STAMFORD, Conn. – As war clouds gather and the worst is feared from hackers and attackers, are businesses, including credit unions, ready to handle the business and IT outages that could come with a severe calamity in the homeland? "Despite the possibility of war and terrorist activity, most U.S. companies are not capable of withstanding business and IT outages caused by a severe calamity." That's the blunt assessment by Dataquest Inc., a Gartner Inc. unit that conducted a Web survey of 205 respondents responsible for or knowledgeable about their organizations' business continuity and disaster-recovery planning. The Dataquest report also claims that one in three U.S. businesses would lose critical data or operational capability in such a scenario unless immediate steps are taken. The reason for the preparedness shortfall is perhaps not too surprising. It's about money. "IT managers are not investing appropriately in disaster plans because they do not have a budget to accomplish their needed readiness," says David Adams, principal analyst for Gartner Dataquest's IT Services Group. "Budget constraints are forcing an average of 40% of respondents to rely on a best guess to determine potential risk rather than obtaining formal assessments, which would be too costly," he says. Adams says the study also found that many organizations that do have a plan haven't committed the resources to implement it. He said 37% of the respondents who do have a disaster plan in place need more money to "get those plans to a satisfactory level." The analyst concludes that "more prioritized investments must be made to ensure that businesses can quickly regain productivity after a calamity. Preparation is key, and without adequate investment for protection of critical systems, the repercussions of disasters will be lengthier and more costly." That said, all is not lost, Adams says. "The good news is that businesses now more widely understand that they must prepare in advance to solve the complex logistical and personnel problems inherent in a disaster," the Gartner analyst concludes. "Responsible leaders will rely on preparatory investment to better the odds of surviving such a hit to their business." Adams also advises that such weighty responsibilities should not be borne by top management alone. "IT managers appear minimally involved with broader contingency planning, which is where worker-based and human needs of the disaster plan – including the ability to manage the human equation and other non-IT factors in an untoward situation – are taken into account," he says. "According to the survey results, IT managers are also not carefully evaluating each new corporate initiative for any broader impacts in the overall organizational disaster plan," he says. "The extended impacts of a disaster are likely to be overlooked in precisely these conditions." The Gartner Dataquest report advises small and mid-size organizations – a category that would include most credit unions – "that invest minimally in disaster planning resources, and that lack legal external regulation or industry peer review, to re-evaluate their business continuity and disaster recovery strategy to make sure their organizations really are prepared for the worst." ?

[email protected]