• silicon.com
• Management
• CIO Insights

By editorial@silicon.com, 12 March 2002 17:05

COMMENT Only 53 per cent of UK companies have business continuity plans in place. Only half of those have ever been tested. Looked at in a different light, that means only a rather pathetic one quarter (roughly speaking) of businesses have any idea whether they'd survive a major security breach. Ernst & Young looks at this issue every year, with the research consistently revealing security simply isn't seen as a key business issue. It never has been and - despite the hype, the hacks, the viruses and certain terrorist-led disasters proving the need for business continuity - it looks like it never will be. But how can it be anything but a hugely important part of a company's strategy? Ernst & Young's survey shows security is consigned to the IT ghetto. Any spend devoted to it comes out of the IT budget. It is not discussed at board level. Ergo, it is not given the treatment it deserves. And why is that? Well, for fear of sounding like a broken record, IT still isn't represented on the board of most companies. Just this week, silicon.com interviewed David Rippon, the technology chief of Landsecurities and head of IT directors' group Elite (http://www.silicon.com/a51924 ). He put some of the blame for this lack of representation on the inability of his peers to raise their profile within businesses. He said: "[They need to develop] closer relationships with the people who run and manage the business so that they turn to you naturally for advice. And when they turn to you for advice, you can express that advice in a non-technical way that draws on experiences inside and outside your organisation." Easier said than done. But if you're struggling to be heard by a CEO who thinks security should remain in the IT ghetto (if not ignored altogether), try sending him or her an email. Avoid techno-babble. Keep it simple. Try a subject line like "We're about to go out of business," and add: "You do know that we'd never recover if we were hit by a virus attack/flood/power cut/11 September-style attack, don't you?" That might get their attention. If not, you'll have to resort to that old favourite security policy: keeping your fingers crossed.