Reseach finds that UK organisations are sitting ducks as they fail to plan for major disruptions
07 March 2005
UK organisations admit they are failing to protect key assets and the ability to function in the face of major disruptions, according to research published today by the Chartered Management Institute. The 2005 Business Continuity Management Survey uncovered alarming inactivity, with organisations ignoring threats to their business, neglecting the needs of their managers, and not communicating plans with employees.
The research, published in association with the Continuity Forum and VERITAS Software, does, at least, reveal increased levels of awareness about potential dangers to business. More than half (51 per cent) have a business continuity plan (BCP) in place a slight increase on each of the previous three years. However, the study also demonstrates varying attitudes to risk across business sectors and organisation size. Continuity management is most widespread amongst the banking sector and in organisations with a turnover of more than £11 million.
Threats to business Managers were asked to identify the threats most likely to have an impact on their organisation. Almost three-quarters (70 per cent) suggested that loss of IT capability was their top concern. Reflecting the tight labour market, managers also identified loss of skills (56 per cent) and loss of people (55 per cent) as major threats to their business.
It has also become clear that UK businesses are sitting ducks as most plans fail to cater for the disruptions being experienced by organisations. Despite an increase in incidents relating to loss of people (up to 41 from 25 per cent) and skills (up to 28 from 20 per cent) to hit organisations over the last twelve months, only a handful of BCPs cover staff issues.
Mary Chapman, chief executive of the Chartered Management Institute, commented "it is a matter of concern that many organisations still fall short when it comes to implementing thorough business continuity management strategies. However, the rising awareness of corporate governance responsibilities, and in particular the demands of the new Operating and Financial Review regulations should ensure that managers focus on the impact and cost that the loss of staff and services can have"
Demands for continuity management
A significant shift has also occurred over the past year, with external drivers influencing the extent of business continuity management (BCM). Corporate governance is considered the key reason (34 per cent, up from 24 per cent in 2004), followed by demands from insurers (25 per cent), central government (22 per cent) and auditors (20 per cent).
Encouragingly, in 27 per cent of organisations, the Board leads business continuity management. Budgetary control has also shifted into mainstream business operations, with 38 per cent of organisations ensuring BCM budgets are held at director. The research indicates that now only 9 per cent of organisations give financial control of BCM to risk managers and 5 per cent to IT directors, recognising the need to prioritise business continuity.
Dr David J Smith, principal consultant at EMEA BCM Practice at VERITAS Software, says: “When the number of remote workers increases, IT departments are under more pressure to ensure that core systems are always available; or can be recovered quickly should a system failure occur. Whilst UK businesses are making investments in this area, surprisingly few are communicating business continuity plans to staff - even though they recognise the need to do so. Disaster Recovery research in 2004 highlighted that there was a lack of regular rehearsals completed by businesses to ensure that such plans are comprehensive enough and it appears from this survey that there is still a long way to go before this practice becomes standard.
Inadequate preparation Respondents expressed anxiety over the lack of a communication chain about business continuity plans. Of those organisations with a plan in place, only 58 per cent regard their employees as a key audience to share continuity details with. Only 1 in 4 organisations have an awareness programme for all staff and just over half (53 per cent) provide additional training for specific, relevant, employees. The research also indicates that organisations do not rehearse the effectiveness of their BCPs.
In 2005, one-fifth of organisations admitted they never test their plan and, of those with a plan in place, only 52 per cent meet the minimum recommended frequency of rehearsing BCPs once a year.
The finance sector is most likely to ensure plans are robust, and the manufacturing sector comes bottom of this year's BCM rehearsal league table. Worryingly, the research indicates that business continuity management is still not part of UK organisation performance culture.
A total of 86 per cent claimed their rehearsals revealed shortcomings and 13 per cent admitted these problems had not been addressed. Nearly two-thirds (58 per cent) do not even measure BCM performance and 40 per cent of organisations with turnover of less than £10 million do not audit their continuity programme. The Continuity Forum, says: “The evidence suggests a small but consistent growth in business continuity management. Having a plan is not enough! Major steps still need to be taken as too many organisations are scraping by with inadequate and untested plans that expose them to unnecessary risk."
Further information, including case studies, can be obtained from: Chartered Management Institute:Mike Petrook / Gemma Bird Tel: 020 7497 0496 Outside office hours: 07931 302 877 Email: press.office@managers.org.uk Website: www.managers.org.uk
NOTES TO EDITORS As the champion of management, the Chartered Management Institute shapes and supports the managers of tomorrow, helping them deliver results in a dynamic world. The Institute helps set and raise standards in management, encouraging development to improve performance. Moreover, with in-depth research and regular policy surveys of its 74,000 individual members and 480 corporate members, the Institute has a deep understanding of the key issues. The Chartered Management Institute came into being on 1 April 2002, as a result of the Institute of Management being granted a Royal Charter.
The Continuity Forum is a member-focused organisation committed to building the resilience of organisations internationally, regardless of size or sector, through education and the promotion of best practice in Business Continuity Management and its related disciplines. The Forum is dedicated to aiding the growth and the development of the Continuity sector and appropriate standards. More information about Continuity Forum can be found at www.continuityforum.org
About VERITAS Software VERITAS Software, one of the 10 largest software companies in the world, is a leading provider of software to enable utility computing. In a utility computing model IT resources are aligned with business needs, and business applications are delivered with optimal performance and availability on top of shared computing infrastructure, minimizing hardware and labour costs. With 2003 revenues of $1.75 billion, VERITAS delivers products and services for data protection, storage & server management, high availability and application performance management that are used by 99 percent of the Fortune 500. More information about VERITAS Software can be found at www.veritas.com. Copyright © 2004 VERITAS Software Corporation. All rights reserved. VERITAS, the VERITAS Logo, and Storage Replicator are trademarks or registered trademarks of VERITAS Software Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.