Save content
Have you found this content useful? Use the button above to save it to your profile.
AIA

Survey shows holes in UK's corporate disaster recovery plans

by
9th Apr 2008
Save content
Have you found this content useful? Use the button above to save it to your profile.

A new survey shows more than a quarter of UK companies do not have a disaster recovery plan for their IT systems, in spite of 92% claiming that it was an important factor in their IT expenditure.

Findings from the 2008 Information Security Breaches Survey, (ISBS) carried out by a consortium led by PricewaterhouseCoopers, go on to show that of those companies that do have plans in place over half fail to test them. Even more puzzling and defeating the objective, 15% of firms do not take their data backups off-site.
Martin Sadler, director of HP’s Systems Security Lab at HP Labs Bristol, one of the consortium members responsible for the survey, said, “There's been an explosion of information within businesses. Acquiring, analysing and delivering the right information to people so they can act on it is a major challenge for companies. The volume of data, and companies’ dependence on it, pose significant backup challenges for them.”

The survey alsodiscovered that 58% of UK businesses would suffer significant disruption if their IT systems were down for a single day.

While only 2% of the companies surveyed said that business continuity in a disaster was not a very important driver of their information security expenditure, there remained doubts about the effectiveness of many of the plans already in place.

Even so, 99% of UK companies back up their critical systems and data, 86% do this at least on a daily basis. Of all UK businesses, 72% have a disaster recovery plan in place, up from 58% two years ago and this rises to 91% of large companies.

Sadler added, “Increasingly, businesses need to back up their data more frequently. One in five large companies now automatically replicates transaction data to an off-site location as those transactions occur. Companies of all sizes are now using storage area networks to organise their data better.”

On the negative side, when companies suffered a systems failure or data corruption incident, 31% had no contingency plan in place and a further 10% found their contingency plan to be ineffective.

The south-west has now overtaken London as the region with the most disaster recovery plans in place (possibly as a result of last year’s floods), but fewer of these plans are tested than in other regions.

The survey was done on behalf of the Department for Business, Enterprise & Regulatory Reform (BERR).

Tags:

Replies (1)

Please login or register to join the discussion.

avatar
By AnonymousUser
11th Apr 2008 14:20

Wise investment in DR is crucial
Growing risk awareness and an increasingly dangerous business environment may have prompted more companies to invest in disaster recovery (DR) as part of the business continuity programme - but how safe is that investment?

Just what, indeed, is being recovered? Few organisations have any real insight into the true extent of their IT assets. Not only does this challenge the validity of the DR solution but it also raises huge questions in the event of an insurance claim.

For most companies, one of the major issues is the complete lack of co-ordination between the asset register recorded within finance and the inventory lists used within the IT department to determine system maintenance and support.

Any inconsistency between the asset register held within finance and other inventory records in the business will raise significant doubt for insurance companies, delaying payment at best. At worst an organisation could lose any chance of an insurance pay-out, even face charges of claiming for non existent items.

However, there are simple processes that can be followed to ensure greater information consistency. A central repository that records the serial number and asset location, as well as the value of each item, will meet the needs of all departments from finance to IT.
Critically, this ensures that reliable, accurate information is available for both insurance and DR planning, reducing business risk whilst also giving companies more confidence in their business continuity investments.

Yours sincerely


Karen Conneely
Group Commercial Manager
Real Asset Management

www.realassetmgt.co.uk

Thanks (0)