C-suite involvement in business continuity planning is growing in the UK
- Published: Tuesday, 01 October 2019 07:27
New research from Databarracks has found that senior leadership (CEO, CFO, MD or FD) are in charge of business continuity plans in 25 percent of UK organizations, up from 21 percent in 2015. IT is in charge of business continuity plans in 42 percent of organizations.
The findings were taken from Databarracks’ annual Data Health Check survey, which questioned over 400 IT decision-makers in the UK on a series of critical issues relating to IT, security, disaster recovery and business continuity practices.
From a business continuity planning perspective, key findings include:
- 25 percent of respondents said IT directors are in charge of BC plans, down from 27 per cent in 2015;
- 17 percent said IT managers are in charge, down from 22 percent in 2015;
- IT involvement is decreasing gradually, but IT leaders are still by far the most likely to be in charge of BC plans.
Peter Groucutt, Managing Director at Databarracks, said: “Business continuity is a consideration for leaders across the entire business, not just the IT department. It’s fine for IT to be involved, but the overall direction should come from management in the wider business. This is the best way to ensure that business continuity plans are effectively implemented and embedded throughout the business.
“We’re seeing signs that more C-suite executives and other business leaders are taking control, but the pace of change remains slow.”
Looking beyond who is ultimately in charge of the plan to which roles are involved in BC planning, the heavy bias of the IT department remains. 40 percent said IT managers are involved in this process, and 37 percent said the same for IT directors. CEO involvement is fairly strong at 25 percent, but only 10 per cent said the CFO is involved.
Groucutt added: “It’s important that a wide range of people – including IT leaders – are involved in writing BC plans. But we’re still not seeing enough buy-in from the C-suite. The largest companies generally have a business continuity manager (or even team) in place, but SMEs won’t normally have a dedicated member of staff for business continuity. For those that don’t, BC tends to be pushed to IT, rather than being handled by senior management.”
“IT is actually a very good department to be involved in business continuity planning. Technology is now central to all aspects of operations so IT understands the impact of interruption better than most. If IT is provided with sufficient resource, budget and support from the top levels of the business it will do a great job. In practice, it tends not to be a deliberate, considered choice. It’s handed-off to IT to do as an addition to IT resilience and recovery, without an appreciation of the additional workload and without the support to embed business continuity across the business.
“Like cyber security, risk and governance, business resilience is an issue that must be addressed at the board level.”