New research conducted by Databarracks has found that senior leadership (ie CEOs, CFOs, managing directors and/or finance directors) are in charge of business continuity plans at 25% of UK organisations, which is up from 21% in 2015. IT is in charge of business continuity plans at 42% of organisations.
The findings are taken from Databarracks’ annual Data Health Check Survey, which questioned over 400 IT decision-makers in the UK on a series of critical issues relating to IT, security, disaster recovery and business continuity practices. From a business continuity planning perspective, key findings include the following:
*25% of respondents said IT directors are in charge of business continuity plans, down from 27% in 2015
*17% said IT managers are in charge, which is down from 22% in 2015
*IT involvement is decreasing gradually, but IT leaders are still by far the most likely to be in charge of business continuity plans
Peter Groucutt, managing director at Databarracks, said: “Business continuity is a consideration for leaders across the entire business, not just the IT Department. It’s fine for IT to be involved, but the overall direction should come from management in the wider business. This is the best way to ensure that business continuity plans are effectively implemented and embedded throughout the business. We’re seeing signs that more C-Suite executives and other business leaders are taking control, but the pace of change remains slow.”
Involvement in business continuity planning
Looking beyond just who is ultimately in charge of the plan to which roles are involved in business continuity planning, the heavy bias of IT Departments remains. 40% said IT managers are involved in this process, while 37% said the same for IT directors. CEO involvement is fairly strong at 25%, but only 10% said the CFO’s involved.
Groucutt added: “It’s important that a wide range of people – including IT leaders – are involved in writing business continuity plans. We’re still not seeing enough buy-in from the C-Suite. The largest companies generally have a business continuity manager (or even team) in place, but SMEs will not normally have a dedicated member of staff for business continuity. For those that don’t, business continuity tends to be pushed to IT, rather than being handled by senior management.”
Groucutt added: “IT is actually a very good department to be involved in business continuity planning. Technology is now central to all aspects of operations so IT understands the impact of interruption better than most. If IT is provided with sufficient resource, budget and support from the top levels of the business it will do a great job. In practice, it tends not to be a deliberate and considered choice. It’s ‘handed-off’ to IT to do as an addition to IT resilience and recovery, without any real appreciation of the additional workload and without the support to embed business continuity across the business. Like cyber security, risk and governance, business resilience is an issue that must be addressed at Board level.”