Australian IT - Companies not ready for disasters

Australian IT - Companies not ready for disasters:

Kelly Mills
NOVEMBER 18, 2003

ALMOST two-thirds of Australian companies do not have an organisation-wide business continuity plan and more than a quarter do not know the cost to business of outages.

Despite increased terrorism risks, the SARS epidemic and natural disasters, many organisations throughout the Asia-Pacific still conduct business relatively unprepared for such events.

A KPMG study of 249 Asia-Pacific organisations found that along with poor business continuity management (BCM) processes, less than 40 per cent of organisations had a disaster recovery plan and less than 45 per cent had rudimentary protection in the area of crisis management.

Asia-Pacific organisations were 'groping around in the dark' building business continuity strategies based on general assumptions, rather than planning for more industry-specific threats, KPMG information risk management Asia-Pacific security partner Peter McNally said.

'They've got the right drivers, developing plans to a large extent around IT issues such as software and hardware failures, communications and power outages, but their perceptions are skewed,' Mr McNally said.

For example, 37 per cent of survey respondents believed their level of risk had increased as a result of terrorism, even though only 9 per cent had actually been, directly or indirectly, affected by terrorist activities."