Ten years ago, companies could afford to be somewhat complacent about disaster recovery. The argument in favour went along the lines of, “Make sure you can recover your business in case your business might be hit by a catastrophic event.” The idea resonated best with businesses in highly regulated markets where business continuity provision was a prerequisite. Businesses knew the chances of a catastrophic event happening were relatively small, and they felt they could easily absorb 24, 48 and in some cases 72 hours of IT down time and associated financial losses. In fact 12 years ago, one particular customer endured 6 weeks of downtime.
At that time business operations and processes weren’t so lean or closely coupled both internally and externally to customers and supply chains. That’s all changed. Business and governments are now completely reliant on tight-knit ecosystems based around IT. In simple terms: No IT, No Business. Yet many CEOs and boards still seem to be living in the past when it comes to disaster recovery and business continuity.
Choosing not to invest in disaster recovery is not without cost. Some CIOs have described to me scenes of board members walking out of the room when it comes to discussing disaster recovery – they simply don’t understand and only see disaster recovery as a “grudge purchase,” something they don’t want to buy but must. Recent IT and terror related events on both sides of the Atlantic have suddenly exposed the vulnerability of businesses.
FedEx has a reputation built on guaranteed delivery, but a computer virus infiltrated its Dutch unit, TNT Express, disrupting operations and causing trading in the company’s stock to be halted. It has just announced a 17% drop in profits. If it can happen to FedEx, it can happen to anyone. Once you find yourself in this situation, the resilience of your business sits at number one on your agenda for weeks to come while you manage the fallout with lawyers, regulators, investors, customers and employees. Once you are in crisis mode, any strategic plans you had for your business will be derailed for some time to come. If you add up the incurred expenses, lost productivity, opportunity costs, lost contracts and the dip in market value, suddenly $500k-$1m for disaster recovery operations doesn’t seem like a grudge purchase anymore. It could even be argued it’s peanuts for such a strategically important item. If disruptive events once had a relatively low probability of occurring, the advent of widespread cyber threats stand that assumption on its head.
You will get a return on investment on disaster recovery planning because you will be hit by a cyber attack. Remember how tight supply chains have become, the risk is of a critical business impact is magnified when you consider all the suppliers and customers in your ecosystem. If you were depending on a logistics business to deliver your packages, you are equally affected by the cyber attack. Gartner’s ‘Predicts 2017: Business Continuity Management and IT Service Continuity’ report ~~Published: 15 November 2016 ID: G00315512: Analyst(s): Dave Russell, Robert Rhame, Mark Thomas Jaggers, Roberta J. Witty , illustrates how woefully unprepared companies are for keeping the business going during a catastrophe. Out of 854 organizations, measured in the report, only 13, who had the highest level of business continuity maturity, were able to meet their recovery objectives without issues. As for the others with lesser degrees of business continuity maturity, you are for the most part looking at recovery success levels measured in single digit percentile scores. This comes at a time when cloud based recovery products have been consumed at a phenomenal growth rate of 13-55% depending on which market report you care to believe.
So why are recovery success rates so poor?
Established, mature businesses have complex IT comprised of cloud and physical assets. Some applications can't be recovered to the cloud and that's where some recovery products fail. They only partly solve the recovery problem. Your CIO needs to take a solution based approach using the right IT recovery assets that broadly speaking match your production IT.
While some companies are clearly failing at DR - They may be your competitors, which is great. But some may well be your critical suppliers and business customers. Analysts IDC predicts that by 2020, 25% of truly transformative new solutions will be ecosystems created by customers and suppliers . So you have to ask yourself, can you really afford to be without resilient IT systems and partners that enable you to drive your business systems forward with a credible disaster recovery response?
You will get a return on investment on disaster recovery planning because you will be hit by a cyber attack.....choosing not to invest in disaster recovery is not without cost.