Effectiveness of DR plans questioned

Victoria Pennington
04 Apr 2008

Tweet
Facebook
LinkedIn
Save this article
Send to
Print this page

LONDON – Although almost all UK companies back up their critical IT systems and data, more than a quarter of them still do not have a disaster recovery plan in place, according to the 2008 Information Security Breaches Survey (ISBS), which was carried out by a consortium led by PricewaterhouseCoopers on behalf of the Department for Business, Enterprise & Regulatory Reform (BERR).

The survey found that half of those that do have plans fail to test them and that 15% of companies do not take their backups off site. This is despite that fact that 92% of businesses now consider disaster recovery planning an important driver of their IT expenditure.

Some 68% of companies polled believe business continuity in a disaster situation is a very important driver of their information security expenditure, and a further 24% say it is important. Only 2% say it is not very important. And UK businesses are certainly improving their protection: 99% of UK companies back up their critical systems and data, with 86% doing this at least on a daily basis. Some 85% of all UK companies take their backups off site (up from 76% two years ago); 91% of large businesses take their backups off site. Seventy-two percent of all UK businesses have a disaster recovery plan in place, up from 58% two years ago. Of which, 91% of large companies have a disaster recovery plan.

However, there are still concerns about the effectiveness of these controls. The survey found that 28% of companies do not have a disaster recovery plan in place, almost half of the disaster recovery plans have not been tested in the past year, 10% of companies with a disaster recovery plan do not store backups off site, 31% have no contingency plan in place in case of a systems failure or data corruption incident and a further 10% found their contingency plan to be ineffective.

The south-west has now overtaken London as the region with the most disaster recovery plans in place (possibly as a result of last year’s floods), but fewer of these plans are tested than in other regions.

“It is encouraging to see that almost every UK business makes backups and the vast majority now take these backups off site. The risks are well understood; it does not take an incident to raise awareness,” said Chris Potter, a partner at PricewaterhouseCoopers who led the survey. “The number of companies with a disaster recovery plan has gone up. However, experience shows that plans are only effective if regularly tested. It is a concern that only half of plans have been tested in the past year.”

Tweet
Facebook
LinkedIn
Save this article
Send to
Print this page

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact [email protected] or view our subscription options here: http://subscriptions.risk.net/subscribe

You are currently unable to print this content. Please contact [email protected] to find out more.

You are currently unable to copy this content. Please contact [email protected] to find out more.

You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/

If you would like to purchase additional rights please email [email protected]

You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/

If you would like to purchase additional rights please email [email protected]

You are currently on corporate access.