New data reveals organisations lacked pandemic preparation in build-up to COVID-19, says Databarracks
Research highlights fundamental failure in Business Continuity Planning, but valuable lessons will be learned
New research from Databarracks has revealed two-thirds of organisations (66 per cent) had no plans in place for responding to an infectious disease pandemic before the COVID-19 outbreak. This is despite pandemic ranking highest in terms of impact and likelihood in the UK government’s National Risk Register of Civil Emergencies.
The findings were taken from Databarracks’ Data Health Check survey. The annual survey, which has been running since 2008, questions 400 IT decision-makers in the UK on a number of critical issues relating to security, Disaster Recovery and Business Continuity. Key findings include:
- 66 per cent of organisations did not have a plan in place for how they would respond to a pandemic
- This is despite 61 per cent of respondents having an up-to-date Business Continuity Plan
- 50 per cent of businesses have already lost revenue as a result of Coronavirus, and 43 per cent have reduced staff hours
Peter Groucutt, Managing Director at Databarracks, said: “For years, pandemics have been consistently at the top of both National and Community Risk Registers as the hazard with the highest potential impact and likelihood of occurring. However, our survey shows the COVID-19 outbreak caught the majority of UK businesses off guard, which represents a fundamental failure in Business Continuity (BC) and resilience planning.
“At its most simple, Business Continuity is about assessing your risks, considering how they would affect your organisation and then planning ways to mitigate the risks and minimise the impacts. This crisis has revealed a profound gap in that process for many organisations.”
Despite these difficulties, Groucutt believes that organisations can learn some valuable lessons from the crisis.
“Good Business Continuity shouldn’t be overly complex. In many ways it’s simply applying common sense at scale. There are reasons why organisations might neglect addressing particular risks like pandemics. Cognitive biases mean we focus more on the types of incidents that have happened to us recently rather than are most likely to occur. This is why we always recommend using National and Community Risk Registers in your planning. They won’t always be a perfect fit for you, but they serve as excellent sanity checks to make sure you aren’t missing something.
“The National Risk Register of Civil Emergencies included pandemic as a ‘Medium-High’ likelihood of ‘occurring in the next 5 years’. It even noted ‘In light of evidence from recent emerging infectious diseases such as Ebola and Zika, the likelihood of this risk has increased since 2015’. If more organisations had used these resources, there wouldn’t be such a gap in planning.
He added: “If we look at the organisation that had the best response, there are lots of lessons. Operating across multiple sites, having remote working in place, not being dependent on single suppliers and a diverse customer base all reduce your risk and improve your capability to continue.
Databarracks is the UK's specialist business continuity and IT disaster recovery provider. From the launch of the UK's first managed online backup services over 15 years ago, to our leading Disaster Recovery as a Service, we've been making enterprise-class continuity, security and resilience accessible for organisations of all sizes. For more information, please visit: www.databarracks.com
Christian Stevens /Sean Hand
Spreckley Partners Ltd
Tel: +44 (0) 207 388 9988