Despite multiple warnings about the consequences of failing to have a robust disaster recovery plan in place, a new study suggests that only about a third of companies test their disaster recovery plans on a regular basis. Of the sample surveyed by Kroll Ontrack across the UK and Germany, only 9% of companies said they test their plans every one to five months and another 29% every six to 12 months.

The findings follow a report by IDC earlier in 2015, which found that a typical Fortune 1000 company experiences an average loss of US$100,000 per hour when struck by infrastructure failure and additional costs of between US$500,000 and US$1m when faced with a critical application failure.

While half the companies surveyed by Kroll Ontrack had not experienced an IT incident in the previous three years, more than a third had to invoke their disaster recovery plan. While the majority of these companies had to invoke their plan between one and five times, a small minority were forced to undertake disaster recovery measures more than 10 times in the last three years.

Another concern raised by the new study (conducted among 195 system administrators and business managers in Germany and the UK) is that even though employees’ mobile devices are now an important element of corporate IT infrastructure, this hasn’t been accounted for by most companies’ disaster recovery plans. Almost half (48%) of respondents said that their plans do not cover mobile devices used by employees to access corporate systems.

Paul Le Messurier, programme and operations manager at Kroll Ontrack said: “These findings are a clear indication that many companies still face significant risks in terms of data security, data loss and data recovery. They also lack a thought-out disaster recovery plan that is tested regularly and is bullet-proof when a real disaster strikes the company and it is faced with system failure and data loss. Without an effective plan in place, companies face the prospect of a loss of business continuity plus reputational and financial damage. It’s important that disaster recovery plans are in place, but it’s just as important to ensure that they are tested regularly and updated accordingly.

“Even though the cost of downtime for a small to medium sized company may not be as high as for a Fortune 1000 one, it can still have an impact that threatens the existence of the company. It pays to have a disaster plan in place that is tested regularly and that can be invoked quickly and efficiently.”

In a separate poll undertaken in the UK, almost half of respondents (46%) said that they did not have a disaster recovery plan in place at all, while a quarter (24%) said that they did not know whether they had a plan or not.

Kroll Ontrack has developed a free data recovery plan template that businesses can use to build their own plan together with guidance on what needs to be included. It recommends that any plan should take into account the following:

• IT services: Which business processes are supported by which systems? What are the risks?
• People: Who are the stakeholders, on both the business and IT side, in a given DR process?
• Suppliers: Which external suppliers would you need to contact in the event of an IT outage? Your data recovery provider, for example.
• Locations: Where will you work if your normal premises are rendered inaccessible?
• Testing: How will you test the DR plan?
• Training: What training and documentation will be provided to end users?

Share Story: