Financial services firm KPMG has met with the Australian Securities and Investment Commission (ASIC) and the big four Australian banks to push the adoption of industry-specific business continuity plans.
KPMG offices in Singapore and the UK have surveyed more than 180 organizations in their regions, simulating events involving private businesses, emergency services, service providers and government agencies on business issue management during emergencies.
Computerworld understands ago the results of this survey were shared two weeks with the Australian Securities and Investment Commission (ASIC) as well as the big four Australian banks.
Richard Marrison, partner of KPMG Information Risk Management in Australia, said the survey found enterprises are still not factoring in the full picture when analyzing business continuity plans. The full picture, according to Marrison, extends right down to the supply chain.
"Australian businesses need to understand the ultimate success of their business continuity is more dependent than ever on their peers and service providers like exchanges and regulators," Marrison said.
"Most industries depend on the cooperation of private business, civil authorities and regulators; however, it is interesting that until recently crisis management testing has been undertaken by various entities in isolation rather than as a collective group.
"Financial organizations are considered the leaders in crisis and disaster simulation, yet testing of their contingency planning doesn't often factor how other entities, which have a bearing on their business, will cope. Effective planning also depends on understanding how emergency services will respond and what their needs are to best handle an emergency."
Marrison referenced a Gartner statistic stating four out of five businesses severely affected by a major incident will close within 18 months and 90 percent of those companies which lose data shut down in two years.
James Turner, security analyst at Frost & Sullivan, said an industry-specific business continuity or disaster recovery checklist will save a lot of organizations time. However, it would need to be reviewed by industry peers and formulated with the specific industry in mind.
Kaz Group business continuity and governance practice manager Peter Voysey considers a "whole of industry" approach to crisis management and business continuity ideal, however the challenge lies in getting companies in the same industry to cooperate rather than compete.
Voysey added the Australian Government's CNVA (Computer Network Vulnerability Assessment) program and the TISN (Trusted Information Network for Critical Infrastructure Protection) is attempting to broaden the scope of risk assessment to others in the same industry.
"The CNVA program is to facilitate the sharing of the potential cross-industry impact of crises such as major fraud, terrorist attacks and pandemic outbreaks, rather than a company-only focus when developing business continuity plans," Voysey said.
Ian Gilbert, acting CEO of the Australian Bankers' Association, said cross-sectoral coordination is occurring today, led by the Australian government in areas such as critical infrastructure.
"Banks are required to have business continuity plans under regulations issued by the Australian Prudential Regulatory Authority (APRA) and in the recent Cyclone Larry crisis, banks were recognized for being extremely quick to restore banking services to affected communities," Gilbert said.
"There is a banking industry working group with carriage of coordinating continuity planning for a range of potential operational disruption issues, and also coordination occurring across the financial services sector in terms of crises communications."