A study of businesses and organisations based in the UK and Europe has found that many could be placing an unwarranted degree of confidence in their current business continuity plans.
Market analyst Marsh produced its annual report into the attitudes and opinions surrounding business continuity management (BCM). The report is based upon input from 225 respondents from within the business world.
The main discrepancy noted in the report is between the 83 per cent of those questioned who said BCM was central to mitigating and managing risks against the 30 per cent who said that their ability to intelligently tackle issues and make firm decisions following disasters had been improved as a result of BCM.
Although this might be seen as troubling, the overall message delivered in the report is that BCM is now higher on the agenda for most businesses in the EU. Marsh concluded that the heightened awareness did not correlate with the extent and scope of the planning in many businesses. This leaves firms exposed with inadequate contingency plans. In many cases, improved BCM has been achieved only after a disaster had provided an all-too-practical demonstration as to the failings of a previous plan.
Marsh said that although businesses appreciate the need for some kind of plan to ensure business continuity, it can be difficult to explain just how significant such measures can be to those who have so far remained unaffected by their absence.
Marsh’s Hugh Morris said that many of the larger businesses involved in the survey were unrealistic as to the threats facing them and the recent travel disruption caused by the volcanic ash cloud proved that focusing solely on physical impact to supply chains was not enough to appreciate the wider risk.
Business continuity experts believe that the best way in which to prepare businesses for disruption with adequate BCM is in educating the senior management team. The importance of so doing is in direct correlation with the complexity of a given business.
A new report published by the Business Continuity Institute has revealed that insurance firms offering policies on business interruption (BI) were more likely to underwrite a firm that had proper business continuity management (BCM) and contingency plans to ensure continued operation when disaster strikes.
The report was compiled after a meeting which took place in March in order to set out a shared appreciation for business continuity planning that could be understood by both those in the industry and those looking to offer BI insurance.
Major insurance groups, including AXA, Zurich and BSI took part in the round table discussion in an effort to improve communication between insurers and industry and to discuss the drivers behind policy premiums and risk assessment.
The gathering aimed to cover the way in which BI insurance and business continuity planning operate in relation to one another, before discussing the coverage that insurance firms are expecting to include in a typical BCM policy.
The BCI established whether the terms of an insurance policy could be altered to suit the type of business continuity planning that a given firm had put in place. It also looked to encourage appropriate communication between those in charge of business continuity and those involved in choosing and funding insurance within an organisation.
Five major levels of business continuity benefits were identified. Firstly businesses that have BCM are perceived as being a better risk by potential insurers because they can return to normal operation quickly and implement disaster recovery strategies with minimal delay thanks to prior planning.
By implementing business continuity plans, businesses are able to mitigate the impact of events against which it is hard to secure insurance, including widespread outbreaks of illness. Furthermore the firms that have invested in understanding business continuity requirements will be better placed to compare and analyse different BI policies.
With business continuity and disaster recovery schemes in place, the meeting concluded that firms can get the best deal on BI insurance, and even seek cover in areas not habitually offered by insurers.
I have landed back in the UK after a hugely successful trip to Chicago where I presented at the 2009 Gartner Business Continuity Summit. The Summit was held in the Sheraton Hotel and Towers in Downtown Chicago.
In recent research, Gartner listed the main drivers for the growth in, and maturity of, BCM programs that we see in 2008 and beyond as: 24/7 business delivery model, and globalization of business operations.
My interpretation of “24/7 business model” is the increased stress on Recovery Time Objectives (RTO’s). We have seen RTO’s shrink considerably in the past few years as technology and business demands clash. A large customer of ours has reclassified 40% of their server as “critical” in a recent disaster recovery internal review. For “globalisation of business operations” I interpret this not just in terms of larger organisations growing globally – but companies finding data distributed across their network which requires protection.
Some further observations:
1. All of the attendees I spoke to were great technologists. They all appeared to be receptive to any new approaches and ideas that could make their life a lot easier. For instance, many I spoke to were early adopters of VM technology, and were now actively considering moving their backups into the “cloud”. My presentation concentrated on deploying online backup within a private “cloud” (or WAN for us old boys) – and this struck a chord with many attendees who had previously objected to sending their data offsite to a third party provider
2. Everyone hates tapes. Everyone. Most people I spoke to still use tape either as a primary backup and recovery system (which they admit is a potential weakness), or more likely as a secondary medium to store long term archives on.
Having spent the past 9 years promoting the benefits of cloud backup (even before the term even existed!!) it gave me great heart to know that more and more people agree that tape is not suitable as a main backup system.
For those who have asked for photographic evidence, I am pleased to link you to a picture of myself flanked by Dave Russell of Gartner Inc (left) and Jas Mann of Asigra Inc (right).
Industry analyst Gartner has advised that Enterprises should not overreact to the worldwide swine flu outbreak and the media attention surrounding it. But they should take this event as a wake-up call and review and test their pandemic response plans.
On 27 April 2009, governments and public health authorities worldwide were preparing for the anticipated spread of AH1N1 influenza (swine flu). The outbreak is currently centered in Mexico, where AH1N1 influenza is believed to have caused more than 100 deaths, but the disease is known to have spread to the U.S., Canada, Europe and elsewhere.
The swine flu outbreak is not yet a pandemic — and may never become one — but the media attention paid to it is already affecting enterprises. For example, declining oil prices are being attributed to fears of a disease-driven slowdown, and the European Union has issued travel warnings for the U.S. and Mexico. A true pandemic could cause absenteeism rates of 40% or higher for enterprises and their business partners and suppliers, resulting in severe operational disruptions. For this reason, enterprises must recognize the urgent need to develop and implement pandemic response planning.
Enterprises, governments and regulatory agencies should not make panic-driven moves — for example, closing down operations — in response to possibly overblown media reports. But business continuity management (BCM) and disaster recovery (DR) professionals and other stakeholders should use the widespread concern over the swine flu to increase enterprise awareness of the potential business impact of a widespread outbreak of disease. A recent Federal Financial Institutions Examination Council (FFIEC) study found that only 12% of participating institutions had “very effective” plans in place. Nonetheless, financial services is one of the few industries that have undertaken serious pandemic response planning, and the FFIEC study is the only large-scale testing of such plans yet conducted.
Enterprises in all regions and across all industries should review their BCM/DR pandemic response plans. Senior executives, line-of-business managers and other high-level decision-makers should be made aware of the seriousness of this pandemic preparation, to ensure a broad, ongoing commitment to this effort.