Business-continuity planning is an arduous task. Managing a business through a crisis is obviously difficult, but it's even harder when there's no strategy that guarantees recovery from operational difficulties. By no means does the problem or the solution rest entirely on IT's shoulders. According to InformationWeek Research's Business Continuity Planning Study, based on a survey fielded by PricewaterhouseCoopers, larger companies are championing three best practices that all companies ought to consider.

The vast majority of companies with $1 billion or more in annual revenue have undertaken the necessary processes to identify the risks that could threaten their operations and to map out viable solutions. In all, 83% of large companies have conducted risk analysis in the course of preparing their business-continuity plans. But such efforts are infrequent among companies that generate less revenue, leaving these businesses more susceptible to continuity problems. Twenty-seven percent of midsize and 39% of small companies haven't undertaken risk analysis when setting business-continuity policies.

One of the areas of greatest exposure concerns intellectual property. If disaster hits, 45% of small companies and 37% of midsize ones have no provisions to protect their intellectual property. Larger companies are more committed to safeguarding these valuable assets, perhaps because they have more to lose. Seventy-seven percent of large companies have included stipulations about the management of intellectual property in their business-continuity plans to ensure that intellectual property doesn't become a casualty of operational disasters.

Larger companies also are looking beyond internal operations to ensure that their reputation remains intact should operational breakdowns occur. Three in four companies with annual revenue of $1 billion or more are implementing public-relations business-continuity campaigns. Only half of small and 69% of midsize companies have taken such steps.

What will be your company's business-continuity focus next year? Let us know at the address below.

Helen D'Antoni
Research Manager
hdantoni@cmp.com

---

Outsourcers Locked Out

Even in these difficult times, when budget cuts and layoffs are common, companies continue to rely on service providers to achieve IT and business initiatives. Although partnering with outsourcers requires trust and the sharing of information for the relationship to prosper, companies appear averse to disclosing their business-continuity strategies with outside operational partners. Such reluctance exists regardless of a company's size. Among the businesses interviewed by InformationWeek Research, 82% of large companies, 86% of midsize companies, and 88% of small sites don't share business-continuity procedures with their service providers.

---

Selective Spending

Nearly all companies, regardless of size or industry, will increase their investments in business-continuity planning next year. But not every business believes supplementary spending is necessary. Larger companies are less apt to spend more, with 47% keeping next year’s continuity investment on par with that this year and 6% preparing to cut back—perhaps confident that current procedures are adequate to weather any continuity storm. Almost two in five midsize companies will maintain their continuity-spending course, while 4% intend to trim such expenditures in the coming 12 months. And 35% of small companies see no reason to change business-continuity spending in the new year, compared with 4% that intend to trim their investments.

---

Action Needed

Risk analysis is a crucial component to any business-continuity plan, according to PricewaterhouseCoopers. While it’s understandable that companies that haven’t yet documented their continuity procedures also are less likely to have conducted risk analysis, it’s a surprise when companies that have documented strategies fail to take the time to understand this critical information. But it happens: 16% of companies with highly detailed business-continuity plans and 26% of companies with partially detailed procedures don’t conduct risk or threat analysis when preparing their contingency plans.

---

Differing Perceptions

One-fourth of companies interviewed in InformationWeek Research’s business-continuity planning study found it necessary to tap their continuity plans during the past 12 months. Do business and IT executives concur about the severity of such incidents? Study results indicate a mixed view. Three-quarters of IT executives view the single worst instance as either somewhat or not very severe. Two-thirds of business executives feel the same way. Yet this perception gap is understandable. Most companies have instituted technology procedures to manage IT difficulties when operational problems arise. Personnel policies and facilities-management strategies in general are less detailed, making continuity incidents more severe in the eyes of business-unit executives.