Almost one-third of Australian financial institutions are ill-prepared for a major disruption to their IT systems, according to a report prepared by the University of South Queensland's Centre for Australian Financial Institutions.
The survey, which examined the ability of banks to continue operating in a number of disaster scenarios including terrorist attacks, systems hacking and cyberfraud, found that 30% of institutions had yet to develop crisis management plans.
Special criticism was reserved for institutions' lack of foresight in outsourcing arrangements. Three-quarters of banks surveyed expected their outsourcing partners to comply with BCM guidelines but only 50% of this number actually verified the plans.
USQ's Glen Van der Vyver comments: "This is serious as more than 15% of the smaller institutions outsource all of their IT work. If there are no BCM checks and balances in place they stand the risk of confidentiality breaches and no guarantees of systems availability."
The study also examined non-IT risks such as the cost of paper document loss. It found that half of institutions had no idea of the cost to their organisations of paper document losses.
Report co-author Dr Sarath Delpachitra, says: "One of the things that we have been telling these institutions is that they must incorporate document management into their systems."