DISASTER -- a word heavy with resonance. When it is heard crackling across the airwaves, the world changes for everyone. People everywhere stop to think of their own loved ones.
But for others, an even greater fear looms -- not of mortality, but of paperwork. Have pity for the disaster recovery Gold Team Leaders.
For them, disaster means lots and lots and lots of forms. Small wonder, then, that disaster recovery, business continuity -- whatever you choose to call it -- was hidden away on the "unpopular" agenda for many years; and even smaller wonder that, in the last three years, it has shot back up to the top.
Paul Twitchett, branch manager at Opus Insurance in Bolton, says businesses must not underestimate the importance of planning.
"Each year, thousands of businesses suffer dire consequences following events associated with physical damage to persons or property. Unfortunately, statistics show that the majority fail to recover because companies have failed to prepare themselves for such an eventuality. It is vital that companies take steps to reduce the threat of disaster by implementing a disaster and business continuity plan and business interruption insurance.
"A disaster and business continuity plan outlines the course of action a company must take for both immediately after an emergency situation and then returning the business to normal trading with the minimum impact on sales and profitability."
But what are the most pertinent points of a recovery plan? And how can these points and issues be addressed in terms of insurance and IT? Types of plan vary from a full process instruction to a simple list of key staff and telephone numbers, but the basic principle is that the businesses should identify and list what their key resources are. Then they should be prioritised in order of importance to continuation, at which point a backup plan should be identified, creating "substitutes" for each process should the worst happen.
But even with the recovery plan formulated, the ability to apply the practice of disaster recovery to the particulars of insurance cover can remain a stumbling-block. The bottom line is that insurance is just that --insurance. A policy in itself will not serve as disaster recovery -- the two philosophies need to be merged.
The insurance policy involves two types of cover -- material damage and business interruption (BI). The latter often includes an element called "additional cost of working", which covers such costs as temporarily relocating the business, transporting staff, hotel bills, additional overtime payments and so on.
Without a business continuity plan, the BI claim can be substantial, as the enterprise haemorrhages revenue and customers. Often, such a business never recovers from this inability to "reboot" quickly enough. With an effective business continuity plan in place, the short-term additional cost of working may be increased, but the overall BI claim is considerably reduced -- and, most importantly, the business survives.
Once a plan is in place, it needs to be regularly updated and tested. If companies only have a business continuity plan in place to keep the regulators or the insurance companies happy, it would be more use as a doorstop. Regular testing will show up any faults and ensure that the plan to recover after any interruption actually works.
Of course, disaster recovery insurance today must deal with a lot more than simply bricks-and-mortar logistics. As companies become increasingly dependent on e-mail, the internet and the connectivity of computer systems, so the threat from hacking and viruses increases.
The Department of Trade and Industry's Information Security Breaches Survey 2002 identified that 44 per cent of UK businesses suffered at least one malicious IT security breach in the year surveyed. The average cost of a serious security incident was £30,000, and several businesses suffered incidents that cost more than £500,000. The survey also revealed that 56 per cent of UK businesses were not covered by any policy for damage arising from IT security breaches, and only 8 per cent had specific IT coverage.
A seperate study, carried out after the Manchester BT fire in March, revealed that only 34 per cent of local companies affected had a disaster recovery plan. 60 per cent said the fire had disrupted their network and telecommunications service and nearly 40 per cent said their e-mail, fax or internet-based services were affected. James Blessing, technical development manager at Zen Internet, said: "Results like these highlight the need for secure back up at a remote location."
The Bury-based Internet Service Provider (ISP), is launching a revamped, secure, remote server hosting product that will offer businesses a safety net when disaster strikes, by ensuring that it doesn't suffer any Internet downtime. Zen is offering a new facility, located at Telecity Manchester, that will provide a secure, reliable and resilient hosting environment for mission critical systems, combined with Zen's own high performance network connectivity and ongoing support.
"The increased hosting space on offer with Telecity Manchester includes guaranteed network and power resiliency with 100 per cent uptime, as well as a secure facility with CCTV, 24/7 manned security and support, and stringent access controls," added Mr Blessing.
Not surprising, then, that a new branch of insurance underwriting is starting to be noticed. Specialist agencies that concentrate entirely on insurance solutions for e-risks are filling the gaps that traditional policies don't cover. Many companies are only now starting to realise the implications of failing to look at technology cover in terms of disaster recovery, even though many are totally reliant on their systems.
Firms should be ensuring that their cover will pay for the costs of IT or forensic consultants torepair systems, restore data and get things up and running again.
In addition, if third parties hold the business responsible for their losses -- if they relied on the business's computer systems' uptime totrade -- then will the policy pay legal costs and damages awarded against the firm?
And bad things don't just happen in big buildings -- a recent survey by AXA found that more than 1.1million small and medium-sized enterprises (SMEs) might not be adequately protected against the impact of disasters.
Neil Mercier, Axa's commercial property manager, expressed his concern: "It seems that small businesses are ignoring these risks, or believe that their business insurance packages are sufficient. While that cover will help them to replace buildings and contents, it is much harder to recover from the damage to cashflow, reputation and customer relationships caused by business interruption."
There is a lot of evidence to suggest that insurance and planning is not being discussed properly in the SME market. Many small firms seem to hold the view that disaster recovery and associated cover are only for big companies -- when, in fact, if small firms aren't covered, it will hit them a lot harder. A business recovery plan doesn't need to be dozens of pages long. But insolvency proceedings can be.
Paul Twitchett of Opus looks to history for an apposite observation.
"Benjamin Franklin famously said: 'By failing to prepare you are preparing to fail.' This remains equally valid today and companies must plan for potentially devastating unforeseen events.
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules hereComments are closed on this article