Sandy shows that not being prepared can be fatal to an enterprise

Business Continuity Plans Are Expensive

A company’s disaster recovery and business continuity programs would be incomplete without covering compliance risks and without using compliance tools to mitigate risks. On the other hand, compliance management is a critical component of disaster recovery and business continuity. This is recognized by executive management’s ensuring that integrity and regulatory compliance are achieved – alongside strategic, operations and reporting objectives as the key pillars of a corporate disaster recovery and business continuity programs.

As Hurricane Sandy bore down on the entire eastern seaboard, threatening massive power outages, flooding and property damage from Boca Raton to Bangor, it was a very trying time for CIOs on the East Coast and caused CIOs in all of the other parts of the nation to review their disaster recovery plans. Protecting your data and IT systems from possible disaster is expensive, but being unprepared when disaster strikes is far more costly.

The 2012 Global Disaster Recovery Index indicates businesses around the world are starting to take disaster recovery preparation more seriously. Two-thirds of businesses are reviewing and auditing their business continuity/disaster recovery plans more frequently. However, while fairly routine tasks like testing are popular (65% of respondents have performed), more complex disaster recovery steps such as implementing a full-scale business continuity plan (46%) are less popular.

And less than one in three respondents (28%) have accelerated cloud adoption even though moving data and software onto virtual servers is one of the best ways to mitigate risk from physical damage caused by natural disasters. In another sign businesses still are not taking disaster recovery as seriously as they could or should, less than one in five respondents (17%) have escalated backup and disaster recovery to become a priority at board level.

The Cost of Disaster
When disaster strikes, it creates quite an expense. The data shows system downtime costs the average business more than $366,000 per year. The average company loses 2.2 workdays a year to system downtime and 86% of companies have experienced system downtime in the last year.

And disasters can be caused by human folly as well as the unpredictable whims of nature. Human error is by far the most common source of system downtime according to index results, with 60% of respondents citing it as a downtime cause. Other frequent sources of system downtime include human-generated events such as unexpected patches and updates (56%), server room environment issues (44%) and virus/malware attack (18%). Hardware error/theft combines IT glitches with human greed (14%), while onsite disasters (26%) and power outages (44%) may or may not have human error or malfeasance at their root.

Only 10% of respondents cited natural disasters as a cause of system downtime. Although natural disasters receive a large amount of publicity (witness the round-the-clock Sandy coverage) due to their unequaled destructive power and the natural human fascination with things beyond our control, CIOs need to account for many more potential threats when formulating a disaster recovery plan.

Author: Victor Janulaitis

M. Victor Janulaitis is the CEO of Janco Associates. He has taught at the USC Graduate School of Business, been a guest lecturer at the UCLA’s Anderson School of Business, a Graduate School at Harvard University, and several other universities in various programs.