Receive our weekly newsletter

First name:
Surname:
E-mail:
Features
Dumfries and Galloway
Scottish Borders
Edinburgh & Lothians
St. Andrews and Fife
Dundee and Angus
Perthshire
Aberdeen & North East
Highlands
Orkney Islands
Shetland Islands
Western Islands
Argyll, the Isles, Stirling and the Trossachs
Ayrshire & Arran
Glasgow & Clyde Valley
US/Europe/Global
Universities
Hightech
Security
Diary
Livewire
Gaberlunzie
Thursday 3rd April 2008

How effective are Scotland's business disaster recover plans?

Floods in Stirling: Courtesyhttp://www.rics.org

Scotland is slightly worse than the national average when it comes to disaster recovery. 74% of Scottish companies have a disaster recovery plan in place, and 53% of these have been tested in the last year. 2% of Scottish companies do not make any backups of their critical data. A further 7% make backups but do not take them off-site, says Chris Potter, partner PricewaterhouseCoopers LLP, who led the survey.

A new survey raises serious concerns about the effectiveness of disaster recovery plans. Among the early findings of the 2008 Information Security Breaches Survey (ISBS) by a consortium, led by PricewaterhouseCoopers LLP, on behalf of the Department for Business, Enterprise & Regulatory Reform (BERR).

"Disaster events for companies are a bit like medical emergencies," says Chris Potter, partner,  "A well planned and quickly implemented response can help one company survive an event that would kill another.

"Clarity and speed of action are vitally important. Companies that are good at communicating with their customers normally tend to be better at reassuring their customers when disaster strikes. Others tend to be surprised at how quickly their business can evaporate. While most businesses have business interruption insurance, this is no substitute for taking the right steps to preserve the long term business."

Although almost all UK companies back up their critical IT systems and data, more than 25%  still do not have a disaster recovery plan in place. And half of those that have plans, fail to test them.  In addition 15% of companies do not take their backups off-site. This, despite the fact that 92% of businesses pay lip service to disaster recovery planning being an important driver of their IT expenditure. 
 
The survey shows that 58% of UK businesses would suffer significant business disruption if their IT systems were not available for a day – the highest figure recorded since the surveys began. This rises to 70% in large companies.
 
Some 68% of companies polled believe that business continuity in a disaster situation is a very important driver of their information security expenditure, and a further 24% say it is important. Only 2% say it is not very important.
 As a result, UK businesses appear better protected than ever, but queries remain on effective control

  •  99% of UK companies back up their critical systems and data. 86% do this at least on a daily basis.
  • 85% of all UK companies take their backups off-site (up from 76% two years ago); 91% of large businesses take their backups off-site.
  • 72% of all UK businesses have a disaster recovery plan in place, up from 58% two years ago. 91% of large companies have a disaster recovery plan.

 Concerns about the effectiveness of these controls are:

  • 28% of companies do not have a disaster recovery plan in place.
  • Almost half of the disaster recovery plans have not been tested in the last year.
  • 10% of companies with a disaster recovery plan do not store backups off-site.

When companies suffered a systems failure or data corruption incident:

 

  • 31% had no contingency plan in place.
  • 10% found their contingency plans ineffective.

Martin Sadler, director of HP’s Systems Security Lab at HP Labs Bristol, one of the consortium members responsible for the survey, added: “There has been an explosion of information within businesses. Acquiring, analysing and delivering the right information to people so they can act on it is a major challenge for companies. The volume of data, and companies’ dependence on it, pose significant backup challenges for them.
 
“Increasingly, businesses need to back up their data more frequently. One in five large companies now automatically replicates transaction data to an off-site location as those transactions occur. Companies of all sizes are now using storage area networks to organise their data better.
 
“Taking backups off-site poses its own security risks. Historically, backups have tended to be unencrypted to minimise the effort to restore data. More companies are now considering whether they ought to be encrypting their backups.”

The full results of the survey will be launched at Infosecurity Europe in London, 22-24 April. The 2008 ISBS survey was carried out for the Department for Business, Enterprise & Regulatory Reform by a consortium of companies, including HP, Symantec and The Security Company (Int) Ltd, led by PricewaterhouseCoopers LLP.

The core research was a quantitative telephone survey using a structured questionnaire.PricewaterhouseCoopers picked the sample randomly from a register of UK businesses, ensuring an appropriate mix of respondents to reflect the nature of UK businesses.  In each case, the person identified as responsible for information security was contacted. In total, 1,007 computer-assisted telephone interviews were completed, each lasting on average 30 minutes. The interviews took place between October 2007 and January 2008.

Survey Figures for small businesses refer to those with fewer than 50 employees, large companies are defined as having more than 250 employees and very large businesses are those with more than 500 employees.

Source:http:// www.pwc.com/uk
Web:http://www.infosec.co.uk.

About Us
Contact Us
Advertise on this Site
Legal
Designed and maintained by Beachshore Design