Nearly two years after the Sept. 11 attacks, many organizations remain woefully unprepared to quickly recover their IT systems and key business processes in the event of a disaster.

While interest in disaster-recovery systems peaked in the immediately after the terrorist siege, IT managers acknowledge they have yet to follow through on many of their intentions. A lack of funds has been a big reason, but other factors include miscommunication between IT executives and other top executives, and the realization by some companies that their basic IT infrastructures needed shoring up first.

"Since 9/11, we have built in replication services, but don't have an off-site location yet to replicate data to," says Rich Banta, senior enterprise systems engineer for St. Vincent Hospital and Health Services in Indianapolis, which backs up data onsite and stores tapes at another one. "We plan to do mirroring over fiber-optic [cables] in the next six months, although it's not cheap," he says, adding it would cost of at least $2,000 a month per mile. 

Maimonides Medical Center in New York also cited financial issues for stalling its advanced data replication ambitions.

"After 9/11, the government made available [Federal Emergency Management Agency] money for hot sites," says Mark Moroses, senior director of technical services and security officer at the healthcare organization. "Then New York state [government took all the money back] and the governor reallocated it to the Port Authority, which hurt us. . . .We still rely on a warm site at Comdisco that can be brought up in 12 hours."