IT disaster recovery plans not tested enough

Following a report by IDC earlier in 2015, which found that a typical Fortune 1000 company experiences an average loss of US$100,000 per hour when struck by infrastructure failure and additional costs of between US$500,000 and US$1 million when faced with a critical application failure, recent research shows that two thirds of companies still fail to test disaster recovery plans regularly.

While half the companies surveyed by Kroll Ontrack had not experienced an IT disaster in the previous three years, more than a third had to invoke their disaster recovery plan.  While the majority of these companies had to invoke their plan between one and five times, a small minority were forced to undertake disaster recovery measures more than 10 times in the last three years.

Mobile devices are now an important element of corporate IT infrastructure

Another concern raised by Kroll Ontrack’s new study is that even though employees’ mobile devices are now an important element of corporate IT infrastructure, this hasn’t been accounted for by most companies’ disaster recovery plans. Almost half (48%) of respondents said that their plans do not cover mobile devices used by employees to access corporate systems.

Paul Le Messurier, Programme and Operations Manager at Kroll Ontrack said: “These findings are a clear indication that many companies still face significant risks in terms of data security, data loss and data recovery.  They also lack a thought-out disaster recovery plan that is tested regularly and is bullet-proof when a real disaster strikes the company and it is faced with system failure and data loss.

“Without an effective plan in place, companies face the prospect of a loss of business continuity plus reputational and financial damage. It’s important that disaster recovery plans are in place, but it’s just as important to ensure that they are tested regularly and updated accordingly.”

It’s vital to consider how to test the DR plan

In a separate poll undertaken in the UK, almost half of respondents (46%) said that they didn’t have a disaster recovery plan in place at all, while a quarter (24%) said that they didn’t know whether they had a plan or not.

Kroll Ontrack recommends that any data recovery plan should take into account the following:

  • IT services: Which business processes are supported by which systems? What are the risks?
  • People: Who are the stakeholders, on both the business and IT side, in a given DR process?
  • Suppliers: Which external suppliers would you need to contact in the event of an IT outage? Your data recovery provider, for example.
  • Locations: Where will you work if your normal premises are rendered inaccessible?
  • Testing: How will you test the DR plan?
  • Training: What training and documentation will be provided to end users?