Evolve IP Survey: Most Companies Have Subpar Disaster Recovery Plans

A large number of businesses in North America say they are not fully prepared to handle a disaster, either exhibiting risky behaviors or relying on outdated technologies and methodologies.

That’s according to a new disaster recovery (DR) survey by Evolve IP, featuring responses from approximately 1,000 IT professionals and executives. The survey also identified three main characteristics of organizations that felt “very prepared” to recover from a disaster.

Scott Kinka, Evolve IP’s CTO, tells Channel Partners that just talking with businesses about their DR strategies is a great start.

Evolve IP’s Scott Kinka

“Some partners have told us that they are concerned about opening up the DR conversation because the conversation will be very technical, and this is an area where they are not yet comfortable,” he said. “However, while the solution is often technical, the discovery is not. In fact, it is a simple business-risk conversation. Some questions to ask include: ‘Do you have a DR plan? Is it complete? Do key stakeholders in the organization know about the plan? Did you test your plan last year? How did that go? What are your goals in terms of recovery points and recovery times? Does your plan cover all of your systems or just some?'”

Nearly seven in 10 respondents said they had an incomplete DR plan. Of those, only 58 percent had a plan that was at least three-quarters (75 percent) complete. When asked if their plan was implemented formally in the business, just two-thirds (67 percent) said yes.

In addition, less than half of those surveyed had performed a DR test in 2017.

One in six (16 percent) DR plans didn’t document recovery point objectives (RPOs) and more than 13 percent of IT professionals weren’t fa­miliar with the term. Also, 15 percent of DR plans didn’t document recovery time objectives (RTOs) and 9 percent of IT professionals didn’t know that term. Some 5 percent were using backup tapes in their DR implementation.

“Once you understand where they are in the DR spectrum (no solution, basic backup, no plan, partial plan, not rolled out, fully outsourced, etc.), partners can start to add value,” Kinka said. “Another easy way to help is to leverage the tools that cloud service providers offer.”

There were several key factors that helped increase the confidence of IT professionals in feeling “very prepared” to recover from a disaster. Individuals that indicated that their company had invested sufficiently in DR were more likely to feel very prepared; organizations with compliance requirements tend to be more confident in their ability to recover from a disaster; and using either DRaaS or a MSP environment helps IT pros feel more assured.

Deliberate attacks were the fastest growing category of DR incidents and outages, according to the survey. Seventeen percent of respondents cited deliberate attacks as the cause of an outage, up four points from 2016 and up from just 6.5 percent in 2014. Other top causes include hardware/server failure (50 percent), environmental disasters (29 percent), power outages (28 percent) and human error (18 percent).

More than one-third of companies reported to have suffered from at least one incident or outage that required disaster recovery, according to the survey.

“Some businesses suffered more than $1 million in lost revenues,” Kinka said. “Another obvious cost is lack of associate productivity. When systems are down, most employees can’t do their job, and that has a huge impact on non-sales-facing roles. There were other implications as well. For example, some survey participants noted that their professional reputation was damaged. The operative question is this: ‘How much money would you lose if your business systems were unavailable for one hour? A day? A week? A month?'”