Despite a year of record-breaking digital attacks, and global discord that bares chemical, biological, radiological, and nuclear threats, roughly half of worldwide businesses don’t have a complete disaster plan in place, according to mi2g.
The global digital risk management firm found that the number of attacks measured through May of 2003 surpassed all of those in 2002 — 87,903 compared to 87,525. The most attacks in one day were seen on May 4th 2003, when 2,576 overt attacks were waged, contributing to May’s record-breaking month of 22,077.
“The first five months of 2003 have seen an equivalent number of overt digital attacks to those recorded in the whole of 2002. At the present rate, 2003 is likely to cross 220,000 overt attacks for the whole year, nearly two and a half times the number for 2002,” said DK Matai, executive chairman, mi2g.
mi2g’s analysis reaches beyond digital infiltrations into more serious areas — chemical, biological, radiological, and nuclear disasters — and the company found that roughly one-third of the 40 key decision-makers they interviewed worked in organizations without complete business continuity and preparedness plans.
The survey, in conjunction with the Northwest Development Agency (NWDA) in the UK, the Association of Insurance and Risk Managers (AIRMIC), and the Asymmetric Threats Contingency Alliance (ATCA), queried the decision-makers about their Chemical, Biological, Radiological, Nuclear and Digital (CBRN-D) plans, and found that while 47 percent believed that their business was prepared, 29 percent responded negatively, 3 percent thought a partial plan was in place, and another 3 percent didn’t know.
More comforting was the fact that 62 percent of the respondents indicated that they had the ability to know where their staff, critical assets and systems are distributed across the globe at any given moment in time, but 18 percent did not.
One-quarter of the survey participants indicated that they did not have designated staff to take charge of recovery actions in the event of a CBRN-D attack, while 44 percent indicated that they did and they were adequately trained to understand the different responses necessary in the different types of disruptive challenges. Another 13 percent indicated that their company was partially prepared in this regard.
The survey also revealed that one-in-three organizations were incapable of mobilizing a backup supplier for continuing their business processes; and one-in-three organizations were either unaware or do not have proper insurance cover for a CBRN-D type disaster.
“Whilst we are pleased to note that about half of the decision makers surveyed perceive their organisations to be prepared for CBRN-D type threats, the other half clearly do not,” said Matai. “Many decision makers are not planning to do anything about this issue because they feel that either 9/11 was a one off or the government will step in immediately if a major incident takes place.”
Matai notes that either way, the shareholders of the affected businesses will demand to know what plans were in place in the event that workers’ compensation and business interruption induced liabilities damage operations and associated competitive advantage permanently.