Public services and corporate disaster recovery teams have stepped up their use of social media, such as Facebook and Twitter, to keep employees informed and communicate with key players. Many companies have even created the position of social media officer to manage online communications and ensure corporate sites remain updated.
"It's also about controlling the rumors," Witty said.
In addition, some companies now consider having cots, flashlights, food and water on hand for employees who stay in the office and have a remote recovery site in operation to make sure they can restore critical systems as quickly as possible.
Even in the aftermath of 9/11, IT managers said they had to fight for money to implement disaster recovery plans and technology.
What began with 9/11 but evolved with numerous cases of fraud and rogue trading, was the concept that risk management needed to be a part of disaster recovery planning.
"Chief risk officers who used to never ... look at the IT side of things, do talk more about IT risk as becoming part of something they need to incorporate as part of an enterprise risk management capability," said Rodney Nelsestuen, a senior research director at industry consultancy Tower Group.
The U.S. government saw to it that in the years following the terrorist attacks, the financial industry spent hundreds of millions of dollars upgrading internal systems to comply with the Patriot Act. That law required financial services companies to beef up their ability to flag suspicious transactions and customers.
"The fact that there's evil out there -- 9/11 drove that, but I don't think people were looking internally to that," Nelsestuen said.
According to Tower Group, after 9/11 about 39 percent of IT budgets went to integrating back-end systems; 34 percent was spent on new software; and 24 percent was used to upgrade IT infrastructures, such as server, network and and storage systems. Another 2 percent was spent on outsourcing services with operators of customer databases, such as Regulatory DataCorp International LLC (RDC) in New York.
Firms such as Merrill Lynch, whose headquarters was located right next to ground zero and lost its primarydata center for six weeks, performed a gap analysis to determine what was missing and what might be needed respond to another disaster.
Analysts today say regular gap analysis is still a key component to disaster preparedness.
Cantor Fitzgerald LP, a bond-trading firm located in the World Trade Center, lost 658 employees and its primary data center on Sept. 11. It was the worse-case scenario of what could happen.
"They were one of the major bond traders on the globe. We had not imagined the scope of that disaster," Nelsestuen said.
What was remarkable about the recovery effort with Cantor Fitzgerald was that its competitors jumped in to lend a hand and took over its bond trades so that the firm could continue operations as it recovered from the devastation.
"There was no one who planned that: "If we have a disaster, will you do our processing and credit it to us," Nelsestuen said. "But, those are the kinds of things that came out of that level of disaster.... People [had] to start thinking about the human contingency that we'd never thought about before."