Maybe because the airwaves were full of news of real terrorism, we heard relatively little outside of Chicago and Seattle about Topoff2, the massive counterterrorism drill conducted in those cities over five days last week. Topoff2 was the largest counterterrorism exercise since 9/11, and the first since the formation of the Department of Homeland Security. From what coverage there was, the drills appeared to be a successthey gave the first responders and top officers (hence Topoff) being drilled some practice, some confidence, and some indication of what has to be fixed before they can respond to a real event with real effectiveness. Most participants, at least, believe that it was $16 million well spent. The same threats that public safety agencies just trained for, as well as other dangers, would have hideous effects on businesses whose physical plant or information/communication systems were struck. In a recent report, the Robert Francis Group said that to guarantee success, disaster recovery and business continuity strategies and plans must require and support frequent testing and refinement of underlying scenarios and assumptions.Last November, CSO magazine reported on an elaborate drill conducted by insurance giant USAA, replete with simulated loss of key leaders, decontamination showers and impromptu relocation of workstations. But thats a model that few companies follow. According to an online poll conducted last summer by St. Louis-based trade publication Disaster Recovery Journal, 65.5 percent of the 2,223 respondents said their company had not enacted its business contingency/disaster recovery plan in the last 10 years. About 26 percent had enacted their plans between one and three times. Additionally, a KPMG study found that some 47 percent of U.S. companies admit that they do not have a crisis plan in place or a method to measure their readiness. Gartner Group analyst Tony Adams told CXO media, Unless theyre regulated, companies arent protecting themselves from something that may or may not happen down the road. Even if plans are in place, he says, a lot of companies (other than utilities) dont know how well those plans work because they are rarely tested. Many companies dont have the guts to throw the switch. A recent Gartner survey found that one in three U.S. companies would suffer critical losses during a disaster because their recovery plans are not fully funded. Does your company have the guts to throw the switch? Related content news Gitlab fixes bug that exploited internal policies to trigger hostile pipelines It was possible for an attacker to run pipelines as an arbitrary user via scheduled security scan policies. By Shweta Sharma Sep 21, 2023 3 mins Vulnerabilities Security feature Key findings from the CISA 2022 Top Routinely Exploited Vulnerabilities report CISA’s recommendations for vendors, developers, and end-users promote a more secure software ecosystem. By Chris Hughes Sep 21, 2023 8 mins Zero Trust Threat and Vulnerability Management Security Practices news Insider risks are getting increasingly costly The cost of cybersecurity threats caused by organization insiders rose over the course of 2023, according to a new report from the Ponemon Institute and DTEX Systems. By Jon Gold Sep 20, 2023 3 mins Budget Data and Information Security news US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks Cyber insurance claims frequency increased by 12% in the first half of 2023 while claims severity increased by 42% with an average loss amount of more than $115,000. By Michael Hill Sep 20, 2023 3 mins Insurance Industry Risk Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe