Several major disasters made IT directors take a closer look at their
business continuity and recovery strategies last year and ask the question: are we resilient enough?

Hurricane Katrina, the London bombings and the Buncefield oil depot explosion all led to firms’ business continuity plans being put into action – many relocating to secondary sites to carry on with their operations in the process.

But while big disasters, such as fire and floods, hit the headlines and highlight the need for a coherent business continuity strategy, everyday events including hardware and software malfunctions can equally affect a company’s ability to operate.

According to business continuity analyst Datamation, 70 per cent of businesses suffer systems downtime each year, at an average cost of £52,000 per hour, and 90 per cent of disasters are caused by failures in IT systems.

The research also suggests as many as 40 per cent of firms that experience a major disaster and do not have a business continuity strategy in place never recover.

For all these reasons we are seeing a big increase in business continuity spending, says Graham Titterington, principal analyst at Ovum.

He says that while IT directors are investing heavily in IT security to stop hackers and viruses from bringing down their systems, they are also increasing their investment in data backup, storage and relocation.

‘This growth has been witnessed for at least four to five years and we can expect it to continue to grow at a pretty good rate for a few years more,’ says Titterington. He suggests that the spending increase can be attributed to a number of factors, both old and new.

‘Some of the requirements for business continuity are the same as they have always been,’ says Titterington, citing natural and man-made disasters as big influences. But he says that increased awareness, through media coverage, is having a big effect on investment.

‘There is more awareness of the risks that are out there. Changing attitudes are also influencing investment in business continuity,’ says Titterington.

‘Because of the internet, the world is becoming more interconnected, but at
the same time there is now a greater risk and interdependence. People are a lot more aware of hacking, phishing and worms than ever before, and the same is true with physical threats.’

He says greater reliance by companies on web services and customer expectancy for always-available provision is also leading to a greater investment in business continuity systems.

‘The shift to on-demand services is leading to an immediacy in businesses,’ says Titterington. ‘In the old days, people could wait a few hours if a service went down, but now they will just move elsewhere.’

The growth of hosted services firms, such as customer relationship management specialists Salesforce.com and RightNow, means businesses have to invest in more resilient networks to ensure that they can link to data centres all the time, says Titterington.

And with the increase of home working and a growing trend for key business functions to be moved to branch offices, he says companies also need to do more to ensure that critical data is backed up throughout the business, not just at the headquarters.

‘Companies are beginning to realise more and more that there is important information being held in the branch offices and, in some cases, on home workers’ machines,’ says Titterington.

‘I think we will see more attention paid to bringing this outlying information into the overall business environment.’

Michael Rasmussen, vice president and analyst at Forrester Research, agrees that recent catastrophes have brought business continuity into sharp focus in the IT department.

‘One of the big investment drivers for business continuity has been the disasters we have seen recently, such as the tsunami, earthquakes and explosions,’ he says.

But while IT directors are focusing on protecting themselves against large one-off disasters, he questions whether they are prepared for more wide-reaching threats, such as bird flu.

Now that the virus has hit humans in Turkey, Rasmussen wonders how prepared companies would be if employees needed to work from home rather than relocate to other offices.

‘With the threat of the bird flu scare, a lot of companies need to ask “how well positioned are we to have people working at home” or “how well will our operations run?”,’ he says.

Ovum’s Titterington agrees, saying the growth of remote and home working should be more closely tied into business continuity strategies, so that employees do not have to travel to backup premises when disaster strikes.

‘Home working needs protecting and, to some extent, it could also be a solution for business continuity itself for many companies,’ he says.

Rasmussen also believes that different industries are tackling business continuity to varying levels of success, with some needing to do more than others to be fully prepared.

‘For the most part, companies are reacting and trying to get out of the woods. Financial services tends to be the most mature market for business continuity, but we are seeing a lot of focus in retail and the supply chain,’ he says.

‘The manufacturing industry tends to lag behind quite a bit, mainly because disaster recovery has not been as much of a focus and there are less regulatory issues there.’

But Rasmussen questions whether business continuity and disaster recovery strategies should be the sole preserve of IT managers.

‘In the past, the IT department has taken the leadership of business continuity, but this shouldn’t be the case, because disaster recovery concerns a bigger part of the company than just technology,’ he says.

Many companies, especially in the financial services industry, are already recognising the need to centralise continuity plans and are moving responsibility into the operational risk department.