C-Suite involvement in business continuity planning “growing”, but progress “still too slow”

New research conducted by Databarracks has found that senior leadership (ie CEOs, CFOs, managing directors and/or finance directors) are in charge of business continuity plans at 25% of UK organisations, which is up from 21% in 2015. IT is in charge of business continuity plans at 42% of organisations.

The findings are taken from Databarracks’ annual Data Health Check Survey, which questioned over 400 IT decision-makers in the UK on a series of critical issues relating to IT, security, disaster recovery and business continuity practices. From a business continuity planning perspective, key findings include the following:

*25% of respondents said IT directors are in charge of business continuity plans, down from 27% in 2015

*17% said IT managers are in charge, which is down from 22% in 2015

*IT involvement is decreasing gradually, but IT leaders are still by far the most likely to be in charge of business continuity plans

Peter Groucutt, managing director at Databarracks, said: “Business continuity is a consideration for leaders across the entire business, not just the IT Department. It’s fine for IT to be involved, but the overall direction should come from management in the wider business. This is the best way to ensure that business continuity plans are effectively implemented and embedded throughout the business. We’re seeing signs that more C-Suite executives and other business leaders are taking control, but the pace of change remains slow.”

Involvement in business continuity planning

Looking beyond just who is ultimately in charge of the plan to which roles are involved in business continuity planning, the heavy bias of IT Departments remains. 40% said IT managers are involved in this process, while 37% said the same for IT directors. CEO involvement is fairly strong at 25%, but only 10% said the CFO’s involved.

Groucutt added: “It’s important that a wide range of people – including IT leaders – are involved in writing business continuity plans. We’re still not seeing enough buy-in from the C-Suite. The largest companies generally have a business continuity manager (or even team) in place, but SMEs will not normally have a dedicated member of staff for business continuity. For those that don’t, business continuity tends to be pushed to IT, rather than being handled by senior management.”

Groucutt added: “IT is actually a very good department to be involved in business continuity planning. Technology is now central to all aspects of operations so IT understands the impact of interruption better than most. If IT is provided with sufficient resource, budget and support from the top levels of the business it will do a great job. In practice, it tends not to be a deliberate and considered choice. It’s ‘handed-off’ to IT to do as an addition to IT resilience and recovery, without any real appreciation of the additional workload and without the support to embed business continuity across the business. Like cyber security, risk and governance, business resilience is an issue that must be addressed at Board level.”

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts