One in four firms has no disaster plan, says PwC


Despite the fact that 92% of companies surveyed on behalf of the Government believe that disaster recovery is "an important driver" of their IT spending, over half have no plan or an untested plan.

"The number of companies with a disaster recovery plan has gone up," said Chris Potter of PwC, which carried out the survey for the Department of Business, Enterprise & Regulatory Reform.

"However, experience shows that plans are only effective if regularly tested. It is a concern that only half of plans have been tested in the last year," said Potter.

Though the research found out that 99% of companies back up their data and 86% do so daily, it also found that 15% of companies stored their backups on the same site as the original systems.

The results are part of the 2008 Information Security Breaches Survey (ISBS), whose full findings will be published at Infosecurity Europe in London on 22–24 April.

The survey found that 31% of companies had no contingency plan in case of systems failure or data corruption, and that 10% of companies found the contingency plan they did have to be ineffective.

Martin Sadler, director of Hewlett-Packard's Systems Security Lab at HP Labs Bristol, which was one of the organisations which put the survey together, said that disaster recovery systems were vital now because almost all businesses are heavily data-dependent.

“There has been an explosion of information within businesses," said Sadler.

"Acquiring, analysing and delivering the right information to people so they can act on it is a major challenge for companies.

The volume of data, and companies’ dependence on it, pose significant backup challenges for them."

Though Sadler said that one in five large firms now stores data off site, he said that this practice also posed dangers.

“Taking backups off-site poses its own security risks," he said.

"Historically, backups have tended to be unencrypted to minimise the effort to restore data.

More companies are now considering whether they ought to be encrypting their backups.”