slight improvement from last year when executives graded themselves with a C+. While the grade improvement looks promising, a further look at the study reveals a rift between perception and reality. After the 2003 survey revealed 67 percent of companies were more prepared to access business critical information than they were prior to 9/11, 2004 results reveal that only 58 percent of companies felt they were more prepared than they were before 9/11. The disparities don’t stop there. More than one-third (38 percent) said they have not increased spending dedicated to disaster preparation since 9/11 and the Northeast blackout. Can companies claim to be more prepared if they have not dedicated an increased amount of resources to the task? If a business partner or vendor falls into this category, can you be assured that in the event of a disruption, the critical goods and services you need to be provided to you will be, in fact, provided to you? If you are a partner or vendor, does the cost of increasing your level of disaster preparedness outweigh the loss of business and customers you face if you can’t honor service-level agreements?
Compliance is a problem because nearly one-in-four (22 percent) respondents said their company did not meet regulatory requirements for business continuity, information security, and/or electronic records retention.
This statistic is extremely troublesome. Considering this was a survey of Fortune 1000 companies, and 96 percent of companies surveyed are publicly held, this issue of non-compliance is a cause for concern. Even after 9/11, the Enron scandal and numerous natural disasters that could have crippled a company’s infrastructure, there are still more than one-in-five publicly held companies without a proper back-up plan in place. In an era of elevated national security, this is more troubling than ever. Any public company – whether it is your company, a business partner, or a vendor – needs to meet the necessary regulatory requirements or feel the wrath of a government looking to restore the public’s trust in corporate America.
Companies know it happens, but still aren’t taking enough prevention measures as more than half (54 percent) of respondents admitted to experiencing a disruption of their technology services in the past year.
While the national study indicates there have been fewer disruptions than those companies surveyed on a regional basis (70 percent), disruptions have been happening often. Even though companies have recognized that disruptions in services happen, 30 percent of those surveyed have not tested the systems they have in place to assure access to business-critical information in more than six months.
One-in-10 (10 percent) have not tested these systems in more than a year. Unfortunately, disruptions occur. The key to never going down in the first place is making sure information is always available. Your business partners and vendors should be testing on a regular basis to ensure when a primary system goes down, there is minimal downtime and minimal effect on companies that use its goods and services.
Disaster preparation is not “top of mind” in the boardroom because more than half (56 percent) of the respondents said their company discusses policies regarding access to business critical information either not very often or not at all.
Without the constant reminder of a large-scale disaster, it seems top-level executives aren’t paying enough attention to this matter. If top-level executives are not talking about disaster recovery and business continuity, can they be expected to provide the necessary resources to help create and implement adequate plans? Are your top executives talking about this? Are your business partners’ and vendors’ top executives talking about this? If they hope to have a long-term relationship with your company, they should be making sure they take all the steps necessary to ensure that should their company have a disruption, your company doesn’t notice.
Power outages (33 percent) were responsible for the most amount disruptions, followed by virus/security breaches (22 percent) and hardware failures (22 percent).
The Northeast blackout of 2003 likely caused the spike in power outage-caused disruptions. However, network security is still an extremely important issue as noted by the nearly one-in-four who responded that a virus/security breach caused the company’s last disruption. While power outages caused the most disruptions in the past year, respondents consider computer hackers (36 percent) to be the biggest threat to their company’s access to business critical information. The concern over hackers has doubled in the past year as has the concern over power outages, which at 20 percent, is up from 10 percent just a year ago.
The results of this Harris Poll paints a somewhat negative picture of the state of disaster preparedness on a national level. The findings of the survey conclude that American business is simply not doing enough to ensure the integrity and accessibility of its mission-critical data.
IT professionals who specialize in business continuity and information availability need to determine how prepared business partners and vendors are for a disruption. We need to look at our business partners’ and vendors’ disaster planning with as critical an eye as we look at our own disaster planning. As we all know, your customers don’t care why they didn’t receive their product or services. All they care about is the fact that you didn’t provide them with what you promised. Don’t let your partners’ and vendors’ lack of planning cost you customers.
David Palermo, vice president of marketing for SunGard Availability Services, leads the marketing strategy, research and communications functions. Palermo is a 17-year marketing veteran with experience in sales, product marketing, marketing communications and strategic planning in the consumer and high tech industries.