Nearly half of Canadian companies have suffered from a disaster such as a power outage or IT failure, according to statistics released recently – but almost three quarters of the country’s businesses are unprotected by a business continuity plan.
The survey, conducted by Leger Marketing for hosted services company Fusepoint Managed Services, also reveals that only half of the companies with a disaster recovery plan consider it to be “full-blown,” with nearly one in three firms admitting to an “unofficial” program. Twelve per cent of firms rely on a phone tree as their primary means of continuing business in the event of a disaster.
“One thing that alarmed me was that 40 per cent of business executives participating in the survey said that they hadn’t spent a dime in five years on this matter,” said Fusepoint CEO George Kerns. He was also concerned that 80 per cent had spent less than $100,000. “That’s a pretty nominal amount,” he said, adding that companies should make their own risk assessment and ask themselves how much it will cost for IT systems to be unavailable.
With threats such as the outbreak of avian flu looming, regulators are slowly beginning to consider business continuity in more depth. For example, the Investment Dealers Association of Canada recently introduced a bylaw mandating business continuity guidelines for members, and also published guidelines last year on how businesses can deal with a potential flu outbreak.
For many companies, building business continuity directly into operational activities has been a key part of a risk mitigation strategy. Robert Symons, president of online insurance processing services provider Tritech Financial Systems, hosts the servers that provide services to its clients at Fusepoint’s premises.
Tritech’s IT systems are protected “to the point where we don’t see how they could fail,” he said. He sees many insurance clients build business continuity around staffing practices, making it easier for the business to continue uninterrupted in the event of a disaster. “A lot of time the agents don’t work from the office. They can continue processing without having the head office being there,” he said, because the insurance processing applications are hosted in a failover configuration offsite.
The biggest perceived threat to the workplace among the 520 executives interviewed was IT disaster (46 per cent), with fire or theft, internal employee error, infrastructure disaster and natural disaster following in that order. Significantly, in spite of the media coverage, a pandemic caused the least concern among executive respondents, with a quarter considering it their greatest threat. The executives interviewed included owners, presidents and senior managers, and in spite of the common lack of a business continuity plan, 33 per cent of them felt “very responsible” for their company’s disaster preparedness. While Canadian businesses seem relatively unprepared for business disruption following a disaster, they are much more active when it comes to information security. The Global State of Information Security survey conducted by PricewaterhouseCoopers and others found that 67 per cent of Canadian businesses are engaging both business and IT decision-makers to help resolve security issues, compared to just over half worldwide.
However, they may also be missing the mark: one in six respondents had limited or no security training for end users, making common non-technical attacks such as social engineering much more likely.