Just last month the Disaster Recovery Preparedness Council reported some initial findings from our new online Disaster Recovery Preparedness Benchmark (DRPB) Survey. We created the survey to help give business continuity, disaster recovery, compliance audit and risk management professionals a better measure of their own preparedness in recovering critical IT systems running in virtual environments.
Some of the preliminary findings from the survey have surprised us. For example, results indicate that organizations in highly regulated industries such as financial services, healthcare and government, fail to make the grade for disaster recovery preparedness. In spite of strict regulations, these organizations do not appear to be better prepared than others to recover their IT systems in the event of a disaster.
Here are some results from highly regulated industries that describe their shortcomings:
- Costs from business disruption and recovery are significant and growing with 1 in 5 financial services respondents specifying losses from outages that range from $100,000 to $5 million, and 1 in 4 healthcare organization respondents estimating losses between $50,000 and $1 million.
- Despite the costs, companies in highly regulated industries still appear to lack funding for disaster recovery preparedness with 90% of federal, state, and local government respondents saying DR plans are not adequately funded, and about 40% of financial services and healthcare companies indicating a lack of funds for DR.
- We suspect that as a result of limited budgets, more than half of financial service companies only test DR plans once a year with government and healthcare close behind. The problem with rarely testing DR plans is that most companies really have no idea as to whether they can fully recover their IT systems in the event of a disaster or extended outage.
- Bottom line: Without testing and follow up there can be little accountability for the effectiveness of a DR plan in the event of a disaster, and a lot of finger pointing if/when something does happen.
DR testing and compliance reporting clearly have a ways to go in assuring full recovery of systems, even among highly regulated industries that have extra incentives and mandates to drive the process and commitment. For DR preparedness to improve, companies need a clear commitment and better solutions to help them automate processes and overcome the high cost in time and money of verifying and testing their DR plans.
We will be updating these results and examining practical solutions to help you gain a better understanding of Disaster Recovery best practices so you can make your preparedness more cost-effective and efficient. Our goal is simply to help people and companies understand critical DR challenges, increase DR preparedness awareness, and improve DR practices overall.
Steve Kahan, DR Preparedness Council Chairman