SURVEY: Local firms still neglect disaster recovery planning, communication
Around 14% of local organisations do not have a disaster recovery or a business continuity strategy in place.
This was revealed by a recent survey conducted by ITWeb, in partnership with enterprise resilience management services firm, ContinuitySA.
Almost 60% or respondents report they do have both a disaster recovery and a business continuity strategy in place. However, 40% of those believe that it is not well communicated throughout the organisation and a further 14% were unsure.
The cost of downtime is rapidly rising and organisations should build a resilience competence strategy that does not only address business continuity, but also enables the business to cope with diff erent and multiple incidents simultaneously and over a long period of time, advises ContinuitySA.
Cost (57%) and lack of skills or resources (21%) were cited as the main reasons for not having a disaster recovery or a business continuity plan in place. A further 7% of respondents list a lack of connectivity as the reason.
"Organisations lacking business continuity and disaster recovery strategies in a worst-case scenario, following a disaster, are quite likely to go out of business," says Michael Davies, CEO at ContinuitySA. "Organisations should, wherever possible, naturally build resilience."
This, adds Davies, can be achieved, by using distributed operations, so that if one facility goes down, another facility can take on some of the load for a temporary period while the first facility is recovered to a normal state of operations.
When asked what has caused their organisation to experience downtime within the past two years most respondents cited power outages or failure (60%) and software or network failure (52% ). A further (27%) experienced configuration change management issues.
While 54% of respondents said their organisation has not been impacted by a cyber-incident, 12% were unsure, which 34% and possible more has been hit by a cyber security attack.
"Given the ubiquitous nature of IT, remote working, employees using their own devices and the ever-increasing global connectivity, it is highly probable that the organisation that you work for will experience a cyber-incident someday. In order to minimise the impact of any cyber-incident, organisations should employ a framework that covers protection; detection; response and recovery."
The majority of respondents indicated that their primary reason for establishing a business continuity management programme is organisational resilience and continuity of business operations (77%), and reputation management (57%), with 32% citing government legislation and compliance requirements.
Abdication of responsibility
Just over half (53%) of respondents cited security as their biggest concern with putting mission critical data in the cloud, with 13% saying accessibility and 7% having concerns related to backup.
"We are concerned that organisations have a general assumption that, when putting data in the cloud, the cloud service provider automatically backs up the data," notes Davies. "This abdication of the organisation's responsibility to ensure that they have back up, restore and recovery capabilities can potentially cause the organisation considerable damage should the cloud provider have an outage for any reason, or a cyber-incident which is becoming more common.
"Our advice is to confirm what business continuity and back up capability the cloud provider has in place and what guarantees there are that their data can be recovered."
A further 61% of respondents believe that cloud computing and a mobile work force alleviates the need for a disaster recovery site, while almost a third (28%) disagree.
"Cloud computing and a mobile work force on their own do not alleviate the need for a disaster recovery site. Cloud computing and a mobile work force certainly assists and can improve business continuity planning and may also change the requirements on a disaster recovery site. However, almost all organisations require some form of alternate site to accommodate its employees during times of disruptions."
Almost 40% of respondents said their annual business continuity management budget is less than R500 000, while 11% said it's between R500 000 and R1 million.
Around 66% of respondents believe business continuity management of their company is on the board of directors' agenda, while almost 16% don't think their board is looking into the business continuity management of their organisation.
"Building a comprehensive resilience through business continuity and disaster recovery means so much more than merely taking care of 24/7 ICT requirements, but also looks after the people and an organisation's reputation," concludes Davies.