Gartner Blog Network


What’s Changed in BCM Since 9/11: A Ten Year Review

by Roberta J. Witty  |  September 13, 2011  |  1 Comment

Anniversaries of major events – personal and public – trigger much reflection on what has changed since the event, and 9/11 is no different. I went back to my experience in the months following 9/11 to find nuggets of information about which to write regarding how 9/11 changed the ability of organizations to respond and recover from major business disruptions. Colleagues and I conducted many advisory sessions across the U.S. regarding business continuity management (BCM), IT disaster recovery management (IT DRM) and crisis/incident management (CIM). That lasted for about nine months and then there was a profound “thud” as most private enterprises of all sizes – small, medium and large – moved on to more pressing issues. I think most of them were not ready for the commitment required to turn their IT DRM programs – which most recovery programs were at that time – to full-fledged BCM programs that encompassed IT, the workforce, customers, partners, the supply chain and so forth. The areas where we did see some focus in the first few years after 9/11 are workforce resilience and crisis management. Obviously there were the exceptions, but overall we did not see a huge rush to BCM program maturity as a result of 9/11 in the private sector.

However, we did see a major change directly related to 9/11 on the federal, state and local government side. The formation of the U.S. Department of Homeland Security in 2002 started the ball rolling. DHS/FEMA has done a very good job in maturing the readiness of federal, state, local and tribal nation emergency operations, but it has taken years for DHS/FEMA to have an impact on private sector BCM programs. The focus on improved public/private sector communications through multi-state and national-level exercises (especially for the healthcare, financial services and public utilities sectors), the introduction of Ready.gov, and the Voluntary Private Sector Preparedness Accreditation and Certification Program (PS-Prep) are three influential changes for private enterprises.

Even though 9/11 did not have an immediate impact on BCM maturity, it did set up the framework for preparedness, response and recovery improvements since for both the public and private sectors. The majority of these improvements have been a result of the confluence of three areas:

  1. Increasing natural and man-made disaster events such as SARS, Hurricane Katrina, the bird and swine flu threats, the London and Mumbai bombings, the Iceland volcanic ash event, earthquakes in Haiti, Chile, New Zealand and Japan, oil spills, the global financial crisis of 2008, major ice and snow storms and so forth;
  2. Technology innovations such as Internet broadband in the home, the real-time infrastructure, virtualization, hosting/outsourcing, smartphones and tablets, social media and cloud computing; and
  3. Business operating practices such as regulatory changes in response to financial fraud, telework initiatives and outsourcing non-core competencies.

Without these changes to business and IT practices, many of the improvements we see today in BCM maturity would not be possible.

We have come a long way in BCM since 9/11 and we have a longer way to go for organizations of all sizes and operating models to be prepared from even the smallest, localized threat. Gartner is committed to your success in preparedness, response and recovery activities and continues to offer clients foundational and timely research in BCM and IT-DRM through our BCM key initiative for business and IT leaders. Take our maturity self-assessment called ITScore for Business Continuity Management to jump start your journey.

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: advisory  

Tags: availability-risk  banking  bcm  bcp  bia  business-continuity-management  business-continuity-planning  business-impact-analysis  business-resiliency  compliance  contingency-planning  continuity-of-operations  coop  crisis-management  data-protection  disaster-recovery  emergency-notification  emergency-preparedness  governance  h1n1  homeland-security  incident-management  it-disaster-recovery  mass-notification  operational-risk-management  pandemic-planning  recovery-planning  resiliency  risk-assessment  roberta-witty  social-media  supply-chain-risk-management  swine-flu  terrorism  workforce-continuity  

Roberta J. Witty
Research VP
11 years at Gartner
33 years IT industry

Roberta Witty is a research VP in Gartner Research, where she is part of the Compliance, Risk and Leadership group. Her primary area of focus is business continuity management and disaster recovery. Ms. Witty is the role specialty lead for… Read Full Bio


Thoughts on What’s Changed in BCM Since 9/11: A Ten Year Review


  1. […] #split {}#single {}#splitalign {margin-left: auto; margin-right: auto;}#singlealign {margin-left: auto; margin-right: auto;}.linkboxtext {line-height: 1.4em;}.linkboxcontainer {padding: 7px 7px 7px 7px;background-color:#FFFFF;border-color:#FFFFF;border-width:0px; border-style:solid;}.linkboxdisplay {padding: 7px 7px 7px 7px;}.linkboxdisplay td {text-align: center;}.linkboxdisplay a:link {text-decoration: none;}.linkboxdisplay a:hover {text-decoration: underline;} function opensplitdropdown() { document.getElementById('splittablelinks').style.display = ''; document.getElementById('splitmouse').style.display = 'none'; var titleincell = document.getElementById('titleincell').value; if (titleincell == 'yes') {document.getElementById('splittitletext').style.display = 'none';} } function closesplitdropdown() { document.getElementById('splittablelinks').style.display = 'none'; document.getElementById('splitmouse').style.display = ''; var titleincell = document.getElementById('titleincell').value; if (titleincell == 'yes') {document.getElementById('splittitletext').style.display = '';} } BOOK: The Definitive Handbook of Business Continuity Management, 3rd Edition by Andrew Hiles – Rothstein Associates Inc. Business Survival ™ WeblogDisaster & Business Continuity Management: Looking for Blame in CrisesBusiness Continuity Management BS 25999,Business Continuity …Business Continuity Management – Find your free online content for …Business Continuity Management, Legislation, Regulations & StandardsBusiness Continuity Training DVDs – Rothstein Associates Inc. Business Survival ™ WeblogWhat’s Changed in BCM Since 9/11: A Ten Year Review […]



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.