[ISN] Disaster-Recovery Spending On The Rise

InfoSec News isn at c4i.org
Thu Aug 12 03:13:19 EDT 2004


By Steven Marlin and Martin J. Garvey
Aug. 9, 2004

Spending on business-continuity and disaster-recovery planning is
poised to grow following last week's terrorist threats against
financial-services firms.

Unlike other IT areas, where growth in spending by financial-services
institutions tends to be stable, business-continuity spending spikes
as a result of crises. In 2002, following the Sept. 11, 2001, attacks,
it jumped 19%, to $3.4 billion, according to research firm TowerGroup.  
This year, in response to last summer's blackout, spending is expected
to climb 12% to $4 billion. Following the latest threats, TowerGroup
expects financial firms' business-continuity spending to climb nearly
10% in each of the next three years, hitting $5.2 billion in 2007.

The financial-services industry swiftly responded to the elevation of
the terrorist-threat level last week, setting in motion a full-scale
crisis-management plan that's been refined since the Sept. 11 attacks.  
Hours before the latest threats against specific financial-services
buildings in New York, northern New Jersey, and Washington, D.C., were
made public on Aug. 1, the Department of Homeland Security notified
key financial-services industry representatives. That night, the
Financial Services Sector Coordinating Council for Critical
Infrastructure Protection and Homeland Security--the main coordinating
group between the industry and the government--held a conference call
with Treasury Department officials to review what was known about the
threat and decide what steps to take. Among those steps was the
implementation of added security around the named targets.

Earlier that day, BITS, a banking-industry group that has taken a lead
in formulating crisis-management plans, had arranged a conference call
among its own members to ensure business continuity and safety of
physical assets and personnel. Included on the call were senior
executives from the top 100 banks at just below the CEO level--vice
chairmen, CIOs, chief technology officers, and chief information
security officers.

The terror alert prompted banks to rev up backup and recovery sites.  
"A half-dozen customers put us on pending alert," says Jim Simmons,
CEO at SunGard Availability Services. "The large financial
institutions are well prepared. We're concerned with smaller

Since the 2001 attacks closed financial markets for a week, the
financial-services sector has taken numerous steps to bolster its
already strong business-continuity efforts in the event of a
large-scale disaster. Redundant systems, failover switching
capabilities, simulations, regular drills and exercises, geographic
distance between main and backup sites, and establishment of satellite
offices have been tested and retested over the years. "From a
back-office perspective, the financial-services industry is extremely
resilient," says TowerGroup analyst Virginia Garcia.

Still troubling, though, is the continued geographical concentration
of financial-services firms in New York--and terrorists' apparent
focus on disrupting financial markets. The headquarters for seven of
the top 20 investment-management firms and 14 of the top 20
securities-trading firms are located there, according to TowerGroup.  
While all these firms have established contingency plans to ensure
continued operations, the potential for another attack remains a
concern, Garcia says. In particular, she says, it's imperative that
senior execs continue to be part of business-continuity planning. Says
Garcia, "Whereas in other [IT] segments we see incremental increases
in spending year to year, in this market, if something big happens, it
gets the attention of high-level executives."

More information about the ISN mailing list