London, UK, April 11, 2008 - Last week’s Business Continuity Expo– the definitive event for risk, resilience and recovery finished on a high note with 6% increase in numbers of visitors attending. The conference & exhibition attracted 2457 visitors (pre- ABC audit) from top level positions across a wide range of industries including local government, the forces, pharmaceutical, finance, telecoms and aerospace. The majority of these being directly responsible for their companies risk management and business continuity plans.
As a result of the high calibre and purchasing power of visitors, the exhibitors were delighted with the event, with many of them already re-booking for the 2009 event.
The on-floor seminars were especially popular this year, with standing room only in almost every session. The seminars gave visitors the opportunity to pick up the advice of other business continuity professionals and learn about the most cutting edge solutions and technologies available. One senior executive from a major retailer said “I scheduled my visit so that I could meet with the companies that I knew had the solutions I was looking for, but I also made the time to attend 4 of the sessions which turned out to be well worth the time and effort as they were incredibly informative and beneficial.”
The Conference, which runs alongside the exhibition also attracted a wide range of high level delegates and speakers drawn not only from the UK but also across Europe. The panel discussions were particularly well attended, and included speakers such as Bruce Mann CB, Director of Civil Contingencies Secretariat with Gerald Corbett, Chairman, SSL International and Brett Lovegrove, Head of Counter Terrorism, City of London Police, Stephan Shakespeare, CIO and Co-founder, YouGov and Gary Locker, Permanent Liaison, ACPO and The Cabinet Office. Of special interest were the end-user sessions which included speakers such as: Colin Clark, Head of Corporate Business Control, Somerfield Supermarkets and Jeremy Quick, Deputy Governor, Guernsey Financial Regulator.
Anna Campagnoli – Event Director for Business Continuity Expo said, “A few years ago the Business Continuity Manager was an almost unknown entity, the title just didn’t exist. However, at this year’s event we saw almost 1500 visitors with this title, from some of the largest companies in the UK, which shows it is very much a thriving profession. Judging by the attendance levels in the 50+ seminars, there is clearly a real thirst for knowledge and we were glad that the combination of seminars and cutting edge products and solutions created an ideal event for them.”
The exhibitor’s response shows that it was one of the best shows ever:
Richard Leyland – Marketing Manager – Stratus Technologies
"It’s been brilliant as far as attendance numbers. We've been surprised by the seniority of the visitors and delegates. We've already signed up for next year."
Continuity Shop – Geoff Howard – CEO
“BC Expo brings us more revenue than any other single marketing exercise that we do. At a conservative estimation 40% of our sales comes from business generated at the show.”
Piper Shields – SunGuard
“There have been twenty five SunGuard people working on a shift basis and they've all been busy all the time. Quality and calibre of visitor has been higher than ever before – no time wasters, everyone is looking to have a sensible business discussion.”
Stephen Teare – Head of Telemarketing – MTI
“It's been absolutely cracking – in the first day we had 154 fantastic leads in the 1st day. As an event that we've never considered before we have been absolutely amazed at the people who have come to our stand that they all have had a need for BC, whether it be back-up & recovery, disaster recovery or compliance issues, they all realised they have to do something now. We’ve even met with CEO's from financial services companies and mostly high level BC managers. 12 months ago they just didn't exist in these numbers.”
Lorraine Darke – BCI
“BC Expo has been a great success for the BCI this year. We have been very pleased to receive positive reaction to recent developments and changes such as BCI certification and the introduction of the first in the series of our training DVDs. We look forward to BC Expo 2009.”
David Teed -Teed Businesss Continuity
“This is our third year and it’s been our best year ever.”
Terry Hewett -Easy2Solve/RU Secure:
“An amazing amount of interest, absolutely phenomenal, completely knocked out on Wednesday with such a great turn out we nearly ran out of brochures! We will be returning next year to continue receiving top grade results!”
Next year’s event will take place in March 2009 at London’s Excel.
For further information please visit www.businesscontinuityexpo.co.uk.
THREE QUARTERS OF ORGANISATIONS THINK APPLICATIONS CAN BE EXPLOITED BY CRIMINALS
London, UK 9th April 2008 - A survey by Infosecurity Europe of 757 organisations has found that 75% think their applications contain security holes that can be exploited by criminals. Further, interviews conducted by Infosecurity Europe with a panel of 20 Chief Security Officers (CSOs) of large enterprises on the topic revealed that they are very concerned about the security of application code. They were especially concerned about the work carried out by developers working on mission critical web applications outsourced to third parties. Many of them said that they would welcome an initiative to raise awareness of security amongst the developer community and change their behaviour to make secure software applications a priority.
According to Professor Howard A. Schmidt, Director, Fortify Software and former Cyber Security Adviser to the White House, "this figure of three quarters of organisations having security holes based on application vulnerabilities, while dramatic, is unfortunately not that surprising. When organisations develop applications, quality is one of the highest priorities but security vulnerabilities are seldom recognized or fixed. Priority is often given to delivering application features and business benefits without the understanding of fundamental coding errors that lead to security issues. Cybercriminals are targeting applications to steal money and information, and they know all too well how to exploit vulnerabilities not only in commercial software but are also very adept in finding security holes in applications that are developed "in house". Business leaders need to set in place business software assurance processes including development practices designed to ensure that their applications are secure to protect the data of citizens, customers and shareholders from the new wave of threats from cybercriminals."
At Infosecurity Europe 2008 the subject of cybercrime and application security will be covered in a number of keynotes and seminars. In the interactive theatre, Fortify Software will present their new documentary, “The New Face of Cybercrime”. Visitors can be among the first to watch this groundbreaking feature. Directed by Academy Award®-nominated filmmaker Frederic Golding, it highlights the impact cybercrime has on consumers and businesses, and is tipped to win awards at independent film festivals this year. The film will be followed by an interactive panel debate led by Professor Schmidt, who also sits on Fortify Software’s Board of Directors.
The main focus of the film is to emphasis that the criminal, as well as the crime, has evolved. Where hackers were once young nerds who did it for fun or experimentation, now e-crime is the domain of organised gangs, often from Eastern Europe or China, who simply want to make money. Gone is any desire to embarrass website owners or just cause mindless e-vandalism. It's no longer an ego boost or a method of earning bragging rights. It’s just about the cash. Their main targets are ecommerce web sites and the customer databases behind them. Databases that hold credit card numbers, expiry dates, PINs, addresses, and everything else that’s needed to empty a victim’s bank account. In many cases, the data isn’t used directly by the hackers, but is sold to other gangs.
“Today's cybercriminals are highly sophisticated”, says Richard Kirk, VP EMEA for Fortify. “Their technical expertise is extremely good, as is their knowledge of the systems they're trying to break into. They know the thresholds at which an online ordering system will seek additional verification of a customer's identity, and take care to stay below it when placing fake orders. They also have at their disposal the resources of large organised crime gangs who are fully aware that the world's police forces are woefully under-resourced for tracking down internet fraudsters. In the panel debate we will discuss the solutions to the problem of cyber-crime and application security.”
Claire Sellick, Event Director, Infosecurity Europe said, “The internet is here to stay, as is internet crime. With the relentless move online by all sorts of business and government agencies, e-crime will continue to evolve. As more coffee shops and libraries offer free, anonymous WiFi access, tracking down cybercriminals will get harder. So as hackers evolve, so must your efforts to defeat them.”
Infosecurity Europe is the number one event dedicated to information security. With over 300 exhibitors, the event is the most comprehensive showcase for the most diverse range of new and innovative products and services from the World's top information security experts and vendors. The event enables security professionals and business managers to establish a commercial justification for information security, refine their security policies and select the most appropriate solutions to support their security strategy in order to safeguard their company's reputation and assets. Over 11,000 visitors are expected to attend this year's event with many travelling from overseas to participate in the FREE education programme that addresses both strategic and technical issues. It draws on the skills and experience of senior end users, technical experts and real world case studies. Infosecurity Europe takes place at the Grand Hall, Olympia, London from 24th to 26th April 2007.
To register to attend or for more information please visit www.infosec.co.uk
According to Professor Howard A. Schmidt, Director, Fortify Software and former Cyber Security Adviser to the White House, "this figure of three quarters of organisations having security holes based on application vulnerabilities, while dramatic, is unfortunately not that surprising. When organisations develop applications, quality is one of the highest priorities but security vulnerabilities are seldom recognized or fixed. Priority is often given to delivering application features and business benefits without the understanding of fundamental coding errors that lead to security issues. Cybercriminals are targeting applications to steal money and information, and they know all too well how to exploit vulnerabilities not only in commercial software but are also very adept in finding security holes in applications that are developed "in house". Business leaders need to set in place business software assurance processes including development practices designed to ensure that their applications are secure to protect the data of citizens, customers and shareholders from the new wave of threats from cybercriminals."
At Infosecurity Europe 2008 the subject of cybercrime and application security will be covered in a number of keynotes and seminars. In the interactive theatre, Fortify Software will present their new documentary, “The New Face of Cybercrime”. Visitors can be among the first to watch this groundbreaking feature. Directed by Academy Award®-nominated filmmaker Frederic Golding, it highlights the impact cybercrime has on consumers and businesses, and is tipped to win awards at independent film festivals this year. The film will be followed by an interactive panel debate led by Professor Schmidt, who also sits on Fortify Software’s Board of Directors.
The main focus of the film is to emphasis that the criminal, as well as the crime, has evolved. Where hackers were once young nerds who did it for fun or experimentation, now e-crime is the domain of organised gangs, often from Eastern Europe or China, who simply want to make money. Gone is any desire to embarrass website owners or just cause mindless e-vandalism. It's no longer an ego boost or a method of earning bragging rights. It’s just about the cash. Their main targets are ecommerce web sites and the customer databases behind them. Databases that hold credit card numbers, expiry dates, PINs, addresses, and everything else that’s needed to empty a victim’s bank account. In many cases, the data isn’t used directly by the hackers, but is sold to other gangs.
“Today's cybercriminals are highly sophisticated”, says Richard Kirk, VP EMEA for Fortify. “Their technical expertise is extremely good, as is their knowledge of the systems they're trying to break into. They know the thresholds at which an online ordering system will seek additional verification of a customer's identity, and take care to stay below it when placing fake orders. They also have at their disposal the resources of large organised crime gangs who are fully aware that the world's police forces are woefully under-resourced for tracking down internet fraudsters. In the panel debate we will discuss the solutions to the problem of cyber-crime and application security.”
Claire Sellick, Event Director, Infosecurity Europe said, “The internet is here to stay, as is internet crime. With the relentless move online by all sorts of business and government agencies, e-crime will continue to evolve. As more coffee shops and libraries offer free, anonymous WiFi access, tracking down cybercriminals will get harder. So as hackers evolve, so must your efforts to defeat them.”
Infosecurity Europe is the number one event dedicated to information security. With over 300 exhibitors, the event is the most comprehensive showcase for the most diverse range of new and innovative products and services from the World's top information security experts and vendors. The event enables security professionals and business managers to establish a commercial justification for information security, refine their security policies and select the most appropriate solutions to support their security strategy in order to safeguard their company's reputation and assets. Over 11,000 visitors are expected to attend this year's event with many travelling from overseas to participate in the FREE education programme that addresses both strategic and technical issues. It draws on the skills and experience of senior end users, technical experts and real world case studies. Infosecurity Europe takes place at the Grand Hall, Olympia, London from 24th to 26th April 2007.
To register to attend or for more information please visit www.infosec.co.uk
Finjan Identifies the Latest Cybercrime Business Model – Crimeware-as-a-Service
In its Q1 2008 Web Security Trends Report, Finjan signals Crimeware-as-a-Service as the latest development in the ongoing commercialization of cybercrime
Farnborough, United Kingdom, 7th April 2008
Finjan Inc., a leader in secure web gateway products, today announced important findings by its Malicious Code Research Center (MCRC) identifying and analyzing the latest trends in the ongoing commercialization of cybercrime.
Criminals have started to use online cybercrime services instead of having to deal themselves with the technical challenges of running their own Crimeware server, installing Crimeware toolkits or compromising legitimate websites.
“Currently, we see the rise of the Crimeware-as-a-Service (CaaS) business model in the Crimeware-toolkit market. Cybercriminals and criminal organizations are getting better and better at protecting themselves from law enforcement by using the Crimeware services, especially since the operator does not necessarily conduct the criminal activities related to the data that is being compromised but only provides the infrastructure for it,” said Yuval Ben-Itzhak, CTO of Finjan.
As with mainstream software providers, the creators and owners of these Crimeware toolkits provide their customer base with update mechanisms while tooling them with sophisticated, anti-forensic attack techniques, as well as the ability to manage and monitor malicious code affiliation networks. It enables a new level of Crimeware availability by supplying anyone willing to purchase an easy-to-use Crimeware toolkit.
During 2007, Finjan’s MCRC covered the trend of new Crimeware that purely focuses on financial gain, as well as the way it works to get revenue out of each infection. In this report, MCRC shows how the delivery and distribution of malware have been upgraded to deliver a different type of malware to different geographical regions.
“Cybercriminals can now generate more targeted infections and deliver specialized Crimeware for specific geographical regions,” Ben-Itzhak said. “Our report illustrates how these criminals are employing marketing and sales techniques to address the cybercrime economy and ensure that the market they are after gets the proper “product” localized for it.”
Finjan foresees the next phase in the commercialization process as creating a service for getting straight to stolen data by providing the victim data tailored to the criminal intent. Having such a service eliminates the need for attackers to even have to log-in to manage an attacker profile on a Crimeware-toolkit platform.
Concludes Ben-Itzhak: “The trends described in this report confirm that the security industry and law enforcement agencies should take an innovative approach in handling these Crimeware commercialization threats. Cybercriminals continue to adapt legitimate technologies and business models to support their criminal activities.”
.
Outsource your code & you're more likely to be hacked
More than 60% of companies overlook mandating security when outsourcing
London (UK); 7 April 2008 – In a new report released by European information technology analysis group, Quocirca, organisations that admitted to being frequently hacked, all outsource at least some of their coding practice, with 90 percent outsourcing more than 40 percent! With this in mind the hacker’s future looks rosy as outsourcing applications is on the up, with 78 percent of organisations that say software development is business critical for them choosing to outsource their vital applications. But security is being left out in the cold—with companies failing to build security in when they outsource the development of their critical applications, according to a report released today by Quocirca and supported by Fortify Software.
The survey has found that over 60% of companies that outsource the coding of their critical applications do not mandate that security must be built into the applications. In fact, the study has uncovered the chilling statistic that 20 percent of UK companies do not even consider security when building their applications—thus potentially leaving a great big stable door open to the hacking community. Yet outsourcing is very much on the up.
The report which was carried out amongst 250 C level executives and IT Directors from mainly 1000+ employee sized corporations from the UK, US and Germany, reveals that outsourcing of code development is widespread—and growing in importance. From this study of the organisations stating that software code development is business critical or important to them, 50 percent outsource more than 40 percent of their code development needs.
Statistics already show that the software application layer is where most hackers are accessing critical data. According to NIST (National Institute of Standards and Technology), 92 percent of vulnerabilities affecting computer networks are contained in software applications. As organisations increasingly look to outsource application development, more components of software applications are being developed outside of their direct control.
An organisation that has not developed the code itself can never be absolutely certain that it is secure. However strong a relationship with a third-party developer, or watertight the service-level agreements in place, a rogue developer can place vulnerabilities in the code that they develop—for example, by placing a backdoor in software that can be used to infiltrate a network in the future. This is something TS Ameritrade found out to its cost when it was forced to disclose in 2007 that personal details regarding 6.3 million customers had been leaked through a vulnerability caused by a backdoor created by an outsourced programmer.
Howard Schmidt, Member of Fortify Software Board of Directors and previously Cyber Security Advisor for the White House said: “These survey results help explain the recent, sudden rise in data breaches and should serve as a wake-up call to any executive whose company sits on a pile of mission-critical application code. “
In the report, financial services companies are identified as the most likely to outsource their code development needs and therefore could be putting themselves at serious risk, with 72 percent reporting that they outsource more than 40 percent. Disturbingly, 84 percent of these organisations report that code development is business critical or important.
Public sector organisations are also big outsourcers, with 55 percent outsourcing over 40 percent of their code development. Also, 64 percent stating code development is only of moderate importance to them.
At the other end of the scale are utility companies—the highest of all the industries to cite software development as business critical or important at 90%, however just 7 percent outsource more that 8 percent of code development.
Fran Howarth, Principal Analyst at Quocirca and author of the report said: “The findings of this report indicate that not enough is being done by organisations to build security into the applications on which their businesses rely. Not only that, but they are entrusting large parts of their application development needs to third parties. This creates an even greater onus for organisations to thoroughly test all code generated for applications—without which they could be playing into the hands of hackers.”
The fact that software applications contain flaws that can be exploited by hackers is nothing new. That organisations are increasingly reliant on bespoke applications to maintain a competitive edge, and are outsourcing a significant proportion of the coding for these applications to third parties, is an alarming trend. That said, German organisations are better at building in security than both their UK and US counterparts. As electronic crime continues to increase, organisations are under pressure to be seen to be more proactive about IT security. This is not only something that makes common sense but also is increasingly a requirement being placed on organisations across a wide range of industries by governments and industry regulators.
Fortify, who are advocates of Business Software Assurance, a holistic approach to protecting corporate digital assets at the most fundamental level, recommend that if a company outsource the development of critical applications, they should follow these guidelines:
- Work with the outsourced vendor to fully understand what processes and procedures are in place to assure software security.
- Review contract language and procurement procedures so outsourcers assume liability for software vulnerabilities
- Make sure outsourcers are applying testing and assurance technologies on all code developed offsite.
Other key findings in this study are:
- Exposure to Web 2.0 technologies—among the least understood, but considered to be among the most insecure technologies—is high, but many manage their use through policies alone
- Organisations are exposing their applications to new security threats through use of a Service Oriented Architectures SOA
- Data protection is the key driver behind application security for the vast majority
- Using automated tools for building security into the software development lifecycle translates to lower overall spend on IT security
The information in the report is based on a survey of 250 IT directors, senior IT managers and C-level executives in Germany, the UK and the US. It was completed in December 2007 and January 2008. Those surveyed included organisations from 1,000 employees up to large multinationals within a wide range of industrial sectors.
Report can be downloaded here: www.fortify.com/quocirca
Fortify is offering security professionals the opportunity to benchmark their security practices against industry averages. This survey is available at:
http://www.nkv5.com/fortifysoftware/survey/2008_01_survey.php
Marsh survey: Firms over-optimistic about ability to manage business continuity risks
London, 1 April 2008 - A new survey by Marsh, the world’s leading insurance broker and risk adviser, has revealed many European firms are failing to overcome a ‘perception gap’ in their approach to business continuity management (BCM).
Marsh’s latest research, The Upside to Business Continuity, examines the views and perceptions of Business Continuity and Risk Managers from organisations across Europe on issues relating to BCM. These professionals were drawn from delegates attending the Business Continuity Expo, which is being held on the 2, 3 April at the ExCel centre, clients of the British Standards Institute and members of London First.
The study highlights that while over three-quarters of respondents believed that their BCM is: aligned to their strategic business objectives, integrated into their risk management programme and is understood/supported by senior management, only half believe BCM is used as a strategic tool within their organisations.
Martin Caddick, Leader of Marsh’s Business Continuity Management team, commented: “Our research suggests that organisations which believe their approach to BCM is mature or very mature are generally being optimistic. It seems that many businesses overrate their own level of BCM and their perceptions do not match the reality.
“However, it is encouraging to note that more organisations are aspiring to a view of BCM as part of an integrated approach to risk, even if their implementation has yet to catch up.”
Supply chain risk
The research examined whether firms are using BCM strategies to offset their supply chain risk, one of the biggest challenges facing businesses this year: 54% of respondents agreed that their BCM plan covers their supply chain risks, with 22% saying that it definitely did not; 24% of respondents were unsure.
Mr Caddick continued: “As supply chains have extended, especially into the Far East, the nature of disruption and vulnerability in the risk landscape has changed significantly. Embracing BCM to help manage supply chain risk can deliver real business benefits. Given that nearly half of the respondents stated that their BCM plans did not cover supply chain risks or they were unsure only reinforces our view that firms are overrating the maturity of their BCM.”
Barriers to BCM
The research also highlighted how many firms still view BCM as an additional service, rather than intrinsic to their culture and strategy. When asked to identify the barriers to BCM within their organisations, the most common stumbling blocks cited were lack of time and resources, and lack of budget. In the study, Marsh concludes that the barriers are more related to a lack of understanding of the level of resource and commitment required to do the job properly, which again is in contrast to firm’s perception of how mature they believe their BCM programme is.
BS 25999
Marsh also questioned the respondents about the new British Standard, BS 25999, which regulates BCM programme implementation and management. Although a British Standard, it has relevance outside of the UK and is recognised as a useful tool for any firm that is trying to implement a BCM programme.
Only 39% of respondents said they intended to align their organisation with BS 25999 in the next two years, while 19% said that they did not intend to align their organisation with BS 25999 and 42% were undecided.
Looking more closely into the country of origin shows that BS 25999 alignment is a more serious issue for UK firms, with 60% agreeing with the proposition. Outside the UK, half the respondents remain undecided, but 28% of foreign businesses do intend to comply with the standard, a surprisingly high level of acceptance.
Benefits of BCM
Marsh also explored the perceived benefits of BCM among the respondents: 32% of respondents were able to point to faster recovery after real incidents as a benefit, while 96% of firms found at least one other benefit to implementing a BCM programme, with 52% of firms finding two or more. In addition, over the last 12 months 50% of respondents found that they had a better understanding of their business, and 37% found they have improved their risk-intelligent decision making.
Mr Caddick said: “This finding shows that although BCM’s primary role may be to help organisations recover from an incident, it has many other ancillary benefits. These benefits can yield huge benefits to business; the fact that 37% of respondents believe that their strategic decision-making has improved because they had a BCM programme is very encouraging.
“A more incisive understanding of your business and risk-intelligent decision making will improve the effectiveness of the overall risk management and resilience strategies, which can potentially lead to a better return from the investment in these areas. More mature firms are utilising BCM as a strategic tool to gain these extra benefits and thus improve the bottom line of their business. BCM is not just a risk mitigation and control tool – but also to add value and create an upside for firms.”
About Marsh
Marsh, the world's leading insurance broker and risk advisor, has 26,000 employees and provides advice and transactional capabilities to clients in over 100 countries. Marsh is a unit of Marsh & McLennan Companies (MMC), a global professional services firm with more than 55,000 employees and annual revenue exceeding $11 billion. MMC also is the parent company of Guy Carpenter, the risk and reinsurance specialist; Kroll, the risk consulting firm; Mercer, the provider of HR and related financial advice and services; and Oliver Wyman, the management consultancy. MMC’s stock (ticker symbol: MMC) is listed on the New York, Chicago and London stock exchanges. MMC’s Web Site is www.mmc.com. Marsh’s Web site is www.marsh.com.
Marsh’s latest research, The Upside to Business Continuity, examines the views and perceptions of Business Continuity and Risk Managers from organisations across Europe on issues relating to BCM. These professionals were drawn from delegates attending the Business Continuity Expo, which is being held on the 2, 3 April at the ExCel centre, clients of the British Standards Institute and members of London First.
The study highlights that while over three-quarters of respondents believed that their BCM is: aligned to their strategic business objectives, integrated into their risk management programme and is understood/supported by senior management, only half believe BCM is used as a strategic tool within their organisations.
Martin Caddick, Leader of Marsh’s Business Continuity Management team, commented: “Our research suggests that organisations which believe their approach to BCM is mature or very mature are generally being optimistic. It seems that many businesses overrate their own level of BCM and their perceptions do not match the reality.
“However, it is encouraging to note that more organisations are aspiring to a view of BCM as part of an integrated approach to risk, even if their implementation has yet to catch up.”
Supply chain risk
The research examined whether firms are using BCM strategies to offset their supply chain risk, one of the biggest challenges facing businesses this year: 54% of respondents agreed that their BCM plan covers their supply chain risks, with 22% saying that it definitely did not; 24% of respondents were unsure.
Mr Caddick continued: “As supply chains have extended, especially into the Far East, the nature of disruption and vulnerability in the risk landscape has changed significantly. Embracing BCM to help manage supply chain risk can deliver real business benefits. Given that nearly half of the respondents stated that their BCM plans did not cover supply chain risks or they were unsure only reinforces our view that firms are overrating the maturity of their BCM.”
Barriers to BCM
The research also highlighted how many firms still view BCM as an additional service, rather than intrinsic to their culture and strategy. When asked to identify the barriers to BCM within their organisations, the most common stumbling blocks cited were lack of time and resources, and lack of budget. In the study, Marsh concludes that the barriers are more related to a lack of understanding of the level of resource and commitment required to do the job properly, which again is in contrast to firm’s perception of how mature they believe their BCM programme is.
BS 25999
Marsh also questioned the respondents about the new British Standard, BS 25999, which regulates BCM programme implementation and management. Although a British Standard, it has relevance outside of the UK and is recognised as a useful tool for any firm that is trying to implement a BCM programme.
Only 39% of respondents said they intended to align their organisation with BS 25999 in the next two years, while 19% said that they did not intend to align their organisation with BS 25999 and 42% were undecided.
Looking more closely into the country of origin shows that BS 25999 alignment is a more serious issue for UK firms, with 60% agreeing with the proposition. Outside the UK, half the respondents remain undecided, but 28% of foreign businesses do intend to comply with the standard, a surprisingly high level of acceptance.
Benefits of BCM
Marsh also explored the perceived benefits of BCM among the respondents: 32% of respondents were able to point to faster recovery after real incidents as a benefit, while 96% of firms found at least one other benefit to implementing a BCM programme, with 52% of firms finding two or more. In addition, over the last 12 months 50% of respondents found that they had a better understanding of their business, and 37% found they have improved their risk-intelligent decision making.
Mr Caddick said: “This finding shows that although BCM’s primary role may be to help organisations recover from an incident, it has many other ancillary benefits. These benefits can yield huge benefits to business; the fact that 37% of respondents believe that their strategic decision-making has improved because they had a BCM programme is very encouraging.
“A more incisive understanding of your business and risk-intelligent decision making will improve the effectiveness of the overall risk management and resilience strategies, which can potentially lead to a better return from the investment in these areas. More mature firms are utilising BCM as a strategic tool to gain these extra benefits and thus improve the bottom line of their business. BCM is not just a risk mitigation and control tool – but also to add value and create an upside for firms.”
About Marsh
Marsh, the world's leading insurance broker and risk advisor, has 26,000 employees and provides advice and transactional capabilities to clients in over 100 countries. Marsh is a unit of Marsh & McLennan Companies (MMC), a global professional services firm with more than 55,000 employees and annual revenue exceeding $11 billion. MMC also is the parent company of Guy Carpenter, the risk and reinsurance specialist; Kroll, the risk consulting firm; Mercer, the provider of HR and related financial advice and services; and Oliver Wyman, the management consultancy. MMC’s stock (ticker symbol: MMC) is listed on the New York, Chicago and London stock exchanges. MMC’s Web Site is www.mmc.com. Marsh’s Web site is www.marsh.com.
InMage Systems Presents DR-Scout Solution at the Business Continuity Expo
- Company Extends Proven Business Continuity Technologies to European Enterprises -
LONDON UK – BUSINESS CONTINUITY
DR-Scout is a turnkey DR/business continuity software product that enables businesses to protect their data in the event of a natural disaster or everyday application or server failure. Utilizing true continuous data protection, DR-Scout offers an integrated solution for disaster recovery and continuous local backup. Furthermore, InMage’s CDP-based software provides comprehensive protection across most leading applications with push button failover capabilities for Microsoft Exchange and SQL, Sharepoint, Oracle, Blackberry Server and SAP.
InMage Systems provides continuous data protection and disaster recovery solutions for small to large enterprises. The company’s flagship software suite, DR-Scout, enables companies to protect, maintain and access their critical data and applications during any event that threatens information loss. DR-Scout ensures the integrity of backup and replication processes that are essential to business operations, both on a daily basis and during unforeseen disasters. Key applications include disaster recovery, operational recovery and application/data availability. DR-Scout is also noted as the pioneer of true event-based recovery that facilitates compliance with regulatory requirements. InMage was co-founded in 2001 by technology leaders, including CTO and SVP of Engineering Rajeev Atluri, previously of Gadzoox and storage visionary and Brocade co-founder Kumar Malavalli. InMage is headquartered in
Crisis? What Crisis? Solcara points to the top issues for Business Continuity Managers in 2008
Enterprises and government still have a long way to go to effectively handle operational continuity during crises, says Solcara, market-leading provider of software for the control, management and searching of digital information.Many firms still do not have anything beyond basic procedures in place for emergencies, although more and more are deploying specialist software to assist them during a crisis period. There are many issues enterprises need to get to grips with and Solcara has undertaken informal research amongst its customers and partners to identify the top issues for the BCM industry.
Speaking at the Business Continuity Expo in Docklands tomorrow, Solcara’s Managing Director, Rob Martin will outline key areas of business continuity for enterprises. He lists these as:
Maintaining a smooth supply chain before, during and after a crisis;
Compliance with industry and regulatory requirements, including BS25999;
Maintaining support from the Board of Directors in the current economic climate;
Avoiding unnecessary legal costs after an incident by creating clear audit trails of who did what, when and why;
Creating effective training and simulations to perfect responses to a crisis or business emergency;
He adds: “Enterprises are much better than they used to be at preparing and training for emergencies, but I’m sure many businesses, whilst feeling they have ticked the BCM box, don’t have robust follow-through procedures or a training regime before a crisis takes place. We have all seen over the last few years how one crisis can ruin an entire company or even badly damage a whole industry. Good BCM is that important to a business. Having effective training and support mechanisms before, during and after a crisis will set you apart from competitors and give you competitive advantage, because as we have seen with the food industry, good risk management can ensure you are the last company standing if a major crisis arises.”
Solcara will be demonstrating its Crisis Control Centre at the Business Continuity Expo on Stand 237.
For more information about Solcara’s products, go to www.solcara.com
Subscribe to:
Posts (Atom)