When push comes to shove, companies are going to invest in technologies that will generate revenue now, rather than those that will keep the business alive down the road. According to a recent survey by Gartner Inc., one in three U.S. companies would suffer critical losses during a disaster because their recovery plans are not fully funded. Gartner surveyed more than 200 business/IT executives with knowledge of their company’s disaster recovery plans.
Nearly one in four respondents (24 percent) said lack of funds was the main reason for not yet initiating a formal disaster recovery plan. And of those companies with a disaster recovery plan in place, 37 percent need more investments to make those plans work. One of every 10 companies had no formal disaster recovery plan in place.
“Unless they’re regulated, companies aren’t protecting themselves from something that may or may not happen down the road,” says Tony Adams, Gartner analyst. “They will deal with the emergency when it occurs.”
Adams says regulated companies (for example, finance, health care, pharmaceuticals and government agencies) do a better job of protecting themselves than unregulated companies or even small companies. Those in a regulated environment tend to spend at least 1 percent of their IT budget on disaster recovery. The others tend allocate no more than 0.5 percent of their IT budgets for disaster recovery.
Adams says companies should not use IT budget as the only measure for disaster recovery spending. He says companies should invest based on how much revenue a function is generating for the company, and in many cases recovery may deserve more than 1 percent of the IT budget.
“How much business is riding on that IT system functioning properly?” Adams asks. “To be on the safe side in a disaster recovery plan, companies should evaluate the impact of a system failure and evaluate system loss in terms of revenue.”
Even if plans are in place, Adams says many companies- –the exception is utility companies–don’t know how well those plans work because they are rarely tested. “Many companies don’t have the guts to throw the switch,” Adams says. “Having a complete enough plan that you test fully and frequently is the ultimate that most companies don’t do enough of.”
Although IT plays a significant role in business and disaster recovery, Adams says disaster planning is about more than keeping the servers up during a power outage. It touches every system and every person in the business. The analyst says everyone in the organization should know how to respond during a crisis, not just the IT department. “Stop thinking about disaster recovery as purely an IT function,” Adams says. “It’s about the business first and foremost.”