Research conducted by Databarracks has revealed a significant disparity between organisations’ attitudes and approaches to business continuity (BC) and disaster recovery (DR). The findings indicate that while medium and large organisations are confidently implementing Business Continuity Plans (BCPs), small organisations are putting themselves at risk by failing to follow suit.
The findings are part of Databarracks’ fifth annual Data Health Check report, which surveys over 400 IT professionals in the UK on the ways in which technology is used by businesses today.
The results revealed that only 30 percent of small organisations have a BCP in place, compared with 54 percent of medium-sized businesses and 73 percent of large businesses. Perhaps even more concerning is that when asked if they intended to implement a BCP in the next 12 months, over 40 per ent of small organisations had no intention to do so.
Other key findings from the survey regarding disaster recovery and business continuity included:
– Hardware failure (21 percent), software failure (19 percent) and human error (18 percent) were reported as the top causes of data loss.
– Large organisations are more than twice as likely to have tested their disaster recovery plans in the last year compared to small organisations.
– “Lack of time” was deemed to be the biggest reason why organisations of any size do not test their disaster recovery plans (35 percent), which was followed by “cost” (18 percent) and “lack of skilled staff to carry out testing” (18 percent).
– This figure, however, is expected to change over the next 12 months, as Disaster Recovery as a Service (DRaaS) is expected to have one of the highest uptakes of cloud services across all organisations.
In light of these findings, Peter Groucutt, managing director of Databarracks, feels that disaster recovery services are no longer a luxury but a necessity for all organisations, regardless of size: “It isn’t a surprising trend for larger organisations to be more likely to have a business continuity plan than smaller organisations. What we do find surprising is that it is only 30 percent of respondents from small organisations, and around half of medium-sized, even have a BCP at all. Two of the main reasons for the disparity are cost and time. Larger organisations have dedicated Business Continuity Managers, but in the smaller organisations the responsibility falls to the Managing Director or CEO and the IT Manager to own the plan and handle disaster recovery.
“Real IT disaster recovery has, until now, been a prohibitively expensive service and could only be afforded by the largest organisations. The reductions in cost that cloud computing has brought about mean that’s no longer the case – it should be a top priority for any organisation. Of the organisations that do have IT disaster recovery practices in place, over half haven’t tested in the last year, and the top reason is that organisations don’t have the time to do so.
“Disasters don’t discriminate when it comes to the size of your organisation. We just need to look at the likes of the CryptoLocker virus or the UK floods earlier in the year to see that – the floods alone caused over £830m worth of damage to small businesses. And it’s not just the media-worthy incidents such as cyber-attacks or natural disasters that are a risk. The largest causes of data loss last year were actually down to some of the more mundane issues such as hardware failure or human error. It’s these that are often overlooked, but that can have the biggest impact on the business if things go wrong.” Groucutt concluded: “There needs to be an attitude change. Disaster recovery is not only available and affordable to organisations of all sizes, it’s absolutely essential.”
View the online infographic here.
Download the full report here.
About Databarracks
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.