The number of IT executives getting directly involved in disaster recovery planning has risen by nearly a third over the past year, driven by concerns about threat levels and the risk of natural disaster, according to Symantec.

The security firm's annual disaster recovery survey revealed that 67 per cent of companies involve the chief information officer, chief technology officer or IT director in disaster recovery planning, up from 33 per cent last year.

Symantec identified rising malware threats, lingering fears spread by the 2007 floods, data loss issues and tougher government regulations as among the largest contributing factors. However, most UK firms still lack a dedicated executive to deal with disaster recovery, unlike many US organisations.

"It indicates perhaps that people are not taking disaster recovery as seriously as they should," said Darren Thomson, Symantec's senior technology director. "It's an industry maturity thing which will get better."

Thomson added that to ensure boardroom buy-in for disaster recovery plans, IT and other executives should market the initiatives not as insurance against something that might happen, but as a way of improving operational efficiency, driving consolidation and lowering costs.

He also warned that firms which have virtualised much of their IT infrastructure need to take extra care when formulating disaster recovery plans.

"Most existing disaster recovery plans are predicated on physical assets," he said. "People are jumping in too quickly with virtualisation, rolling out too aggressively and getting hurt."

The report also warned that there is still some way to go before disaster recovery strategies are perfected. Around 93 per cent of organisations had to execute on their disaster recovery plans last year, and one in four tests failed, said Symantec.

Thomson argued that, in many cases, organisations are focusing too much on technology and not enough on process.

"A software tool is only as good as the process it is supporting, and people are not focused enough on best practices like IT Infrastructure Library and Cobit," he said.