Friday, April 11th, 2008
During December 2007 and January 2008 Continuity Central conducted an online survey into business continuity budgets. 180 usable responses were received from around the world. 40.5 percent of respondents were from the United States, with 21.7 percent coming from the UK, 10.5 percent from Canada and 5 percent from Australia.
Overall it seems that business continuity budgets are holding up well despite the present gloomy economic climate in western countries. However, budgets seem to be more under pressure in the UK than in other countries.
Business continuity budgets in 2007 compared to 2006
A slim majority of budgets grew in 2007 in comparison to 2006, with 47.5 percent of respondents reporting that budgets were somewhat higher (30.5 percent) or much higher (17 percent). 44 percent of people said that their budgets were about the same and only 8.5 percent reported that they had reduced (7 percent of budgets were less in 2007 compared to 2006 and 1.5 percent were much less).
2008 spending
53 percent of respondents expected that their 2008 spending on business continuity would be higher (35.5 percent) or much higher (17.5 percent). However, significant regional differences could be seen, with 61 percent of US and 53 percent of Canadian organizations anticipating that they would spend more in 2008. On the other hand, only 35.5 percent of UK organizations expected to increase their business continuity spending in 2008.
Just 5 percent of US organizations expected to spend less on business continuity in 2008, compared with 15.5 percent of Canadian and 21.5 percent of UK organizations.
Overall 12 percent of respondents said that spending would be reduced in 2008, and 35 percent expected spending to remain the same as it was in 2007.
Budgetary planning
Only 55 percent of respondents’ organizations operate to a pre-defined business continuity budget.
Spending in the last financial year
Business continuity budgets are still relatively low compared to some other areas of organizational spending, with only 12 percent of respondents reporting that budgets were over £1 million / $2 million.
17 percent of respondents spent less than £25,000 / $50,000 in the past financial year.35 percent spent between £25,000 and £100,000 / $50,000 and $200,000; 13.5 percent spent between £100,001 and £250,000 / $200,001 and $500,000; and 22.5 percent spent between £250,001 and £1 million / $500,001 and $2 million.
Average budgets were higher in the UK than in the US, with the average UK organization that responded to the survey spending £605,925 on business continuity (approx $300,000) in the last financial year and the average US organization spending $640,000 (approximately £320,000).
A much more detailed write up of the results which appear in the next issue of the Business Continuity Journal, due out by the end of April. All respondents who left an email address will also receive a copy of the Journal write-up.
Posted in Business Continuity Management | No Comments »
Friday, April 11th, 2008
Article by James Ritchie, former principal auditor, Integralis - April 02 2008
Global companies face a significant cultural and legal challenge when dealing with security across international borders. Just as the European Union privacy regulation conflicts with United States laws, other regulations conflict between countries. It was once said that business is like a car traveling on a road to the business goals. The board of directors or senior management is the driver of the car. Management sets the speed, distance, and timing of when they reach their goals. How does information technology fit within that metaphor? Information technology would be the tires on the car that allow the management to drive on the road to those goals. Information technology must keep good tread on those tires, maintain appropriate air pressure for the road conditions, and reduce potential tire failures from both internal and external conditions.
Regulatory compliance and data security is a very big issue when dealing with information technology, that local, national, and international companies face daily. This includes every type of business (public and private), non-profit, and governments. Security incidents can be initiated by internal or external forces from anywhere in the world, a global concern. Global issues face both national and international businesses. Global economy boundaries have been muted in the past few years with the advent of the internet. Each country has created laws or regulatory requirements for the different industries. Treaties have been established between countries, under international law, to provide an agreement on particular subjects. When a company is global, this is compounded by each country their presence is located. Prosecution of data theft in the digital age is becoming prevalent.
When looking at legal and regulatory requirements, they have common thread to address issues stemming from fraud, theft, and malfeasance, from both internal and external threat actors, of a particular data set of information. These threat actors could be located anywhere in the world. Increasing data-breach reports have shown the gaps and holes in the security posture of a company. Criminal organizations are using these security shortfalls to gain sensitive information for profit. Senior management is being held responsible for the security of the data that is within their organization.
Recently, social scientists have studied the problem of compliance in international regulatory issues and international law. The empirical research1 has showed some key findings:
- Compliance is generally adhered to.
- The high level of compliance has been achieved with little attention to enforcement.
- For those compliance problems that do exist are best addressed as management rather than enforcement problems.
- Management rather than enforcement approach holds the key to the evolution of future regulatory cooperation in the international system.
To maintain a competitive edge, business has turned to information technologies to help management achieve their business goals. Computer systems are so entwined with the business process, the business could fail if the systems are compromised. This heavy reliance on information systems has forced companies to re-think about the little boxes that provide so much information to the company. READ MORE!
Posted in ISO 27001, Information Security | No Comments »
