Twenty-six percent of IT departments have no disaster recovery plans at all, according to AT&T's annual business continuity and disaster recovery preparedness study.

Although 72 percent of the organisations surveyed by AT&T do have plans to keep the business online during a natural or manmade catastrophe, the quarter who didn't (and the 2 percent who "didn't know" if their company had a plan) are a cause for concern, says the company, which provides disaster recovery services.

"Some users still believe it will not happen to me," says Jerry Shammas, executive director, business continuity and recovery services at AT&T. "There might be some sense of complacency developing ... thinking they're not prone to events like hurricanes, earthquakes, floods or tornados."

But natural events are only one type of network and communications system threat. More worry about malicious network attacks and manmade disasters. Seventy-four of respondents say that viruses and worms are the biggest threat to business continuity. It is also the issue that 31 percent of IT executives say keeps them up at night. Manmade disasters, such as terrorist attacks, were named by 12 percent as an issue that keeps them up at night. Natural disasters were named by 18 percent of respondents.
Though business continuity plans are not a priority for all, 57 percent that value business continuity have updated their plans in the last 12 months, but only 41 percent have tested their plans.

Of those that are planning to implement business continuity technologies or services, 16 percent say they will establish redundant servers and backup sites and educate employees in the next 12 months. Ten percent say they will outsource their continuity needs to a service provider, which must be music to AT&T's ears.

AT&T surveyed 1000 IT managers users from companies with more than $10 million inrevenue, based in ten major US centres, in its tenth annual survey.