Effectiveness of DR plans questioned

Daily news headlines

LONDON – Although almost all UK companies back up their critical IT systems and data, more than a quarter of them still do not have a disaster recovery plan in place, according to the 2008 Information Security Breaches Survey (ISBS), which was carried out by a consortium led by PricewaterhouseCoopers on behalf of the Department for Business, Enterprise & Regulatory Reform (BERR).

The survey found that half of those that do have plans fail to test them and that 15% of companies do not take their backups off site. This is despite that fact that 92% of businesses now consider disaster recovery planning an important driver of their IT expenditure.

Some 68% of companies polled believe business continuity in a disaster situation is a very important driver of their information security expenditure, and a further 24% say it is important. Only 2% say it is not very important. And UK businesses are certainly improving their protection: 99% of UK companies back up their critical systems and data, with 86% doing this at least on a daily basis. Some 85% of all UK companies take their backups off site (up from 76% two years ago); 91% of large businesses take their backups off site. Seventy-two percent of all UK businesses have a disaster recovery plan in place, up from 58% two years ago. Of which, 91% of large companies have a disaster recovery plan.

However, there are still concerns about the effectiveness of these controls. The survey found that 28% of companies do not have a disaster recovery plan in place, almost half of the disaster recovery plans have not been tested in the past year, 10% of companies with a disaster recovery plan do not store backups off site, 31% have no contingency plan in place in case of a systems failure or data corruption incident and a further 10% found their contingency plan to be ineffective.

The south-west has now overtaken London as the region with the most disaster recovery plans in place (possibly as a result of last year’s floods), but fewer of these plans are tested than in other regions.

“It is encouraging to see that almost every UK business makes backups and the vast majority now take these backups off site. The risks are well understood; it does not take an incident to raise awareness,” said Chris Potter, a partner at PricewaterhouseCoopers who led the survey. “The number of companies with a disaster recovery plan has gone up. However, experience shows that plans are only effective if regularly tested. It is a concern that only half of plans have been tested in the past year.”

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe

You are currently unable to copy this content. Please contact info@risk.net to find out more.

Next-generation technologies and the future of trading

At a Risk.net webinar in association with capital markets technology provider Numerix, panellists discuss the potential for increased adoption of the public cloud to boost investment performance, its impact on risk management and overcoming barriers to…

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here