Too Few Companies Formally Plan for Disaster Recovery

February, 2018

The range of disasters, natural and otherwise, that can cripple a company are staggeringly wide. At the extreme, a flood of Biblical proportions takes out scores of Houston-area businesses. Or mission-critical IT systems fail at Delta Airlines, resulting in thousands of canceled flights and $100 million in lost business. At the other end of the spectrum, a trash can fire in a server room can also disrupt IT operations.

If we’ve learned anything from the past few years of high-profile outages, it’s that the ability to recover information systems and data quickly and effectively after a disaster of any type should be an organizational priority. But, sadly, not enough companies are taking disaster recovery planning seriously.

As shown in Figure 3 from our full report, Disaster Recovery Planning Adoption and Best Practices, only 42% of organizations that enact such plans do so formally and consistently. To have formal disaster recovery plans means that the plan is documented and that it is adequate to ensure restoration of services.

DisasterRecovery fig 3 - Too Few Companies Formally Plan for Disaster Recovery

Even if the plan is formally documented, it will become ineffective the minute changes are introduced to systems. To practice disaster recovery planning consistently means that the plan is reviewed and revised on a regular basis as systems or the infrastructure change. As many recent incidents highlight, a formal disaster recovery plan is more important than ever.

“It isn’t that leaders don’t see the value of planning for disaster recovery. All but 3% of our respondents are implementing or already have some sort of plan in place,” said Tom Dunlap, director of research for Computer Economics, based in Irvine, Calif. “The problem is that in the day-to-day struggle to maintain operations and meet the needs of the business, more than half of our respondents admit that they don’t do the things to maintain a consistent and formal DR plan. For instance, they may not review the plan regularly, or perhaps they do not consider service providers in their DR planning.”

Disaster preparedness starts with having a plan for restoring data, networks, and systems in the event of natural or man-made disasters. Disaster recovery planning entails plans and processes to ensure recovery of systems and data in the event of disruption. The plan must be maintained and revised as part of the everyday IT operation. Failure to do so may lead to a complete business failure if a critical event occurs that has a direct impact on the IT infrastructure or systems. Even if an organization survives, there is likely to be significant disruption and financial loss.

One caveat: Having a disaster recovery plan is not enough—the plan must be tested periodically to ensure that every aspect of it works. We cover that topic in a separate, upcoming IT management best practice report, Disaster Recovery Testing Adoption and Best Practices.

In the full disaster recovery planning study, we first look at adoption trends for disaster recovery planning by organization size and sector. We also discuss the elements that every disaster recovery plan should contain, and steps IT organizations should take in establishing such plans.

This Research Byte is a brief overview of our report on this subject, Disaster Recovery Planning Adoption and Best Practices. The full report is available at no charge for Computer Economics clients, or it may be purchased by non-clients directly from our website (click for pricing).