Corp America Not Fully Prepared For Biz Interruptions

By Robyn Greenspan

C-suite level executives give themselves barely passing grades when it comes to post-9/11 disaster plans, a joint Harris Interactive/SunGard Availability Services finds. The June 2003 survey of 52 top executives of Fortune 1000 companies revealed that while corporate America has made significant strides in information protection, significant vulnerabilities still exist.

The survey found that on average, executives give their companies a grade of "C+" when it comes to its ability to access business-critical information quickly after a disaster, believing it would take their organizations longer than an average business day to restore critical information systems.

Executives believe that their e-mail system would be the most quickly restored at 9.1 hours, followed by their order entry system at 9.2 hours. Customer relationship management (CRM) and financial management functions would take 10.8 hours each to restore, and the supply chain system would need 10.9 hours to revive. Critical enterprise resource planning (ERP) systems would need 11.1 hours to get up and running again.

"This length of interruption could be fatal for some companies that rely heavily on technology to run their businesses," said Jim Simmons, group chief executive officer of SunGard Availability Services.

Despite the lengthy downtime, 67 percent of the respondents indicated that their company is more prepared to access business-critical information in a disaster compared to pre-9/11, and 60 percent say that their company has a command team designated to handle information continuity operations from a remote location in the event of a disaster.

The survey revealed a high level of disaster awareness, as 71 percent of the respondents indicated that policies and procedures were discussed at executive-level meetings. The majority (62 percent) of the Fortune 1000 executives reported that their company has increased its budget allocated toward reducing the risk of a loss in information availability, while 36 percent have kept resources at the same level.

Additionally, 60 percent plan to increase spending in 2004 on improving systems that deal with information availability, while 37 percent plan to keep spending at the same level. On average, those who plan to increase spending expect an increase of 25.5 percent in 2004.

More than half (58 percent) of the respondents agree that company networks are the most vulnerable part of their information systems when it comes to a possible disaster or attack, and 44 percent consider a telecommunications breakdown to be the biggest threat to their information availability.

Few executives are concerned about other types of catastrophes that could impact their technological infrastructures. Natural disasters and computer hackers each concerned 15 percent of C-level execs, followed by power failures at 10 percent. Surprisingly, only 2 percent of the respondents indicated that a terrorist attack posed the biggest threat to their ability to access information systems without interruption.

"We have anecdotally known for some time that awareness surrounding the issue of information availability is migrating up the corporate chain of command to the C-level," said Simmons. "The Harris Poll confirms this but it also presents some alarming facts that indicate U.S. business still hasn't embraced all of the lessons from 9/11."