Most companies feel confident their businesses would continue without major disruption in the event of a disaster, a recent survey found. The matter is firmly on the agenda of company boards, but less than 14% of IT budgets go towards business continuity.
These were some of the key findings of the ITWeb/ContinuitySA 2015 Business Resilience survey, which ran online from November last year.
Disaster recovery and business continuity should be an integral part of business processes, protecting organisations against possible risks and lowering the impact of any potential business disruption. "A business continuity plan within organisations is critical because it looks beyond dealing with an emergency or a disaster itself," says Cindy Bodenstein, marketing manager at ContinuitySA. Companies need to take into account exactly what will be required to get the business up and running as soon as possible after an event, she adds.
It's not surprising that over half of survey respondents (63%) indicated their organisation does indeed have both a disaster recovery and a business continuity plan in place, with only a very small percentage (6%) saying they don't have one. A further 11% of respondents only have a business continuity plan in place, and 15% have an active disaster recovery plan.
"Having a detailed plan, regularly tested, will minimise the effect of a disruption on a business," notes Bodenstein. "This reduces the risk of financial loss and ensures a company's brand and image are retained, giving staff, clients and suppliers confidence in the organisation's services."
Of the companies that have either or both business resilience plans in place, just under half (49%) said these plans are considered to be well communicated throughout their organisation. However, a third of respondents were less than satisfied with how their business resilience plans were communicated.
"Communication of the business resilience plan is vital to organisations so that everyone knows in the event of a disaster what is expected of them," comments Bodenstein. "A business resilience plan is worthless if it is stored away in a filing cabinet and not regularly reviewed, communicated and tested."
As many as 13% of responding companies have had no downtime in the past year. For those that were not so lucky, the top three causes were software or network failure, power outages, and system upgrade and configuration change management issues.
Overall, the respondents' confidence in their ability to weather a disaster with minimal disruption to the business is strong – almost 60% rated it as high or very high.
Companies that do not have a business resilience plan in place cited three reasons for this: cost, lack of skills or resources, and lack of connectivity.
"Implementing an end-to-end business continuity programme can be a costly undertaking for any organisation, regardless of its nature or size," says Bodenstein. "While larger organisations may have more resources available to them than smaller ones, the sheer size and complexity of the organisation can make implementing a business resilience plan an onerous undertaking."
To minimise the burden and control the cost of implementing a resilience plan, companies should limit the scope of the initial implementation, and roll out resilience planning to the entire company over an extended period of time, based on the capacity and resources available, she notes.
"Thus, the initial scope of implementation should be limited to the organisation's most critical functions or areas," Bodenstein advises.
"The most critical functions can be determined as those functions that directly support the strategic objectives of the organisation or make up the organisation's core business, and which would have the most critical impact on the organisation should they be disrupted. Then it can be gradually rolled out to the entire organisation, leveraging off the lessons learnt from the initial implementation. In this way, an organisation is able to control the cost of business resilience planning to suit their budget and capacity."
Our comments policy does not allow anonymous postings. Read the policy here