Information Age: News, analysis & insight for IT & business leaders

Demands on the sites’ infrastructure providers, such as telecommunications companies, are likely to be particularly high as numerous businesses compete to secure resources. “A request for additional lines? Forget it. So you’ve got to start thinking maybe about relocating somewhere else that no-one else has thought of,” says Clark.

Diversifying communications technology is also becoming an increasingly common means to manage this issue, with many organisations securing telecommunications services from more than one provider. As Collings reveals however, some organisations have learnt to their detriment that these providers often share the same hardware. “So knowing your infrastructure and knowing your vulnerability, knowing what you need and what you’re actually being given is crucial”, he stresses.

In response to some of these challenges, more and more major organisations are starting to permanently move their back offices and non-core IT operations to the suburbs, Acuity’s Keeling observes, or to outsource elements of them to places like Singapore, the Czech Republic and India. ABN AMRO, for example, has off-shored parts of its operations to India, says Yates, allowing the bank greater flexibility in response to a disruption.

Collateral damage

For the vast majority of lower-profile businesses however, and in particular small to medium enterprises (SMEs), terrorist activity is far less of a consideration. Such organisations are more likely to be impacted indirectly, as a victim of that dubious phrase, ‘collateral damage’.

A major disruption to an SME’s business operations is however likely to be disproportionately damaging in relation to its size, because SMEs often have fewer office locations and more concentrated IT infrastructure. Limited financial resources make it particularly costly for SMEs, many of which border on profitability in the first few years of existence, to secure adequate back-up and recovery solutions.

Data is often held on a single server in a single location, leaving organisations highly exposed. Minimising the downtime in the event of a major disruption to local power supplies, or an Internet service provider, therefore remains an ongoing continuity challenge for this segment of the business community.

In addition, says Henry Wilkinson, terrorism analyst at international firm Janusian Security, “when terrorists do attack they tend to like it to appear random and to target the greatest concentration of people.” This will often have a “knock-on” cumulative effect, he adds, which most commonly impedes the ability of staff to get to work.

“On the 7 July bombings, a lot of businesses in the area of those attacks found their people weren’t actually able to get to offices, sometimes for two days,” he recalls. This is again particularly damaging for SMEs which often have more ‘key’ staff members, but fewer individuals responsible for or able to run IT functions.

Despite the considerable financial damage that an indirect threat can inflict on small businesses, the SMEs remain significantly less well prepared for this than their larger counterparts. “The majority of big businesses have reasonably good continuity and recovery plans – they have to,” says Clark, while the SMEs “wing it.”

As IT becomes ever more pervasive in business, however, and the implications of failure grow correspondingly, the importance of business continuity provision to SMEs will become as acutely obvious as it is today to the largest organisations. As Yates observes of ABN AMRO, business continuity and resilience are no longer add-ons but “an integral part of how we work.”