"Don't worry about the external threats...IT outages are self-inflicted in most cases," according to Eric Keser, principal of Ernst & Young's technology and security risk services.
Speaking at a seminar organized by SecureData, Ernst & Young and META Group, Keser suggested this was especially true in Australia.
In Ernst & Young's Global Information Security Survey 2002, CIOs, IT directors and business executives were asked (among other things) for the top causes of IT outages. Australian respondents were more likely than their international counterparts to cite hardware and software failures, telecommunications failures, operational error and capacity issues – all areas that are under an organisation's control to a greater or lesser extent.
For example, reliable hardware (possibly with redundant components or complete systems allowing failover) can be selected, thorough change control procedures implemented, multiple communications links via different carriers installed, good operational procedures and training initiated, and capacity requirements forecast carefully.
The same survey suggested Australian executives are taking disaster recovery planning more seriously than their peers in other countries do.
Nearly 70 percent of Australian organisations have a disaster recovery plan (50 percent globally); over 80 percent have conducted a business impact analysis (50 percent globally); over 70 percent have agreed recovery times with their colleagues in business units (50 percent globally); and less than 20 percent have not tested their plans (just over 20 percent globally).
That's probably a good thing, because 91 percent of Australian respondents had experienced unexpected unavailability, compared with just 75 percent globally.