Conclusion 02: Concerns are Heightened
Predictably, companies are more worried about terrorists than they were before Sept. 11. They feel prepared for IT attacks, but not for nuclear terrorism and bioterrorism, risks that are least covered by insurance. The good news is that insurance coverage for such risks as natural disasters and security breaches is fairly comprehensive.
Just one IT executive in five re-ported that other company execs felt an extreme sense of urgency over being prepared for disasters before Sept. 11. That strong sense of urgency spiked immediately after the attacks to nearly three in five, and remains at 46% today.
CIOs worry most about direct threats to IT resources. External breaches and cyberterrorism are the top two concerns, cited by about a quarter of respondents each and followed by internal security breaches, at 15%. Bioterrorism, nuclear terrorism and non-nuclear attacks all generated muted responses, ranging from 11% to 6%.
CIOs are uncertain whether their business continuity plans are up to certain challenges, particularly nuclear terrorism (74%) and bioterrorism (59%). They feel better prepared for cyberterrorism and computer security breaches, though these are still concerns for about a third of respondents.
Insurance is most comprehensive for more common events such as natural disasters and external and internal security breaches (78%, 62% and 60%, respectively). IT assets are even better covered: 69% are covered for loss of IT hardware, and 61% for interruptions of data communications. But CIOs are most concerned that their insurance doesn't cover lost employee productivity, with only 25% believing they're adequately covered for such a loss.