[ISN] Small Biz Puts Protection Before Continuity In Survey
isn at c4i.org
Fri May 7 09:51:04 EDT 2004
By Tom Smith
Small Business Pipeline
May 05, 2004
Despite a recent history that includes terrorist attacks on American
soil, the resulting war against terror, and a flurry of virus
activity, most small businesses aren't concerned enough to develop
specific plans to keep their businesses up and running in the event of
a disaster. However, they do recognize the need to protect their data
and computer systems from natural disaster and hacker attacks.
A survey of 237 small business conducted by Small Business Pipeline in
April found that 73% have no written plan that defines a strategy for
responding to disaster. Of the 27% that do have such a plan, about 80%
actually review the plan on an annual basis with their employees.
Six of 10 have done no formal quantification of how much it would cost
their business if it was interrupted for any extended period of time.
Of that small percentage that have performed this financial analysis,
56% say they'd lose less than $10,000 per day. That result is perhaps
not too surprising, given that more than half of the survey
respondents have less than 10 employees. Another 27% have less than 50
employees and 16% have less than 100.
In a somewhat contradictory finding, the highest number of
respondents, 35%, ranked disaster recovery as about equally important
as other business functions such as customer service, technology
operations, finance and accounting, and so on. A full 34% said
disaster recovery is more important while 31% said it's less
important. Despite these findings, there's no apparent sense or
urgency to plan for disaster.
There was some good news: 56% of survey respondents do have a defined
sequence of steps to be followed if their physical location becomes
Z Technology, a manufacturer of test and measurement equipment for the
radio and television broadcast industry, appears to be fairly typical
of the survey respondents. The 10-person company has no formal
disaster-recovery plan, operations manager Dan Nicholas said. "I don't
think it's ever been thought about a whole lot," Nicholas added. "It's
not a conscious decision to not have one."
However, the survey found a strong, clear emphasis on data and systems
protection among small businesses. Those businesses are acutely aware
of the threat posed by viruses, hackers and system incursions. Of the
237 survey respondents, 88 or 37% say technology-driven threats
"viruses, hackers, security breaches" pose the greatest danger that
could interrupt the functioning of their business.
Other threats identified as the biggest concerns included disasters
such as fires or explosions, selected by 27% of respondents; natural
disasters such as weather and earthquakes, 26%; theft or loss of
intellectual property, 7%; and other areas such as terrorism and a
national emergency, 3%
FMSI Actuarial Concepts and Systems Inc. is indicative of the focus on
protecting data and systems among small business. The Deerfield, Ill.,
company's three employees hold themselves accountable for backing up
data from their workstations on a regular basis. Data gets backed up
to two separate Web-based systems maintained by different outsourcing
firms for an additional layer of protection. "If one is down, the
other is not down at the same time," explains Gerry Kopelman, a
While these backup procedures aren't explicitly defined, they are a
part of the company's way of doing business. "There are no formal
policies. It's just become our habit to do that. It's common sense,"
Like FMSI, respondents to the Small Business Pipeline survey appear
well-prepared to deal with threats that could impact their corporate
data. Three quarters of respondents say they have a specific medium or
plan for protecting data in the event of a business or technology
interruption. In a related finding, 62% of respondents say they have
defined policies to secure the data on individual employees'
Asked to identify their primary means of protecting data, 43% said
they back up data to an off-site facility they own or manage; 28% said
they back up data to servers or systems in the same office as primary
systems; 20% said they back up data to a third-party facility, and 9%
use another means.
Asked to rank technologies that are most important in preventing
business interruptions, the most respondents 40%, selected network
security products such as firewalls. Another 34% selected data backup
More information about the ISN