Nearly Half of Organizations Polled Have Executed Their Disaster Recovery Plan
Disaster recovery plans have traditionally been documents that companies hope they will never have to use. The findings of the survey revealed that nearly half of IT organizations have had to execute their company's disaster recovery plans. Though the respondents polled recognize that planning and testing is important, many IT professionals have failed to put proper measures in place to ensure disaster recovery plans meet critical recovery time objectives (RTOs) and recovery point objectives (RPOs). According to the research findings, 48 percent of organizations have had to execute their disaster recovery plans. Additionally, 44 percent of organizations without a disaster recovery plan experienced one problem or disaster, while 26 percent experience two or more, and 11 percent experienced three or more.
The study findings also found that 69 percent of respondents are concerned about suffering damage to their company's brand and reputation, 65 percent fear harm to overall customer loyalty, 65 percent are concerned about the impact to their competitive standing, and 64 percent worry about losing company data in the wake of disasters. Despite these concerns, the rigorous legal requirements and the severe fines companies can face by not ensuring that they have adequate disaster recovery plans in place, the study also indicates that 77 percent of CEOs are still failing to take an active role on disaster planning committees.
Findings Reveal Incomplete Disaster Recovery Planning and Testing Methods
Although a majority of respondents stated that they do test their disaster recovery plans, respondents surveyed indicated that even when tests do work, plan testing as well as probability and impact assessments are not comprehensive, leaving lingering concerns about the actual effectiveness of their efforts.
While 88 percent of IT professionals polled carried out a probability and impact assessment for at least one threat, only 40 percent carried these out for all threats, and 12 percent did not carry out a probability and impact assessment for any threat. Configuration change management was the least assessed threat area, and only 42 percent of respondents who felt exposed to this threat actually carried out a probability and impact assessment for it.
Failure to Plan for Disasters Carries Multiple Risks
A variety of concerns have prompted IT organizations to create a disaster recovery plan, with 69 percent citing natural disasters, 57 percent naming virus attacks and 31 percent specifying war and/or terrorism. Respondents also feel exposed to IT-specific threats, with 67 percent citing computer failure and 57 percent naming external computer threats. However, while 89 percent of respondents have agreed upon acceptable levels of risk with non-IT business executives in their organization, only 33 percent have done so for all the threats to which they feel exposed.
Findings Highlight Need for Comprehensive Disaster Recovery and Business Continuity Strategies
To help ensure business continuity, Symantec recommends that organizations adopt disaster recovery strategies that ensure application and data availability across any physical or virtual platform and distance. Symantec offers industry leading solutions and services to help organizations build disaster recovery strategies. These solutions include data protection, server provisioning, application clustering, storage management and replication offerings. Symantec offers comprehensive services which can help organizations reduce the impact of planned downtime and minimize the downtime of applications and data caused by unplanned disruptions. These consulting services include business continuity management, IT service continuity management, high availability and support services.
"IT executives are taking a fresh, hard look at their disaster recovery and business continuity strategies," said Sean Derrington, director, storage management product marketing, Symantec. "To protect against downtime, organizations must implement high availability and disaster recovery across their enterprise environments. They must also maintain procedures for non-disruptive disaster recovery testing that continually evaluate the effectiveness of their disaster recovery strategy without impacting the production environment."
