NEW YORK—The Sept. 11, 2001, terrorist attacks that felled the twin towers of the World Trade Center profoundly affected the businesses operating in Lower Manhattan, and brought into focus the importance of business continuity.
The 9/11 events impacted the U.S. financial industry, due to its proximity to Wall Street, the financial center of the nation. Many clients across the world depend on such financial firms for trade execution, support, as well as security management.
Approximately 13,000 computer servers were lost on 9/11, at an approximate replacement value of $370 million, according to Tech Republic, a management information systems magazine. It also estimated that 30,000 securities positions were lost in the World Trade Center buildings, with an additional 15,000 to 20,000 positions lost in other affected buildings. In addition, trading floors, data centers, and other equipment were lost, to the value of billions of dollars.
Prior to the events on 9/11, “Anyone who had ever tried to persuade an organization to part with money to fund disaster recovery and/or business continuity requirements was quickly met with resistance,” according to Tech Republic.
But today, few businesses can make do without it.
Even without the expectation of a terrorist attack, last month’s earthquake and Hurricane Irene each present unique challenges to business continuity.
Proper Business Continuity Planning
Business continuity is often two-tiered. The first tier is coping with the disaster in the short term, including document and data retention, and finding immediate workspace for a portion of critical personnel. The second tier of a business continuity plan is to assist the business in coping with a major, long-term disruption of its business, including finding alternative workspace and services on a more permanent basis.
In a business continuity guide published by Directors & Boards magazine in 2006, Ted Brown, CEO of KETCHConsulting, said that “37 percent of chief financial officers perceived their firms to be most vulnerable in the area of disaster preparedness and recovery.” That survey was conducted 5 years ago, and most analysts agree that today that figure could be even higher due to the cost cutting from the recent financial crisis.
Brown said that there are no two disaster recovery and business continuity plans that are identical, and the plan must adhere to the needs of each organization. However, each company’s objectives should have specific goals, such as “restore accounts receivable,” as well as a measurable time frame, such as “within three business days.”
In addition, experts say that off-site data centers and contingency plans should be geographically segregated.
Two companies lost their primary operational sites in the World Trade Center on 9/11. “One was back in operation a few days after the attack because it had set up its emergency operations and data back-up center several miles away while the other had theirs located a stone’s throw from ground zero. Two years later, they still had not recovered,” according to an example given in a Disaster Preparedness Planning guide from Chase.
Morgan Stanley, one of the biggest broker dealers in the world, conducts a major business continuity test each year, on Easter weekend. The company shuts down all data centers and runs a simulation to mimic loss of data.
