What have American businesses done since last September to improve their ability to deal with terrorism or other disasters? Judging from our survey of 337 executives on the aftermath of the Sept. 11 terrorist attacks, they have done a great deal. While spending on business continuity hasn't consistently increased, new companywide procedures have been put in place. After a year of planning in response to the threat of terrorism, the executives generally are well-prepared: A substantial majority is firm in the belief that their companies can continue critical business operations even after a catastrophic attack.
Many companies were affected by Sept. 11 in some way, and it has left them far more concerned about preparing for disasters46% of respondents still retain a strong sense of urgency, only a small drop from immediately after the attacks. While most IT execs still feel their companies' business continuity plans could be inadequate in the case of the most extreme possibilities, such as nuclear attacks or bioterrorism, most feel capable of handling cyberterrorism and other IT security breaches.
Companies have responded to Sept. 11 by reassessing their risk, drawing both IT and business executives into contingency planning and enforcing security procedures. Many firms have also taken steps to minimize risks by relocating, dispersing or distributing parts of their IT infrastructure, such as servers and storage. But these precautions usually do not include increased spending on business continuityin fact, a substantial percentage of the companies hardest hit by Sept. 11 have actually decreased spending.