Businesses don't differentiate between disaster recovery and business continuity and tend to prepare only for rare cataclysmic events like flood or fire. Companies shy away from preparing for far more likely events that could adversely affect the business, such as temporary loss of IT or failure of a key supplier, according to a recent survey of UK businesses. This attitude is particularly true amongst the SME community.

Also, businesses are complacent about threats such as terrorism, according to counter-terrorist consultancy TPS Consult, which claims to be the UK’s largest security and counter-terrorism consultancy.

These are some of the preliminary findings of the sixth annual business continuity awareness survey conducted by the Business Continuity Institute (BCI) and IMP Events, organiser of Business Continuity Expo 2005 and Technology for Compliance 2005.

Continuity issues affect all aspects of business. Voice and e-mail communication are vital elements to keep up and running. Loss of telecoms is seen as catastrophic to most companies; however, the research suggests there is too little thought given to planning against telecoms failure, given the impact that such an event might have on the business. Only 10 per cent of the respondents maintained any kind of off-site or third party backup.

Director of the Business Continuity expo Graeme Howe said, "Despite the high profile which business continuity and disaster recovery issues have in the media and industry today, these interim findings indicate that too many UK companies fail to have a clear overview of what business continuity actually means. It should be recognised that business continuity management must be part of the business planning process and shouldn't be retrospectively bolted on as an afterthought."

Companies tend to address issues departmentally; this research suggests that business continuity strategies are being developed in a fragmented way. By developing these strategies in isolation, companies are not seeing the whole picture.

Howe said, "The only way UK plc can achieve true business continuity management is by having one individual responsible at board level: the risk director. Without this role, or its outsourced equivalent, organisations will struggle to demonstrate the business continuity management that is increasingly expected by business partners throughout the trading environment."

BCI chairman Steve Mellish said, "If the final results concur with these preliminary findings it will demonstrate just how inadequate current business continuity plans are. Business continuity is increasingly becoming an invaluable management discipline, and these results reveal that a lot of work still needs to be done to get it on the Board's agenda and keep it there."

Terrorism
On the attitudes of UK business to terrorism threats that emerged from the survey, TPC Consult's Chris Bowes said, "There may well be a level of complacency already – there have not been any terrorist incidents in the UK recently to highlight the threat, although the train bombs in Spain last year did show that Western Europe is a target."

TPC said that, although thwarted in the UK to date, "it is accepted in security circles that it is only a matter of time before the terrorists are successful here". Bowes, a former police commissioner, said recently that there are over 200 identified suspects walking free in the UK.

The method of attack will most likely be a vehicle or suicide bomb, as these are the currently preferred options, according to TPC. The targets are numerous: recent activity suggests that infrastructure will be at the top of the list, such as road, rail and air links, or even water supplies, refineries or energy generation. The bombings of the HSBC and British Consulate in Turkey suggest that commercial targets are also a possibility, said TPC.

TPC highlighted the results which showed that 20 per cent of businesses do not have disaster recovery plans. Of those that do, 60 per cent do not test these plans regularly, and this with most companies interviewed ranking terrorism as one of the most significant threats to their businesses.

Methodology
Rosslyn Research undertook the survey with the aim of examining current attitudes to business continuity management via a statistically robust, qualitative programme backed up by in-depth interviews. The researchers interviewed 251 managers from businesses large, medium and small, and across all sectors of the UK economy in January and February 2005. The final results of the research were announced at this year's Business Continuity, the Risk Management Expo on 16-17 March 2005.