BC Increases As A Critical Priority But
Executive Sponsorship Remains Muddled
In our 2008 survey; approximately 90 percent of respondents
had executive-level sponsorship for BC preparedness. The most
common sponsor was the CEO ( 25 percent), followed by the CIO
( 20 percent). In the 2011 survey, we found that executive-level
support dipped slightly to 87 percent (see Figure 1-1). CEOs ( 23
percent) and CIOs ( 21 percent) remained the most likely executive sponsors. The “other” category was the next most common
response ( 13 percent) and it includes cross-functional teams (for
example CEO, CIO, and HR) or the next executive tier (for example, a general manager or VP of IT).
Luckily the slight dip in executive-level support hasn’t translated into a dip in priority. In 2008, 23 percent of respondents felt
that BC was a critical priority for senior executives at their company while in 2011 this increased to 28 percent (see Figure 1-2).
In tough economic times, senior executives tend to focus more
on cost cutting measures and initiatives that drive productivity
and efficiency rather than cost avoidance initiatives such as BC,
so it’s heartening news that its criticality has actually increased.
The slight dip in executive-level support likely has more to do
with on-going questions about where best to assign corporate
accountability and responsibility than any lack of commitment to
BCM Programs Increasingly
Report Outside Of IT
Companies have made tremendous progress in BC manage-
ment (BCM). Companies no longer treat business continuity as
a one-time planning event but as an ongoing program. In this
survey Forrester found that:
n If you don’t have an established BCM program, you significantly
lag your peers. In 2008, 66 percent of respondents reported
they had established BCM programs in place. In 2011, this
figure increased to 72 percent with another 25 percent that plan
to have established programs in place in the next year (see
n The majority of BCM programs report outside of IT. According
to our study, only 35 percent of BCM programs report into
traditional IT departments such as the CIO or CISO. Twelve
percent of BCM programs report into an enterprise risk
department or chief risk officer (CRO) while 35 percent report
directly into business line executives (CEO, COO, CFO, Board
etc.) (See Figure 2-1).
n Staffing varies by company size and but the average is two full
time staff. According to our study, the median number of full-
time equivalents (FTEs) supporting the BCM program is two.
Of course, this varies by size, companies with fewer than 1,000
employees typically have just one FTE supporting BC, while
small and medium enterprise (companies with 1,000 to 5,000
employees) have two to three and larger enterprises will have
between three and five FTEs.
Source: Forrester Research, Inc.
The State of Business Continuity Preparedness