Skip the navigation

Business Continuity Planning Is a Challenge for CIOs

By Vandana Mangal
April 7, 2004 12:00 PM ET

Computerworld - The events of Sept. 11, 2001, resulted in CIOs scrambling to implement business continuity planning (BCP). Companies such as Snap-on Inc. and Commerzbank AG invested large sums of money in BCP after 9/11. However, today's numbers show that business continuity investments are 1% to 2% of total IT budgets, a fraction of the 2% to 8% they should be, according to various sources. Business continuity investments appear to have been only a spike after 9/11. Today, business continuity has slid down on the CIO's priority scale.
Several sources suggest that most organizations don't have working business continuity plans in place. In a survey it conducted during the winter of 2000, Dataquest Inc. found that over 60% of the businesses that responded didn't have a basic plan for BCP. Gartner Inc. analyst Roberta Witty estimated last July that even after the terrorist attacks on the U.S., less than 25% of large enterprises have comprehensive business continuity plans. Another survey, conducted by a consortium of 50 companies, found that two-thirds of the thousands of enterprises surveyed had no business continuity plans. Among the businesses that had such plans, four-fifths had never tested them, and among the companies that had tested their plans, only 17% of the plans had passed.
Results found in a recently completed 20-year study of Fortune 500 crisis readiness by the University of Southern California's Center for Crisis Management support the above studies. Therefore, although some companies did invest in BCP after 9/11, it can be derived from the studies mentioned above that business continuity has been forgotten by CIOs.
Virus attacks on servers and networks are becoming more commonplace, but even more catastrophic disruptions to business -- ranging from blackouts like the one that hit the U.S. in August 2003 to terrorist attacks like 9/11 -- occur with alarming frequency. Disasters can result in large monetary losses, legal ramifications, loss of customer confidence and, in some extreme cases, the company's existence. Organizations therefore need to have plans to recover their assets, which include people, facilities, business applications, processes and IT systems, so they'll be able to return to normal business operations as soon as possible. This requires BCP.
Business continuity (sometimes referred to as business continuance) describes an organization's procedures to ensure that essential functions can continue during and after a disaster. BCP seeks to prevent interruption of mission-critical services and to re-establish fully functioning plans as swiftly and smoothly as possible. Disasters can be caused by any of the following:

  • Natural causes such as floods, fires and earthquakes

  • Systems-related causes such as network problems and power or telecommunications failures

  • Human and malicious causes such as hackers, viruses, terrorism, disaffected employees and theft

According


Our Commenting Policies