The severity of the threat from disruption to IT systems is one of several factors prompting companies to increase the attention they devote to risks associated with their operations, the EIU said.

Among respondents to the global survey, 75 per cent say they have increased the time and resources they dedicate to operational risk management, while 71 per cent report a similar increase in the focus on business-continuity programmes.

When asked about the threats they saw as most significant in terms of their operational risk management, loss of data and human error were ranked most highly, cited by 36 per cent and 35 per cent of respondents respectively.

These results form part of "Business Resilience: Ensuring Continuity in a Volatile Environment", an EIU survey and report sponsored by ACE, IBM and KPMG. The report examines the range of threats that companies face and explores the variety of approaches that risk managers can take to increase overall business resilience.

The survey obtained responses from 177 senior executives from a range of industries, regions and company sizes. All the respondents have responsibility for risk management.

"The results of the survey illustrate the degree to which companies now rely on their IT systems," says Rob Mitchell, editor of the report, "as well as the devastating consequences that can ensue from even a short period of disruption.

"Discussions of business continuity often centre around catastrophic events, such as terrorist attack or pandemic outbreak, but our survey indicates that it is the more mundane and likely problems, such as power outage, human error and unplanned downtime that pose the gravest threat to organisations."

Other findings in the report are:

l Information on risks is not fully communicated. Respondents are reasonably confident about the processes they use to identify risks and to ensure that the board is made aware of significant problems, with 61 per cent saying that they conduct risk assessment successfully, and 52 per cent giving themselves a similar rating for reporting on key risks to the board.

Communicating on risk issues with employees, and with the extended enterprise (partners, suppliers and other organisations with which the company has a key relationship), tends to be less successful, however. Only 31 per cent of respondents say that they communicate successfully on operational risk issues with employees, and just 19 per cent give themselves a similar rating for their communication with the extended enterprise.

l Stakeholders pile on the pressure. Pressure to increase business resilience comes from a variety of external sources. When questioned about the influence that particular stakeholders have on business-continuity decisions, 59 per cent cited customers as being a significant source, 58 per cent cited regulators and 50 per cent cited investors.

l Reputation is the biggest concern. Failure to put in place robust business-continuity plans can have a variety of negative impacts, including loss of revenue and decline in shareholder value. But among respondents questioned for this survey, damage to reputation is seen as the biggest threat, with 43 per cent of respondents saying that this is their main concern.

l Smaller companies lag behind larger peers. Respondents from companies with annual revenue of less than US$500 million (Bt17.67 billion) are much less likely than larger companies to consider themselves successful at specific aspects of operational risk management. For example, just 18 per cent consider themselves to be successful at actively testing business-continuity plans, compared with 31 per cent of companies with revenue in excess of $1 billion.