Major shortcomings in companies' disaster protection measures

"If the most critical system - the business system, financial system or production system, for example - goes down, this can have very severe consequences for business operations. In many organisations, an hour's downtime can result in massive costs and damage to customer relations. The fact that listed companies and authorities have such poor disaster protection is irresponsible as far as shareholders and citizens are concerned. I wonder whether the management teams within these organisations are fully aware of the risks they are running," says Per Sedihn, CTO at Proact.

The survey shows that 56 per cent of authorities would need one day or more to restore their most critical systems in the event of a crash. Among listed companies, the corresponding figure was 34 per cent.

Furthermore, more than a third - 35 per cent - of organisations state that they do not have an updated disaster plan for their IT operations, or that they do not have a disaster plan at all. 38 per cent have a plan and also run regular disaster training exercises.

"An updated disaster plan is a fundamental requirement, just like having an evacuation plan in case there is a fire," says Per Sedihn.

"It is every bit as important to identify which systems, and which links between various systems, are most business-critical, and to evaluate the potential consequences of crashes. If a financial system goes down, how long can the situation prevail before the crash starts to affect business? For a bank, that time may be as little as a minute. The technical solutions for protecting systems and ensuring acceptable levels of downtime are then built up on the basis of the consequence analysis.

* The Storage Barometer was carried out in January 2010 through telephone interviews with 100 randomly selected authorities and listed companies in Sweden. The questions were put to heads of IT/IT managers. One-third of the organisations in the survey have 500 employees or more.