Study: 30 Percent Of Businesses Not Prepared For Worst-Case Scenario
Despite another year filled with hard-lessons learned from tornadoes, floods and fires, 30 percent of businesses across the country are still not prepared for the worst-case scenario, according to AT&T's annual study on business continuity and disaster recovery preparedness for U.S. businesses in the private sector.
Key findings from the 2007 AT&T Business Continuity Study include:
- Of the 10 cities surveyed this year, businesses in New York ranked first in terms of being the most prepared for natural and man-made disasters, and businesses in Cleveland came in last.
- Companies may have a false sense of security. With 30 percent of companies citing that business continuity planning is not a priority, the results suggest that companies may have a false sense of security. Fifteen percent believe that their systems currently in place are sufficient; 14 percent believe that the probability of a disaster causing business disruption is small, and 13 percent believe that the probability of a major disaster is small.
- Businesses are not heeding government warnings. The private sector does not give much credence to warnings issued by the government. Of businesses hit by a disaster, only 41 percent take action when the federal or state government issues an alert. This is compared with an even lower figure of 33 percent for those companies that have not been affected before.
- Putting a plan on paper is only half of the battle. Overall, a majority (57 percent) have updated the plans in the past 12 months; however, fewer than half (41 percent) had actually tested the plan in the same period.
- Man-made disasters are a real threat. Roughly 82 percent of executives surveyed say that cyber security is part of their overall business continuity plan in 2007. Key security threats cited by companies included viruses and worms (nearly 75 percent), hackers (45 percent) and SPAM (37 percent).
- Education is key. Seventy-eight percent of businesses that have lived through a disaster have educated employees (compared with 63 percent, respectively) and defined corporate security policies (76 percent compared with 62 percent, respectively) as part of their cyber security planning.
- Small/medium-sized companies are even less prepared. More than one- third (36 percent) of small/medium-sized businesses indicate that business continuity planning is not a priority/not important. Smaller businesses are also less likely to have a business continuity plan in place. More than one-third (34 percent) of small/medium-sized companies surveyed do not have a business continuity plan compared to one-fifth (21 percent) of large companies.
AT&T's Business Continuity Study surveyed 1,000 IT executives from companies throughout the United States that have at least $10 million in annual revenue for their views on disaster planning/business continuity trends.
Not surprisingly, there are disparities across the nation. Businesses in areas hit hardest by disasters have been able to learn lessons from the past. New York and Houston business executives indicated that business continuity planning has become a priority in recent years because of natural disasters, security and terrorist threats (45 percent and 33 percent respectively, compared with 29 percent nationally). Conversely, Cleveland executives believe that the probability of a disaster causing business disruption is small (22 percent compared with 14 percent nationally).
The 10 2007 surveyed market rankings for businesses from highest to lowest in preparedness are:
1. New York
2. Houston
3. San Francisco
4. Boston
5. Memphis/Nashville
6. Atlanta
7. Chicago
8. Los Angeles
9. Minneapolis/St. Paul
10. Cleveland