A guide to preparing for an eventual failure.
Disaster recovery (DR) can take a low priority for many businesses. New companies are focused on securing streams of revenue and large firms are often sluggish to update procedures and equipment. Finding the dedicated funds to implement an appropriate disaster recovery plan can be a daunting task, especially given that it has little return on investment regarding direct income or cost savings.
Only 30% of businesses report having a comprehensive disaster recovery plan in place. 15% of businesses don’t feel they need a disaster recovery plan at all. This neglect seems to cut across organisational sizes and structures — a barely better 35% of SMEs report having a fully operational set of disaster recovery procedures.
Overlooking this vital area of business and brand protection can spell doom for any company unlucky enough to be caught unaware. Only 10% of businesses with no disaster recovery plan survive a major failure. 60% of small businesses that lose data close within 6 months.
Investing in a disaster recovery solution can save your entire business in the event of a disaster. Like cybersecurity, it is a necessary requirement of operating in a digital age. The costs should be calculated into the savings and efficiencies gained from digital transformation. Doing so opens up opportunities based on the security and safety of your data.
Business Continuity vs. Disaster Recovery
The basics of what you actually need to secure your business.
Business continuity and disaster recovery are often used interchangeably. However, they are not exactly the same. Disaster recovery simply refers to a set of protocols designed to reboot stored data and business applications in the event of a failure. Business continuity encompasses a wider set of procedures designed to keep a business running following a disaster. Ideally, that could mean a near instantaneous restore time through cloud-based or remote server failover.
The most important technical aspects of a functioning disaster recovery plan are your RTO and RPO criteria. These are your Restore Time Objectives and Restore Point Objectives. RTO references the amount of downtime your business can tolerate in the event of a failure. RPO sets guidelines for the maximum target time in which data might be lost — essentially the update period for your backup system.
When contracting with a third party, the tolerances for these criteria are critical to specify in your service level agreement (SLA) and will affect cost. However, if not suitable to your business, sluggish restore time objective (RTO) or restore point objective (RPO) parameters can render your entire disaster recovery plan useless.
Business continuity is often regarded as an IT-only issue — and it certainly is an IT concern. However, poor business planning is an often reported source of failure in the implementation of recovery procedures. In addition to meeting basic technical requirements, it is important to have a procedural plan in place and train staff on how to proceed in the event of a failure
- You need an IT-based disaster recovery solution
- You also need to have an operational plan in place for its implementation
- Make sure to get guarantees to restore time objectives (RTO) and restore point objectives (RPO) criteria that suit the needs of your business.
Why You Need to Take Disaster Recovery Planning Seriously
Technical failures, cybercrime, human error, terrorism, natural disasters.
2017 was a dangerous year. Global ransomware attacks brought giants such as FedEx, Nissan, Merck, and the NHS temporarily to their knees. This exposed insufficiencies in cybersecurity systems and weaknesses in Windows. It also crystalised the need to take disaster recovery more seriously than ever.
Ransomware attacks are expected to rise by nearly 12% this year. However, 96% of companies with reliable disaster recovery protocols fully recover from an attack.
Cybercrime has become a ‘when not if’ question for many firms. But, what you need to understand is that there are a whole host of additional threats out there that could cripple your business processes, cause downtime or loss of data without an adequate Disaster recovery and business continuity plan.
There has been a steady increase in economic losses from natural disasters since the 1970s*. 2017 saw 16 events in the US alone that cost more than $1 billion*. Those costs encompassed more than data loss. However, securing your business from natural disasters is an important thing to consider. Think about your location, its proximity to floodplains, fault lines and other local dangers. Take this into account when constructing your disaster recovery plan. Backing-up to a data centre across the street won’t help you in the event of a flood.
Similarly, think about the proximity and threat of terror attacks. Terrorism has cost the global economy more than $20 billion every year for the last 10 years — hitting a high of $104 billion in 2014*. Depending on your business, this could mean preparing for an attack itself. More likely, however, this means thinking about power disruptions and infrastructure damage similar to a natural disaster.
Power outages accounted for 35% of unplanned downtime in 2017. Hardware faults were responsible for another 45%. That means that 80% of failures were caused by things as mundane as network issues, faulty drivers or infrastructure problems. It is important to remain on top of hardware refurbishments. However, these issues encompass a number of problems over which no business has control.
Nothing can replace the ability to sidestep a failure with the near-instant restore time objective (RTO) capabilities offered by a comprehensive disaster recovery plan.
In addition to technical faults, cyber attacks, terrorism and natural disasters, it is prudent to have an IT recovery plan simply because people make mistakes. Failure to appropriately save a document, or saving over important information can cause small to critical problems for a business. Although common, these kinds of mistakes are nearly impossible to prevent — at least while humans are still involved in work.
A disaster recovery plan that involves regular backups will create a series of restore points that can, if accessed correctly, enable teams to operate more effectively in the event of a human error — in addition to securing your data and business applications in the event of a larger disaster.
- Think about your location and the specific nature of natural and man-made disasters that exposes you to.
- Cybercrime and ransomware are a growing threat that can be mitigated by robust disaster recovery measures.
- Take into account human error and the benefits of continuous backup
- Consider the risks of mundane power failures and network hiccups.
The Costs of Failure: What Lacking a Disaster Recovery Plan Can Mean for Your Bottom Line
In 2016, companies spent a minimum of $926 per minute of unplanned downtime*. That rose to a potential $17,244 per minute and a total average cost of $740,357 for data centre failures.
In addition to direct costs and loss of revenue, 25% of businesses that suffered a failure reported staff disruptions that impacted business because of the need to refocus employee time to deal with the disaster.
Most importantly, it is impossible to quantify the damage to your brand that can occur in the event of data loss or significant downtime. Customers rarely forgive such transgressions. Even failure to provide adequate online customer service in a moment of need can destroy a valued relationship because of the always-on expectations of digital commerce.
You need to do everything you can to reduce downtime and prevent outages. Organisations lose anything from nothing to millions. Only 10% of businesses with no disaster recovery plan survive a major failure. 60% of small businesses that lose data will close within 6 months*.
Make Sure Your Disaster Recovery Plan is up to Sufficient Standards
Run drills, practice and always test your hardware
Around 30% of companies with a disaster recovery plan that is tested by failure still suffer data loss. 35% of companies that experience a failure temporarily lose at least one business-critical application. Of those that lost data in 2016, 12% could not recover that information.
That either means the procedures were inadequately constructed/executed, or the disaster recovery system itself failed. Remaining on top of disaster recovery procedural updates is as vital as having a plan at all. It is also highly advisable to run drills and regularly test the efficacy of your hardware.
Deficiencies of this kind are why companies have started looking at cloud and hybrid-cloud DR solutions and disaster recovery-as-a-service (DRaaS) to provide continual, scalable and near real-time backup of all business processes and applications*. These options are particularly suitable for companies with lower in-house IT proficiency.
- Always make sure that the disaster recovery plan you have in place actually meets the criteria you need to keep your data safe and prevent prolonged downtime.
- RTO, RPO and SLA criteria.
- Investigate different types of disaster recovery solution — all of which have their own benefits and downsides.
- Data centres
- DRaaS
- Public cloud solitons/Hybrid-cloud solutions
Summary: Don’t gamble with your brand — neglecting Disaster Recovery planning isn’t worth the risk
A disaster recovery and business continuity plan are not just about protecting data, processes and applications. It is about retaining customer confidence, preventing losses in productivity and missed business opportunities. It is about protecting your brand.
Customers have come to expect digital perfection. If your website goes down, you fail to provide necessary customer service or lose sensitive data, you can create reputational damage that is greater than the costs of ‘technical’ recovery. Customer acquisition can be expensive — re-acquisition is next to impossible.
Think about how you would react if a business you used lost personal data or failed to deliver needed services at a critical moment.
It is important to take into consideration all IT options and assess your own in-house skills. Consider contracting with third-parties and investigate cloud and hybrid-cloud solutions, as well as the traditional data centre. Whether using contractors or in-house teams, always scrutinise restore time objective (RTO) and restore point objective (RPO) parameters and make sure they align with your business needs.
Effective disaster recovery, however, requires business planning that goes beyond IT. Train staff to use data recovery procedures and make sure everyone understands the plan so that operations can continue smoothly.
It is critical to take into account all of the particularities of your location, business and workforce when thinking about disaster recovery. If you backup to a data centre, choosing a provider nearby may render your preparations meaningless if faced with citywide infrastructure failures. Getting the IT right is vital, but, it is the bedrock on which you need to build a ‘DR-house’ — not the endgame.
Neglecting a comprehensive disaster recovery plan is not a risk worth taking to avoid the limited costs of being prepared. Ultimately, the ability to operate online from remote servers has enabled firms to have full and immediate redundancy of all their processes, data and applications. Failure to take advantage of this opportunity is nearly as negligent as a failure to maintain a web-presence or utilise the flows of digital data that make using such a backup system a necessity. It is not worth gambling your brand, business and reputation to save a little bit of money. The risks are too high.
Sources:
* Global disasters in 2017 cost $306 billion—nearly double the cost of 2016
* Extreme hurricanes and wildfires made 2017 the most costly U.S. disaster year on record
* The Global Economic Impact Of Terrorism [Infographic]
* Business Continuity Statistics For IT Pros – StorageCraft
* 58 Percent of Small Businesses Not Prepared for Data Loss (INFOGRAPHIC)
