TradeArabia News Service
January 09, 2007
A survey released by the advisory practice of KPMG in the UAE shows that
73 per cent of UAE companies are either operating or implementing a
business continuity plan, driven by factors such as customer service,
compliance and safety issues, with 57 per cent naming regulatory issues
as a key concern.
However, the survey also shows that only 20 to 24 per cent of companies
have an enterprise-wide security or continuity plan in place, with up to
50 per cent of companies confining continuity plans to the IT department
and limited critical systems.
Too many companies are still assigning responsibility for continuity and
availability to the IT department, rather than taking a strategic and
enterprise wide approach to leveraging their investments in these
Only 12 per cent of UAE companies currently have these functions
reporting directly to the board, which is a common practice in leading
global companies with robust security and continuity strategies.
"Companies in the UAE need to take a holistic approach when investing in
their business continuity and information security programmes to ensure
that all areas of the business are covered, rather than addressing
issues on a case to case basis," said head of IT advisory practice for
KPMG in the UAE and Oman Rajeev Lalwani.
Results show that companies in the UAE need to rethink their security
and continuity policies to keep up with the growing international trend
to integrate security and continuity functions as part of a company's
overall risk management policy and strategic framework, through
implementing standards such as ISO 27001.
At present, 86 per cnet of the companies surveyed had not implemented a
global standard. Of those that did follow the standards, 21 per cent did
not cover the whole organisation.
Management has a responsibility to protect information assets and
preserve brand and shareholder value by ensuring the security of their
information and the continuity of their business, it said.
"Leading organisations leverage the strength of their information
security and business continuity programmes as one of the sources of
strategic and competitive advantage," said principal in the business
continuity practice of KPMG in the UK Will Brown.
Other noteworthy findings from the survey show a greater understanding
is required on the need for geographic dispersion of disaster recovery
Most companies surveyed have, or plan to have, secondary recovery sites
within the same city or location in which their business operates.
This leaves businesses vulnerable in the event of a major disaster in
that city or location. The survey also reveals that organisations
recognise people as one of their weakest links, it said.
"Processes are left vulnerable due to human error, negligence, lack of
awareness or even the lack of staff availability during a disruption.
Investment in business continuity appears to be constrained, with a
majority of firms spending in the lower end of the investment spectrum,"
Subscribe to InfoSec News