Natural disasters, theft, cyberattacks, equipment failure and human error can strike at any time and without warning. When critical operational information is lost, organizations can expend valuable time and resources in an attempt to recover that information. In today’s business environment, however, few businesses can survive days or weeks of downtime as they attempt to recover systems and data. That’s one reason why 25 percent of businesses fail to reopen following a disaster, according to the Institute for Business and Home Safety.
Yet many small to midsize business (SMBs) do not understand the importance of disaster preparedness, according to Symantec’s 2011 SMB Disaster Preparedness Survey. The survey, conducted in October and November 2010 by Applied Research, included more than 1,840 IT professionals responsible for computers, networks and technology resources at SMBs in 23 countries.
Half of the respondents said their organizations do not have a disaster plan in place. Forty-one percent said that it never occurred to them to put together a plan, and 40 percent stated that disaster preparedness is not a priority for them. The information that drives most SMBs is simply not protected.
“According to the research findings, SMBs still haven’t recognized the tremendous impact a disaster can have on their businesses. Despite warnings, it seems like many still think it can’t happen to them,” said Bernard Laroche, senior director, SMB product marketing, Symantec. “Disasters happen and SMBs cannot afford to risk losing their information or — more importantly — their customers’ critical information. Simple planning can enable SMBs to protect their information in the event of a disaster, which in turn will help them build trust with their customers.”
This lack of preparation is surprising given how many SMBs are at risk. Sixty-five percent of survey respondents live in regions susceptible to natural disasters. In the past 12 months, the typical SMB experienced six computer outages, with the leading causes being cyberattacks, power outages and natural disasters. The median cost of downtime for an SMB is $12,500 per day.
Outages cause customers to leave — 54 percent of SMB customer respondents reported they have switched SMB vendors due to unreliable computing systems, a 12 percent increase over last year’s survey. Forty-four percent of SMB customers surveyed stated that their SMB vendors have temporarily shut down due to a disaster. This affects their own businesses — when SMBs experience downtime, it costs their customers an average of $10,000 per day. In addition to direct financial costs, 29 percent of the customers surveyed lost “some” or “a lot” of important data as a result of disasters impacting their SMB vendors.
Government regulations such as HIPAA and Sarbanes-Oxley are also now mandating offsite backups and disaster recovery plans. Organizations that do not properly comply could face stiff penalties.
Despite all of these risk factors, SMBs are not being proactive when it comes to disaster recovery planning. Half of the SMBs that have implemented disaster preparedness plans did so after experiencing an outage and/or data loss. Fifty-two percent put together their plans within the last six months. However, only 28 percent have actually tested their recovery plans, which is a critical component of actually being prepared for a potential disaster.
Even the most basic protections are lacking in many SMBs. Less than half of SMBs back up their data at least weekly and only 23 percent back up daily. Respondents also reported that a disaster would cause information loss. In fact, 44 percent of SMBs said they would lose at least 40 percent of their data in the event of a disaster.
These organizations are taking an unneeded risk. Thanks to disk-based solutions, backup and recovery processes are simpler and faster than ever before. Some of the latest backup devices can also function as virtual servers should an organization’s primary server fail. Furthermore, virtualization and cloud-based solutions make it cost-effective to replicate backup data offsite without a large capital outlay for redundant equipment.
However, SMBs should not confuse data backup with disaster recovery planning. An effective disaster recovery plan should address not only backup and recovery procedures but offsite data storage and electronic and physical network access. It involves critical decisions that balance the cost of disaster recovery with the risk to the business.
A critical initial step is to list business functions, ranked in priority according to which must be back in operation first. Once these priorities are established, recovery time objectives (the allowable amount of downtime before the function is brought back online) and recovery point objectives (the allowable amount of data loss since the last backup) should be established for each function. Not everything needs protection — the key is to focus on core applications and data.
This winter’s “Snowmageddon” remains fresh in our minds. Japan’s devastating earthquake and tsunami still dominate the headlines. Hurricane season is just around the corner. It’s time for SMBs to recognize that the next disaster could strike at any time, and only those with an effective disaster recovery plan will survive.
