Employees 'more of a worry than terrorists'

IT directors are more concerned about the security threat posed to systems by staff than by terrorist attacks, according to new research.
Written by Andy McCue, Contributor
Employee blunders and hardware and software failures are more of a worry for IT directors than the much-hyped threat of terrorism when it comes to disaster recovery planning, according to a new survey.

Half of the 877 IT directors interviewed for the research cited human-related issues--accidental errors and malicious behaviour--as the main threat to the security of their business. Almost two-thirds also cited hardware failure, while 59 percent said software failure and viruses are a significant threat.

But only a quarter said terrorism is a major concern, and natural disasters such as floods were hardly mentioned by respondents.

Lindsey Armstrong, senior VP for Europe at Veritas, said in a statement: "What is surprising about this research is the fact that despite the recent obsessive concern with the threat of international terrorism, technology-related threats and potential human errors are still far more in the forefront of people's minds."

Worryingly almost a quarter admitted to not physically testing their disaster recovery plans at all and of those that do 37 percent test only once a year. Yet 80 percent said they had experienced unplanned downtime in the past year, with over a quarter suffering downtime on a quarterly basis or more. And 14 percent had a system outage of between 24 and 48 hours, with 16 percent of those suffering major data loss as a result.

Time, lack of budget and disruption to employees were the top three reasons given for not testing recovery plans.

IT departments are also putting their recovery plans at risk by not storing them securely, in many cases. Seventy percent keep the plans in their main data centre, which isn't much use if it burns down. Only 20 percent stored them away from the data centre and only 15 percent store them offsite at a secure third-party location. An absent-minded 5 percent admitted they had no idea where the plans are kept in the first place.

And despite the potential damage of a major failure, disaster recovery is being left to the IT departments to handle with the board taking little interest in the area. Responsibility is handed to the departmental IT manager in 56 percent of cases and the divisional IT manager in 28 percent of cases, while the CIO, CTO or IT director are responsible for disaster recovery in 22 percent of cases.

Armstrong said: "Disaster recovery planning is fundamental to any organisation that is serious about its survival. Putting the security of data solely on the shoulders of the IT department isn't enough. In order to make the right business decisions about where budgets are allocated, what level of risk is involved in each area of the business and have a proper understanding of what is at risk if downtime occurs, the board must get involved. Shareholder value depends on the security of the company's data."

The annual survey was carried out by Dynamic Markets for Veritas. The research was conducted in large organisations with over 500 staff in the US, UK, France, Germany, Benelux, Spain, Sweden, Switzerland, South Africa, Austria, Poland, the Middle East, and Italy. Silicon.com's Andy McCue reported from London.

Editorial standards