Everyday, systems around the world are invaded by hackers, people fall victim to virus attacks, sensitive data are stolen, and firms find their operations screech to a halt. Information Security is responsible for the protection of the information resources of companies and people. The business continuity plan (BCP), one of the many issues that fall under the label of Information Security, is the object of this study. Previously confined to esoteric research journals, BCP gained significant coverage in the mainstream media in the wake of the attacks on the World Trade Center. The primary goal of a business continuity plan is the avoidance, or substantial reduction, of losses that a firm might suffer as a result of security incidents. Put simply, a BCP's goal is to keep firms operating as normal as possible during a disaster and get the firm back to standard operations as quickly as possible. The purpose of this study is to illustrate the current utilization of business continuity plans in Brazilian businesses and suggest how to make them less vulnerable to internal and external threats, regardless of whether they are old, new, or as yet undiscovered. To achieve this objective, 112 companies were selected and the executives could express their perceptions filling the surveys and through interviews. The research demonstrates that firms are not prepared to face incidents which may cause interruptions of their activities. Finally, the research recommends that companies to evaluate carefully the risks involved in their businesses and what consequences the security incidents may cause. The impacts can certainly justify the investments in Business Continuity Plan.