New research shows that more than a quarter of UK companies do not have a disaster recovery plan for their IT systems, in spite of 92% claiming that it was an important factor in their IT expenditure.
Findings from the 2008 Information Security Breaches Survey (ISBS) carried out by a consortium led by PricewaterhouseCoopers, go on to show that of those companies that do have plans in place over half fail to test them. Even more puzzling and defeating the objective, 15% of firms do not take their data backups off-site.
Martin Sadler, director of HP's Systems Security Lab at HP Labs Bristol, one of the consortium members responsible for the survey, said, "There's been an explosion of information within businesses. Acquiring, analysing and delivering the right information to people so they can act on it is a major challenge for companies. The volume of data, and companies' dependence on it, pose significant backup challenges for them."
In spite of risk management (see Finance Week's Risk supplement) becoming an ever-more important part of business planning, the survey discovered that 58% of UK businesses would suffer significant disruption if their IT systems were down for a single day.
While only 2% of the companies surveyed said that business continuity in a disaster was not a very important driver of their information security expenditure, there remained doubts about the effectiveness of many of the plans already in place.
Even so, 99% of UK companies back up their critical systems and data, 86% do this at least on a daily basis. Of all UK businesses, 72% have a disaster recovery plan in place, up from 58% two years ago and this rises to 91% of large companies.
Sadler added, "Increasingly, businesses need to back up their data more frequently. One in five large companies now automatically replicates transaction data to an off-site location as those transactions occur. Companies of all sizes are now using storage area networks to organise their data better."
On the negative side, when companies suffered a systems failure or data corruption incident, 31% had no contingency plan in place and a further 10% found their contingency plan to be ineffective.
The south-west has now overtaken London as the region with the most disaster recovery plans in place (possibly as a result of last year's floods), but fewer of these plans are tested than in other regions.
The survey was done on behalf of the Department for Business, Enterprise & Regulatory Reform (BERR).
Source: FinanceWeek
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment