IT failure remains top cause of business disaster

IT failure remains the top cause of disruption to business continuity, according to an annual survey of UK business managers.

Almost three-quarters (70 per cent) of the 440 managers questioned by the Chartered Management Institute (CMI) for its sixth annual business continuity survey cited IT and telecoms failure as the top threat to their organisation.

In terms of actual downtime the most common sources of disruption to the running of their business in the last 12 months were loss of IT and telecommunications, closely followed by the loss of people and skills.

Despite the hype, threats such as terrorism remain near the bottom of the list of managers' concerns. Two per cent cited terrorist damage as the reason for business outage in the last year.

The survey highlights an increased level of awareness of business continuity with 51 per cent having a plan in place, with the strongest concentration not surprisingly in the financial services sector.

Corporate governance has now replaced pressure from existing customers and insurers as the main driver for auditable continuity planning and this has led to responsibility for the plan increasingly being moved into the boardroom and out of the hands of the IT director.

The research found that 38 per cent of organisations have put business-continuity budgetary control in the hands of directors of mainstream business operations, while just five per cent have given that control to their IT directors.

Testing of plans seems to be a more haphazard affair aimed at ticking boxes rather than actually seeing if the continuity plan works.

Only half test their plans at least once a year and a fifth admit they never test their plan. Of the 86 per cent who said their testing rehearsals revealed weaknesses in the plan only 13 per cent said they had addressed those problems.

The research was conducted in conjunction with the Continuity Forum and storage vendor Veritas.

John Sharp, policy and development director at the Continuity Forum, said: "The evidence suggests a small but consistent growth in business continuity management but having a plan is not enough. Major steps still need to be taken as too many organisations are scraping by with inadequate and untested plans that expose them to unnecessary risk."