Far too few companies are prepared for the worst. According to a recent study by Deloitte, only half of technology, media, and telecommunications companies have disaster recovery (DR) plans in place. Yet research shows that a proactive approach to disaster preparation is more cost-effective. Every $1 spent on hazard mitigation saves society $4 in response and recovery costs. So why don’t all companies implement disaster recovery policies?
Disaster recovery protocols first came into play in the 1970s, following the development of standby systems and datacenters. With the increased reliance on IT for operations, businesses began realizing the need to have some sort of disaster plan in place. At that time, recovery of systems within five days and a few days’ data loss was considered best practice.
Today, with virtually all areas of business relying on IT to function, DR is more crucial than ever. A few days’ worth of lost data is no longer acceptable and even against government regulations for some industries where recovery point objective (RPO) and recovery time objective (RTO) metrics must be near immediate and near zero, respectively.
Regardless, companies still don’t implement effective disaster recovery plans. Almost all have some solutions in place, such as a backup to tape strategy for example, but many don’t have adequate levels of redundancy built into their infrastructure or an acceptable RPO and RTO. There are many reasons for this:
Cost – Even though, as mentioned above, the costs of disaster recovery planning is significantly less than the costs associated with response and recovery following a disaster, many companies find that the hardware and software needed to have a truly redundant backup and replication strategy are too expensive. They’re not entirely wrong, however. Depending on the size of the organization, reducing RTO by 12 hours can cost upwards of a million dollars.
Lack of resources – Aside from a shortage of funds available to invest in DR, other resources may be lacking. Implementing a disaster recovery plan takes several months to plan, propose, implement, and test. And with 43% of CIOs believing that their IT department is short-staffed, many businesses simply do not have the time, manpower, or expertise to undertake large-scale disaster recovery implementations.
Lack of awareness – Some companies just don’t see IT as it truly is – the backbone of business – and therefore don’t provide IT with the necessary means to implement the right solutions. This lack of awareness on the CEO’s part can leave the company very vulnerable.
Overconfidence – “It’ll never happen to us,” and “Good enough,” are the thought patterns that some organizations are guilty of. But in a survey of 200 IT Managers at medium and large-sized businesses that experienced significant network disruption, 82% of respondents indicated they were confident in their disaster recovery plan before the disruption occurred, yet 97% said the disruptions had detrimental effects on business.
What can IT do to improve its disaster recovery preparedness? Check back next week for Part 2 of our look at disaster recovery for more info. In the meantime, share your DR thoughts with us on Twitter!