Disaster Recovery Still Just an IT Responsibility
Alarming gaps in disaster preparedness and a widespread lack of decision-making responsibilities by non-IT management highlight a new survey on Disaster Recovery planning and decision-making.
Despite all the recent attention paid to disaster recovery, DR planning and decision-making is still largely left to IT departments, according to a new survey of IT managers that uncovered some alarming gaps in disaster preparedness.
IT managers recognize the potential threats and the importance of proper disaster recovery procedures, but that awareness hasn't been enough to raise disaster recovery to the level of a top-tier corporate concern, even though a single disaster could send a company into bankruptcy, according to the survey conducted by Dynamic Markets Ltd. for VERITAS Software.
For 76% of companies, the decision-making process for disaster recovery is limited to IT staff, the survey found. Despite the potential effect on the entire business, only 5% of U.S. CEOs and 4% of non-IT managers have decision-making responsibilities when it comes to defining disaster recovery strategies.
"U.S. businesses exhibit blatant weaknesses on the front lines of their present defensive strategies," says Steve Kenniston, technology analyst at Enterprise Storage Group. "It is critical that corporations begin to examine, test, and update their disaster recovery plans, ensuring that these plans offer comprehensive coverage of all system resources and can be quickly put into action."
The recent blackout that struck the Northeastern U.S. and Canada cost New York City businesses more than $1 billion — or $36 million per hour — according to Kenniston. "Disaster recovery planning is the best corporate defense against potentially dire consequences in the case of unforeseen circumstances," he continues. "It can make the difference between corporate survival and irreparable damage."
"As a nation, we've lived through a series of catastrophic events in our recent history," says Mark Bregman, executive vice president for product operations at VERITAS Software. "With the recent Eastern Seaboard blackout and increasing number of virus attacks, the immense susceptibility of data centers has become all too apparent."
According to the survey, man-made disasters such as 9/11 are a greater concern than natural disasters. While only 6% think they are exposed to hurricanes and tornadoes, more than four times that number worry about terrorism. Technological failure ranks highest on the list of perceived threats, with the top five most common perceived threats being hardware failure (61%), software failure and viruses (59%), fire (56%), hackers (36%), and accidental employee error (31%).
Nearly half of the respondents say the main criterion they use to calculate the amount spent on disaster recovery is the financial risk associated with each potential disaster. The potential threat of terrorism is the most expensive threat that companies have calculated, at $115 million. Respondents believe the five most likely consequences of a disaster without a disaster recovery plan in place would be: data loss (64%), decreased employee productivity (57%), damage to customer relationships (50%), reduction in profits (49%), and reduction in revenue (37%).
Of the IT managers surveyed, 62% keep their disaster recovery plan only in the company's main data center. 20% keep the disaster recovery plan at a company building away from the main data center, and only 15% keep the plan located off-site at a third-party secure location. Five percent of IT managers with responsibility for their disaster recovery plan were not sure where the plan is located.
Almost a quarter of disaster recovery plans do not cover the entire data center, and only 15% cover all of a company's remote offices. Only 20% of disaster recovery plans cover the desktop environment, and a mere 14% address the laptop environment.
The survey found that 24% of companies neglect to test their disaster plan, especially in the U.S., where 34% do not test. Among those that do not test their plans, the top barrier to testing was lack of time (48%).
Dynamic Markets surveyed IT managers responsible for their company's disaster recovery plan in large companies across the U.S., 10 European countries, the Middle East, and South Africa. 877 interviews were conducted.
Back to Enterprise Storage Forum
August 20, 2003
As last week's Big Blackout of '03 begins to fade into history, businesses are starting to report the first crop of resulting problems with storage and other computer systems. On the whole, though, disaster prevention measures and recovery systems appear to have held up remarkably well.