Plans fail to prevent 'IT disasters'

Although nearly all large companies have a business continuity plan, more than half have suffered an 'IT disaster' during the past five years, according to new research

Some of the UK's leading companies are inadequately protected from IT disasters, according to a survey of FTSE100 firms.

Research by Compass Management Consulting covering 55 companies in the FTSE100 found that while 98 per cent have a business continuity plan (BCP) in place, 58 per cent have still suffered an "IT disaster" in the past five years.

The most common disasters suffered by respondents included hardware failure (22 per cent) and utilities failure (18 per cent), followed by deliberate or malicious damage (14 per cent).

It is the latter cause that companies are increasingly unprepared for, according to Debbie Rosario, senior consultant at Compass Management Consulting, who said that more than a third of firms did not consider deliberate or malicious damage at all in their continuity planning.

"There's not the degree of correlation between the types of disaster and the BCP. The focus appears to be on the technology but technology is getting more reliable."

She said that while almost all organisations now have business continuity in plans in place there seem to be wide variations in their effectiveness. Only 38 per cent suffering an IT disaster actually invoked the measure to solve the problem, while of those who did 71 per cent still reported that their business was impacted.

Rosaria said: "It doesn't necessarily mean those business continuity plans are good or extensive."

And while terrorism remains way down the list of actual incidents and priorities for IT departments, Rosario warned that firms are still leaving themselves exposed, with almost half not including security breaches in their continuity plans.