Firms not Ready for Disaster Recovery

Wednesday, March 5, 2014 @ 04:03 PM gHale


Almost three quarters of organizations (73 percent) worldwide are not taking adequate steps to protect their data and IT systems, a new study said.

Poor planning, testing and technological deficiencies have led to more than $5 million worth of critical applications failure, data center outages and data loss, according to a new benchmark study by the Disaster Recovery Preparedness (DRP) Council.

RELATED STORIES
Strengthening Two-Factor Authentication
Awareness Awakening: Firms Assume Compromise
Lack of Confidence in Handling a Breach
Internal Security Breaches Biggest Threat

The study polled more than 1,000 organizations, from small businesses to large enterprises, to help them benchmark readiness for critical IT systems recovery in virtual environments.

Key findings include:
• 64 percent of respondents surveyed said their organization’s disaster recovery (DR) budget is inadequate and underfunded.
• More than 60 percent said they do not have a fully documented disaster recovery plan, and among the minority that does, 23 percent of respondents have never tested those plans.
• Approximately one-third said they test their plan only once or twice a year, and more than 65 percent of those organizations do not pass their own DR tests.
• 78 percent of respondents have experienced outages of critical applications, and of that group, 63 percent said losses ranged from a few thousand dollars to over $5 million.
• Of the respondents who have experienced outages, 28 percent said their organization lost data center functionality for up to weeks at a time.

The majority of respondents surveyed acknowledge their deficiency in disaster preparedness and report their organization is now planning or revising its implementation strategy.

Some organizations have already taken steps to improve their disaster preparedness, employing best industry practices which include:
• Building a comprehensive DR plan to recover applications, networks and business services, including primary and secondary sites.
• Defining recovery time objectives (RTOs) and recovery point objectives (RPOs) for critical applications to set proper expectations and assumptions for management and staff.
• Automating frequent recovery testing for critical applications to validate their recovery capabilities within specified RTOs/RPOs.



Leave a Reply

You must be logged in to post a comment.