Half of Companies Say a 24-hour IT Failure Would Threaten Their Survival

The severity of the threat from disruption to IT systems is one of several factors prompting companies to increase the attention they devote to risks associated with their operations. Among respondents to this survey, 75% say that they have increased the time and resources they dedicate to operational risk management, while 71% report a similar increase in the focus on business continuity programmes. When asked about the threats they saw as most significant in terms of their operational risk management, loss of data and human error were ranked most highly, cited by 36% and 35% of respondents respectively.

These results form part of Business resilience: Ensuring continuity in a volatile environment, a new Economist Intelligence Unit survey and report sponsored by ACE, IBM and KPMG. The report examines the range of threats that companies face and explores the variety of approaches that risk managers can take to increase overall business resilience.

“The results of the survey illustrate the degree to which companies now rely on their IT systems,” says Rob Mitchell, editor of the report, “as well as the devastating consequences that can ensue from even a short period of disruption. Discussions of business continuity often centre around catastrophic events, such as terrorist attack or pandemic outbreak, but our survey indicates that it is the more mundane and likely problems, such as power outage, human error and unplanned downtime that pose the gravest threat to organisations.”

Other key findings of the report include:

Information on risks is not fully communicated. Respondents are reasonably confident about the processes they use to identify risks and to ensure that the board is made aware of significant problems, with 61% saying that they conduct risk assessment successfully, and 52% giving themselves a similar rating for reporting on key risks to the board. Communicating on risk issues with employees, and with the extended enterprise (partners, suppliers and other organisations with whom the company has a key relationship), tends to be less successful, however. Only 31% of respondents say that they communicate successfully on operational risk issues with employees, and just 19% give themselves a similar rating for their communication with the extended enterprise.

Stakeholders pile on the pressure. Pressure to increase business resilience comes from a variety of external sources. When questioned about the influence that particular stakeholders have on business continuity decisions, 59% cited customers as being a significant source, 58% cited regulators and 50% cited investors.

Reputation is the biggest concern. Failure to put in place robust business continuity plans can have a variety of negative impacts, including loss of revenue and decline in shareholder value. But among respondents questioned for this survey, damage to reputation is seen as the biggest threat, with 43% of respondents saying that this is their main concern.

Small companies lag behind larger peers. Respondents from companies with annual revenue of less than US$500m are much less likely than larger companies to consider themselves successful at specific aspects of operational risk management. For example, just 18% consider themselves to be successful at actively testing business continuity plans, compared with 31% of companies with revenue in excess of US$1bn.

To view the full survey, titled " Business Resilience - Ensuring Continuity in a Volatile Environment," click here .