Regional businesses not prepared for disaster says study
Almost 70% of Middle East businesses lack robust disaster recovery and business continuity programmes
Nearly 70% of all businesses in the Middle East do not have proper disaster recovery or business continuity management (BCM) programmes in place, according to a new study.
The survey, which was conducted by eHosting DataFort and the BCM Institute, found that while 76% of organisations are at some stage in the process of implementing BCM, only 19% have had robust programmes in place for several years, with a further 17% only recently completing plans. Around 24% of organisations had no plans to implement BCM.
According to Yasser Zeineldin, CEO of eHosting Datafort, the survey showed a "reasonable level of awareness of BCM among a number of organizations, but of concern if the lack of full plans and full practices in place".
Zeineldin said that the survey was intended to both give an insight into the preparedness of companies in the region for BCM, and also to raise awareness of the need for full BCM planning and highlight the resources available to tackle the problem.
The survey covered 75 organisations in region, from the GCC and Jordan and Egypt, in vertical sectors including finance, IT, retail, energy, utilities, media and manufacturing.
A large number of respondents had at least one member of staff with a BCM certification, at 68%, while 60% had a full time or part time BCM head. However, testing of crisis management plans was low, with only 7% testing plans once every three months. 97% of respondents also felt that they could improve business continuity plans.
The average number of disruptions suffered by respondents was 3.77 per year, with an average annual loss of $4.5 million. The leading cause of significant business disruption was IT and network failures, responsible for 45% of incidents, followed by power failure which accounted for 20% of incidents and 11% man made disruptions including theft, hacking and poor decision making.
Perceived risk of threats put the emphasis on IT failure (74%), communication and network failure (59%), power outage (47%), fire (44%) and computer hacking and natural disasters both on 21%.
Dhiraj Lal, country manager for BCM Institute for India and Middle East region commented: "It is alarming to see so many organisations in the region without a concrete BCM program in place despite recent incidents that have caused multi-billion dollar losses. The findings from the report are strong indications that business in the region need to consider unforeseen events with a view to minimize organisational risks."
Lal said that while companies in the region were slow to adopt proper BCM, the inclusion of BCM requirements in the Dubai Strategic Plan showed that governments are taking the lead in the region to improve standards.
1484 days ago
Although, I am not disputing the statistics. However, arriving and deriving after a survey is not really true. Business, Intelligence and espionage is much bigger and challenging industry than the state intelligence. Today the geographical boundaries and wars are broken down in most of the parts of the world and have been redrawn around corporations. Here, the enemy is totally unpredictable, your own family, community, state or any other friendly person can be your rival. In such a situation, any survey done can seldom be authentic. I have participated in many such surveys by independent organization, internal audits, external audits etc., and to all of them I have lied to them the actual capability so as to misdirect falsify information leaked to competition. I am under various agreements not to reveal them to them but, to only key people in the organization. Hence, I do not believe the survey is a true picture. And in their survey if they did not take such organizations then the sampling methodology to arrive such conclusion is incorrect because, the ones which participated in the survey and did speak openly about their existing setup can hardly be affected by such a disaster. Also, the calculated losses are not real, the economy has in $ terms has done a bigger loss than the perceived threats. BCM even in the biggest organization around the world failed to have check on them. Middle East ratio of the business in $ to that of Risk is much better than the ones shown in destructed economies. However, that does not mean the future threats are to be viewed in a diluted form. All, I am just saying is that there is a limitation on which what any regulation can do because, in business and in political life it is practically impossible to enforce or implement it fully. The regulations always has to take this matter into consideration.