A survey released today by the Advisory practice of KPMG in the UAE shows that 73% of UAE companies are either operating or implementing a business continuity plan, driven by factors such as customer service, compliance and safety issues, with 57% naming regulatory issues as a key concern. However, the survey also shows that only 20-24% of companies have an enterprise-wide security or continuity plan in place, with up to 50% of companies confining continuity plans to the IT department and limited critical systems. Too many companies are still assigning responsibility for continuity and availability to the IT department, rather than taking a strategic and enterprise wide approach to leveraging their investments in these programs. Only 12% of UAE companies currently have these functions reporting directly to the board, which is a common practice in leading global companies with robust security and continuity strategies.
“Companies in the UAE need to take a holistic approach when investing in their business continuity and information security programs to ensure that all areas of the business are covered, rather than addressing issues on a case to case basis” commented Rajeev Lalwani, Head of IT Advisory practice for KPMG in the UAE and Oman. “It can be hard to measure the results of spending on both security and continuity so organizations need to treat these issues as business issues and embed them in the larger context of risk management programs, policies and procedures. When it comes to information security, there is no point in investing in expensive security technology tools to protect your digital customer information if the same information remains unprotected in paper form.”
Results show that companies in the UAE need to rethink their security and continuity policies to keep up with the growing international trend to integrate security and continuity functions as part of a company’s overall risk management policy and strategic framework, through implementing standards such as ISO 27001. At present, 86% of the companies surveyed had not implemented a global standard. Of those that did follow the standards, 21% did not cover the whole organization. Management has a responsibility to protect information assets and preserve brand and shareholder value by ensuring the security of their information and the continuity of their business.
“Leading organizations leverage the strength of their information security and business continuity programs as one of the sources of strategic and competitive advantage,” commented Will Brown, Principal in the Business Continuity practice of KPMG in the UK. “This is achieved through their real or perceived ability to provide continuous service and security and confidentiality of vital information assets. Interestingly, the survey also found customer service to be a key influencer in the decision to implement a business continuity management program.”
Other noteworthy findings from the survey show a greater understanding is required on the need for geographic dispersion of disaster recovery sites. Most companies surveyed have, or plan to have, secondary recovery sites within the same city or location in which their business operates. This leaves businesses vulnerable in the event of a major disaster in that city or location. The survey also reveals that organizations recognize people as one of their weakest links. Processes are left vulnerable due to human error, negligence, lack of awareness or even the lack of staff availability during a disruption. Investment in business continuity appears to be constrained, with a majority of firms spending in the lower end of the investment spectrum.
About KPMG
KPMG is a global network of professional firm providing Audit, Tax, and Advisory services. We operate in 148 countries with more than 6,800 partners and 113,000 professionals working in member firms around the world.
The independent member firms of the KPMG network are affiliated with KPMG International, a Swiss cooperative. KPMG International provides no client services.
KPMG in the UAE
KPMG in the UAE is a member firm affiliated with KPMG International. The offices were established in 1973 and now consist of about 400 staff members. Services performed by the UAE offices of KPMG include IT Advisory, Internal Audit, Accounting Advisory, Tax, Corporate Finance, Transaction Services, Business Process Outsourcing, Forensic services and Executive Search & Selection.
KPMG is widely represented in the Middle East region and has offices in the UAE (Dubai, Abu Dhabi, Jebel Ali, Fujairah, Sharjah), Bahrain, Egypt, Iran, Kuwait, Lebanon, Oman, Qatar, The Kingdom of Saudi Arabia, Syria, and Yemen.
KPMG’s IT Advisory Services focuses on helping clients succeed in their IT Strategy and Technology enabled business operations and projects. Our security, continuity and IT Audit services help manage business risks inherent in the technology systems used to support our clients' business objectives. Our team of highly skilled business and technology professionals have the knowledge and experience to help clients manage technology projects and provide them with the advice they need to meet their strategic and financial goals.
