Business must play a key role in limiting the economic damage to London after Thursday's attacks, experts say.

An air of normality returned to London after the shocking events of the past 24 hours but their full impact on the capital's economy is less than clear.

Hoteliers and retailers are expected to see a fall-off in business in the short term but it is hoped that the impact in other areas will be limited.

Experts said the next few days could be vital in maintaining confidence.

Fighting back

Numbers travelling into central London were reported to be below normal levels after Thursday's travel chaos and amid some uncertainty about when London's transport system would return to normal.

"It does seem that London was quiet on Friday and it will become all the more important for Londoners to hit the ground running next week," said Dan Bridgett, from the London Chamber of Commerce.

Although the share prices of leading travel and leisure companies bounced back on Friday, the capital's hotels are most likely to suffer as people take stock after Thursday's events.

Travel agents have reported many cancellations from both domestic and foreign tourists.

However, hoteliers and tourism development organisations are putting a brave face on things.

Hilton Hotels says it has not seen a rush of cancelled bookings

Hilton Hotels says cancellations have been no higher in the past 24 hours than at other times.

"Hilton is confident that London will quickly return to normal and demonstrate traditional levels of resilience," a spokesman said.

VisitLondon is "optimistic" about the response to the attacks from foreign travel markets, believing that travellers have become more accepting of security threats and travel disruptions.

"The kind of things we have been hearing have been positive," says its spokesman Ken Kelling.

Retail hitch

London's shops were returning to normal after Thursday's disruption which prompted House of Fraser, Marks & Spencer and Arcadia among other companies to close outlets.

"We are urging firms to reopen as soon as is possible, out of economic self-interest as much as anything else," Mr Bridgett added.

There are concerns that an already struggling retail sector could be further weakened by stay-away consumers.

"Obviously there will be an effect and we will need to look at conducting public relations and marketing campaigns to stabilise things," said Jace Tyrrell, from the New West End Company, which represents retailers located on Oxford Street, Regent Street and Bond Street.

However, he insisted that storeowners were resilient.

"Retailers have faced these kind of issues before from Iraq, foot and mouth and the closure of the central line. They have got through difficult times before.

"There may be a short term hitch in that but I believe it will stabilise very quickly."

The United States saw record retail spending in the aftermath of the September 11 attacks while consumer confidence remained high in the wake of the Madrid train bombs last year.

Contingency needed

Businesses in London have lived under the shadow of terrorist threats for many decades and many were prepared for this eventuality.

However, the severity of attacks will serve as a wake-up call for companies with no business planning in place.

"Businesses must have contingency plans," Mr Bridgett said.

"There is a great divide in British business between large firms which have contingency plans for a range of things such as terrorism compared with small firms who in far too many cases do not have any plans."

A number of City companies were forced to put contingency plans into effect and succeeded in keeping disruption to a minimum.

Among those affected was LCH.Clearnet, which clears transactions for a series of financial markets including the London Futures Market, the International Petroleum Exchange and the London Metals Exchange.

It was forced to transfer key staff to its back-up site elsewhere in London minutes after it was evacuated from its office overlooking Aldgate tube station.

It was the first time it had had to invoke its disaster recovery plans, in place for a number of years.

"We have contingency plans for data and staff transfer and they were put into action yesterday," said a spokesman.

"These plans worked extremely well. There was no interruption to the clearing process. In fact, we cleared record volumes."

Continuity Forum Comment

Thursday attacks on London, though terrible, showed the effectiveness of the planning and training undertaken by London Emergency Services and various the various Authorities involved in supporting the response to a major incident.

Over a 100 companies either invoked their Business Continuity Plans or were placed on Standby. Many retailers and some offices closed early in order to permit staff additional time to travel home and a proportion had only a skeleton Staff on Friday.

Some organisations found it difficult to control personnel as the crisis developed and some with a 'Shelter in Place' had to give way in the face of opposition from staff, which clearly indicates how difficult the issues and problems relating to personnel can be during a major incident. Those who had previously clearly communicated the organisations plans (and logic) appeared to have the least difficulties in this area. These issues are indicative of the value in embedding and communicating the planning in place to personnel on an ongoing basis and it appears many drew confidence from the awareness of the companies’ procedures.

There were a number of problems with communications reported as call levels reached capacity and some as a result had problems with Event notification, communications with personnel and call trees as a consequence. Many we feel will be updating their procedures in this area as a result.

As Londoners return to work, with an almost universal determination to continue life as normal, there will undoubtedly be an increased focus on both Security and Business Continuity Management planning. The events in London, whilst terrible and shocking, show that proper planning and communication really makes a huge difference, and we urge the majority of businesses and organisations that have yet to FULLY implement Business Continuity Management to act now to address the issues they face and develop an effective process to deal with all aspects of an events effect on their operations.

Government agencies and groups, such as the Continuity Forum, have been warning for many years of the risks of terrorist attack and all are agreed that organisations have a responsibility to personnel, customers and partners to be prepared, yet still the vast majority of organisations do not have effective BCM programmes in place.

Developing Business Continuity is no longer an issue of cost or benefits, but clearly one of responsibility. Failure to plan is planning to fail, and in light of last weeks actions the price of failure is far too high!

END

__________________

If you have any comments on this article or would like to find out more about the work of the Continuity Forum please contact Sara McKenna, John Sharp or Russell at the Continuity Forum directly on 020 8993 1599 or info@continuityforum.org

source SC Magazine

Phishing email reached a new high in July, according to email security company Postini, which tracked more than 19 million phishing attempts last month. That number is the highest monthly total since Postini began tracking phishing in January.

July's total breaks June's record of 16.7 million phishing emails, the company said. While phishing attacks increased, the number of emails containing viruses decreased in July by 20 percent compared to June, Postini said.

The amount of spam remained stable at 88 percent of the total number of emails sent. The company processed more than 14 billion emails last month. Directory harvest attacks decreased 8 percent from June.

Gartner researchers have estimated that online debit card fraud, perpetrated via phishing and keystroke logging attacks, has resulted in $2.75 billion in losses in the past year.

END 

If you would like to know more about how your organisation can get involved and benefit from working with the Continuity Forum, please email us HERE! or call on + 44 (0) 208 993 1599.

Companies have become so reliant on e-mail that 85% of firms admit that e-mail downtime would severely affect their business, according to research from analyst firm Quocirca.

As a result, companies expect a high level of support from their IT departments, and 70% of organisations said they would expect IT to respond to e-mail outage within 10 minutes. “The majority of respondents see e-mail as an integral part of key business processes such as sales and customer service. A rock-solid infrastructure is the key to a successful business continuity strategy and this must extend to mobile and home-workers," said Clive Longbottom, service director, business process facilitation, at Quocirca. 

The survey also found that 50% of the businesses surveyed believed they would not be able to maintain e-mail service levels if they migrated from one e-mail system to another, and that this was one of the main barriers to migration. “The importance of maintaining service levels is confirmed by the reluctance of organisations to accept any interruption in service during the upgrade process itself" said Longbottom.

Greater use of laptops and PDAs has made e-mail business critical, making respondents more aware of e-mail downtime.

END

If you would like to know more about how your organisation can get involved and benefit from working with the Continuity Forum, please email us HERE! or call on + 44 (0) 208 993 1599. 

The Business Resilience Conference

Early Bird Event Announcement Risk strategies for organisational strength The Continuity Forum and Continuity Insurance & Risk magazine have joined forces to organise a special one-day conference: Business Resilience, risk strategies for organisational strength.

We are delighted to announce that our keynote speaker for the Event will be Sir Digby Jones, Director-General of the Confederation of British Industry, one of the highest profile Business Leaders in Europe.

Date: Friday 7th October

Venue: Institution of Mechanical Engineers, One Birdcage Walk, London, W1

The Conference aims to provide high-level analysis, at the strategic level, of the key issues that organisations private and public now face, and how effective business continuity and risk management can help to achieve compliance. The event will promote resilience as a way of making the UK more competitive in the global marketplace. It will also focus on a number of verticals including the insurance, financial services and public sectors. The conference will address core topics such as:

· Strategic level analysis of the key issues that organisations, both private and public now face

· How effective business continuity and risk management can help to achieve compliance

· Using resilience as a way of making the UK generally and organisations specifically more competitive

· The importance of Resilience from an international perspective

· Creating strategic advantage from organisational strength

Speakers already include:

Sir Digby Jones, director-general of the CBI

Mr Gregg Goble, global vice-president of business resilience, IBM

Mr John Sharp, policy & development director of the Continuity Forum

Mr Victor A Meyer, global head of business continuity, Deutsche Bank

STANDARD CONFERENCE FEE: £450 + VAT (£528.75)

CONTINUITY FORUM MEMBERS EARLYBIRD RATE: booking before August 2nd £355.50 + VAT (£417.71) giving members a direct saving of over 20%!

The full agenda will be published shortly, but if you require more information please contact the Continuity Forum 

Continuity Forum Members To reserve your place please click HERE! or phone Sara McKenna  +44 (0) 208 993 1599. If you would prefer to pay via cheque or be invoiced please contact us on 020 8993 1599. Please do contact us directly if you have any questions or you would like to upgrade to Full Forum membership, email us HERE!. 

More than we first estimated, says chief executive Industrial gases group BOC said it faces higher than expected costs, totalling around £20m, over the next two years in order to bring the company into full compliance with the Sarbanes-Oxley (SOX) corporate governance regulations.

In the company's third-quarter results presentation to analysts, BOC chief executive Tony Isaac said he was "surprised" about the high corporate costs of compliance compared to first estimates.

The deadline for SOX compliance is September next year and BOC said it will have to spend £10m this year and another £10m in 2006 to bring its financial reporting and internal controls up to scratch.

In a conference call, Charles Spence, director of financial control at BOC, said of the group's increasing corporate costs: "One of the underlying drivers is the cost of compliance with Sarbanes-Oxley." The SOX legislation was introduced by the US to prevent another Enron scandal but there have been increasing calls by businesses for the rules to be relaxed because of the high costs of bringing financial reporting processes and related IT systems into compliance. The Confederation of British Industry called for changes to SOX claiming that it is too onerous and costly, while BT is one of a number of companies which have threatened to de-list from the New York Stock Exchange because of the high costs of compliance.

Continuity Forum Comment

There is no doubt that good Corporate Governance is essential, but the value and cost of compliance needs to be carefully balanced against the benefits gained. Many organisations are finding that SOX is the equivalent of using a sledgehammer cracking a nut!

Yes Enron, was a terrible scandal and many were seriously affected by the collapse of the company, but the proper controls, checks and balances need not entail the spiralling costs that seem to be arising.

What is interesting is that whilst spending on Governance is seen to be rising dramatically, the effective BCM is being overlooked, with many Corporates failing to ensure that the business is sufficiently protected form the myriad of threats facing them. Planning is still somewhat fragmented and BCM teams are often severely overstretched and lacking in both support and resources.

It seems somewhat incongruous to us that there is an awful lot of money being spent on Governance projects that are by their very nature limited and specific in their value when something as vital as BCM is screaming out for serious improvement and investment.

Whilst it is difficult to state as an absolute fact, all the indicators point to Corporations losing far more money through avoidable Business Continuity Events than through Governance issues each year. We, and many others we're sure, would prefer that regulators address these issues rather than aggressively impose overly arduous (and expensive!) Governance Procedures. 

END 

Just under half of small firms in the UK have no plan in place to ensure that their business could survive an emergency or disaster., according to research from AXA.

Many are not covered against risks that have a much greater chance of hitting their business than terrorism, such as a fire or a flood. If the unexpected happens, companies without a contingency plan could lose thousands of pounds or even go out of business.

The insurer said the fact that these companies had such a plan was worrying because of the time it can take businesses to recover from a disaster. Research by AXA found that almost one in five small to medium-sized firms had been hit by a disaster.

One in 12 said it took them more than six months before they were up and running again and it took one in 20 of them more than a year to get their businesses back on track. AXA's risk control strategy manager Doug Barnett said: "Businesses face a number of challenges and risks and they need to do everything possible to reduce the chances of these happening. "They also need to have an effective plan in place to deal with them if they do.

Every year, thousands of enterprises fold but some of these could be saved if they had a strong business continuity plan in place." Even if a business does have plans in place it is important that companies tweak them so that they are prepared for potential seasonal risks and carry out annual test to see they will work.

END

If you would like to know more about how your organisation can get involved and benefit from working with the Continuity Forum, please email us HERE! or call on + 44 (0) 208 993 1599. 

Aug 3 2005 Liverpool Daily Post

Penny Fray looks at how Merseyside businesses are protecting themselves against the new agents of evil

The world in 2005 is a dangerous and uncertain place. Businesses as much as individuals are vulnerable to the twin threats of urban terrorism and high tech fraud. But experts claim that most companies remain hopelessly unprepared for the consequences of a major attack, estimating that as many as nine out of ten SMEs could go out of business within two years of suffering a catastrophe.

A recent Liverpool Chamber of Commerce report claims that most small to medium sized enterprises have neither a written security policy nor a contingency plan to deal with disasters such as fire, severe flooding or a terrorist bombing. Moreover, 80% of those analysed don't even have adequate procedures to deal with IT and utility failures that would otherwise enable them to function effectively during an emergency.

David Chandler of G Security and Surveillance in Prenton, Wirral, isn't surprised but claims the wheels of change are now in motion. "No-one starts the day believing that the physical presence of a business will be gone later that morning, especially here in Merseyside," says the former police detective turned security expert. "But if the terrorist attacks of September 11 have not already altered the way that businesses view security and disaster planning, the terrible events in London will. "Already, we've had a flurry of calls from both private and public sector agencies worried about safety.

Certain schemes involving public buildings have been brought forward and additional security budgets have been made available." One company that has gone to great lengths to ensure that their security system is bang up to date is Living Ventures, the name behind popular celebrity hang-outs such as The Living Room and Est, Est, Est. "People these days need to feel safe," says Richard Tarran, an IT and systems executive for the company. "That's why we've gone to great lengths to ensure that we're one step ahead of the game through installing equipment and making sure that everything is the best it can be." Although several other large companies in the region confirm a similarly heightened emphasis on security, they've all declined to comment for fear of reprisals.

However, the Daily Post discovered that one large retail outlet has just installed a hi-tech visual verification system, recording vehicle number plates - even those moving at up to 100mph in the dark. Iris scanning, hi-tech firewalls and shatter-proof windows have become popular options for those eager to stay abreast of 21st century crime. "Like most companies who provide extra protection against crime, we've seen a sudden rise in the sale of laminated windows," confirms Kay Ruddy, managing director of Bebington Glass.

Continuity Forum Comment

It is great to see that organisations are investing in better security, but that really is more a comment on what hasn't been done in the past, rather than being a positive step forward in resilience and Business Continuity Planning. Integrating the BIA and Risk Assessment phases of Business Continuity Management presents the organisation with far greater overall Resilience against a wider range of events, while enabling greater value to be achieved.

END 

More than half experienced a security breach this year.

As small businesses begin to depend on increasingly sophisticated technologies to run their operations, they are also leaving themselves wide open for security threats, according to a new survey by the Small Business Technology Institute and Symantec Corporation. Small businesses lack sufficient security controls over such basic systems as email (20 percent are not secured) and wireless networks (60 percent are not secured).

Exercise Triton 04 was the first national exercise of its kind and size, It took place in June and July 2004. The scenario covered an extreme event (up to one in 1000 year occurrence) and with extensive flooding affecting nearly half of England and Wales. The exercise tested the nation's ability to work together and deal with extensive flooding. The scenario deliberately tested systems that would not normally be planned for and identified valuable lessons for the Environment Agency and partners in improving: How we work together How we can improve our forecasting The plans and procedures that we use How we communicate The resources at our disposal And in understanding: How the Civil Contingencies Act will change the way we work.

Who took part? Over 60 organisations and agencies took part nationally, regionally and locally. Teams of people based at 35 locations were presented with the emergency scenario and asked to respond as they would if the events were real.

Half of the risk managers who responded to a recent survey believe that the insurance market is softening and that premium rates will reach their lowest point in 2007 and 2008.

Property and casualty rates are anticipated to drop more significantly than D&O and workers compensation, but despite this optimism, only about a third of those surveyed believe that their insurance spending will decrease in 2005 and 2006.

EAST MIDLANDS REGIONAL RESILIENCE FORUM, in conjunction with the Continuity Forum

A FREE ONE DAY SEMINAR

Date and Time

Thursday 7th July 2005
09:00 - 16:00

Location

Derbyshire Constabulary Headquarters
Butterley Hall
Ripley
Derbyshire
DE5 3RS

BUSINESS CONTINUITY MANAGEMENT

Practical Implementation

2004 saw the introduction of the Civil Contingencies Act that placed new responsibilities relating to Business Continuity Management (BCM) on organisations involved in civil contingencies work to ensure that they are able to continue their functions in the event of an emergency. However, BCM is not only essential to meet the legislative requirements under the Act but also reinforces a stable economy for commerce, industry and public services.

The aim of this event is to raise awareness of BCM and to inform organisations on the practical aspects of developing and implementing a business continuity plan.

WHO SHOULD ATTEND?

This seminar is of particular interest to employees or officers of:

Who is the centre for?

The centre is for all those affected by the events of 7th July. In particular it is for relatives and friends of those who have died, or are still missing, and survivors, whether or not physically injured. It has been set up by those responding to the disaster, as a single point of information and assistance. The centre is secure and private.

It is where:

• Information about those who have died, are missing or were injured can be given and received by the authorities
• Updates on the investigation are made available
• Those who have been affected can get access to support services such as financial, legal, emotional

What else is available?

• The opportunity for a personal meeting with a police family liaison officer
• Regular updated information
• Help with accommodation and travel can be arranged
• Assistance in making contact with appropriate agencies and resolving problems
• Multi-faith and multi-cultural contact
• Emotional support
• Internet and telephone facilities
• Refreshments
• Medical care and mobility aids
• Crèche
• Financial help
• Legal advice
• Information leaflets about bereavement and further sources of support

If you are coming to the Family Centre from out of town please note that accommodation can be arranged or made available through Transport for London Incident Care Team, tel 0791 700 6865.

The Family Assistance Centre has now relocated to:

Lindley Hall (Royal Horticultural
Halls and Centre)
80 Vincent Square
SW1P 2PE

Call (24-hours): 0845 054 7444

END

__________________

If you have any comments on this article or would like to find out more about the work of the Continuity Forum please contact Sara McKenna, John Sharp or Russell at the Continuity Forum directly on 020 8993 1599 or info@continuityforum.org

Thursday June 23, 08:51 AM

TOKYO (Reuters) - Japanese officials scrambled on Thursday to contain the public relations fallout from reports that confidential information about Japan's nuclear plants had leaked onto the Internet through a virus on a personal computer.

Japan's top government spokesman pledged to take steps to protect information after data on several nuclear plants appeared online, including photographs of their interiors, details of regular inspections and repair work and names of workers.

"Nuclear plants are important facilities in terms of anti-terrorist measures, security and what not, and therefore we would like to take full steps to ensure information management," Chief Cabinet Secretary Hiroyuki Hosoda told reporters.

Mitsubishi Electric Corp. said the information was leaked through a personal computer used by an employee of a Mitsubishi subsidiary that was in charge of inspecting the plants.
Mitsubishi Electric said the leak occurred at one of its subsidiaries and included information from seven Japanese electric power companies and five independent firms.

"We deeply apologise for causing trouble to many people including electric power companies," Mitsubishi Electric said in a statement. "We will do our utmost to prevent the recurrence of such an incident."

A trade ministry official in charge of the investigation said the information that was published was not directly linked to the "core part" of the nuclear plants.

"We believe the information allegedly leaked does not include data directly related to nuclear materials, which are kept under strict control," he said.

Since the September 11, 2001, attacks on the United States, Japanese police and coast guard forces have tightened security around the country's 52 nuclear reactors.

END
__________________

If you have any comments on this article or would like to find out more about the work of the Continuity Forum please contact Sara McKenna, John Sharp or Russell at the Continuity Forum directly on 020 8993 1599 or info@continuityforum.org

MasterCard scandal: 40 million accounts could be compromised...

In what could be the largest data security breach to date, MasterCard International on Friday said information on more than 40 million credit cards may have been stolen.

Of those exposed accounts, about 13.9 million are for MasterCard-branded cards, the company said in a statement. Some 20 million Visa-branded cards may have been affected and the remaining accounts were other brands, including American Express and Discover.
MasterCard and Visa both say they have notified their member banks of the specific accounts involved so the banks can take action to protect cardholders.

James Van Dyke, principal analyst at Javelin Strategy & Research in Pleasanton, California, said: "In sheer numbers, this is probably one of the largest data security breaches."
The breach occurred at CardSystems Solutions in Tucson, Arizona, a third-party processor of payment data, according to a MasterCard statement. An intruder was able to use security vulnerabilities to infiltrate the CardSystems network and access the cardholder data, MasterCard said.

CardSystems is one of several companies that process transactions for banks and merchants. The security breach at the company was discovered using tools that monitor for credit card fraud, MasterCard said.

Though credit card numbers were compromised, the cards themselves do not hold social security numbers or dates of birth, MasterCard said. This information could be used for credit card fraud but not to steal identities.

A spokeswoman for credit card company Discover said the company is aware of the security breach and is working with law enforcement to investigate it. She noted that Discover Card holders would not be liable for any fraudulent transactions, should they occur.
Visa issued a statement saying it knows of the data security breach and is working with authorities and banks to monitor and prevent fraud. As with MasterCard and Discover, Visa noted that card users are not responsible for fraudulent transactions.

American Express could not immediately be reached for comment.

The credit card theft possibly occurred late last month, according to CardSystems. In a statement issued late on Friday, the company said that it identified a "potential security incident" on Sunday, 22 May and called in the FBI the next day. Visa and MasterCard were notified as well, CardSystems said.

Since the breach, CardSystems has undergone a security audit and is changing its security procedures as a result, it said.

The breach follows several high-profile data loss incidents that potentially exposed US consumers to identity theft. Last week, CitiFinancial said tapes containing unencrypted information on 3.9 million customers were lost by the United Parcel Service while in transit to a credit bureau. CitiFinancial is the consumer finance subsidiary of Citigroup.

In past months, data leaks have been reported by Bank of America and Wachovia, data brokers ChoicePoint and LexisNexis, and the University of California at Berkeley and Stanford University.

END
__________________

If you have any comments on this article or would like to find out more about the work of the Continuity Forum please contact Sara McKenna, John Sharp or Russell at the Continuity Forum directly on 020 8993 1599 or info@continuityforum.org

Friday June 24, 2005

Rail services on the East Coast Mainline have returned to normal after hundreds of passengers were trapped in overheated carriages for hours after a power failure.
Many endured great distress and were forced to break windows to escape as dozens fainted in the heat.

Yesterday, the 3.55pm GNER train from Newcastle to Kings Cross ground to a halt just outside Peterborough at 5.25pm due an overhead power failure.

Kevin Groves, spokesman for Network Rail, said the power failure meant no trains had been able to leave Kings Cross on the main route north since 5pm yesterday.

He said: "We have engineers working to fix the problem and they will work throughout the night in a bid to have trains running again by 6am."

A Cambridgeshire Fire and Rescue spokesman said eight passengers had been taken to hospital suffering from heat-related injuries.

Passengers were advised to check with National Rail on 0845 748 4950 before travelling today.

END
__________________

If you have any comments on this article or would like to find out more about the work of the Continuity Forum please contact Sara McKenna, John Sharp or Russell at the Continuity Forum directly on 020 8993 1599 or info@continuityforum.org