Over 75% of organisations face unnecessary disruption risks for critical applications

Many organisations don’t devote enough attention to mission-critical applications when creating disaster recovery plans. One of the biggest reasons is the ‘resiliency perception gap’, or the gap between executives’ perceptions of the effectiveness of their resiliency strategies and how successful these plans actually are at protecting against application outages or downtime. This gap can result in lost revenue and damaged brand reputations.

A new Forbes Insights Executive Brief, sponsored by IBM, shows that 80% of respondents fully expect their disaster recovery plans can run their business in the aftermath of a disruption, yet this confidence is questionable. Less than a quarter of those same executives say they include all critical applications in their disaster recovery strategies, which means that 78% of enterprises face unplanned and unnecessary risks for these essential resources.

‘Business Resiliency: Now’s The Time to Transform Continuity Strategies’ also notes that gaps exist in management and governance activities, with 61% of executives observing that business continuity, disaster recovery and crisis management are ‘siloed’ rather than administered as they should be as an interrelated whole.

Many organisations don’t have the means – or the desire – to fully protect critical assets as nearly three-quarters (73%) of surveyed executives pointed to shortfalls in funding and other resources as impediments to covering all critical applications within disaster recovery programmes. In addition, another 25% of executives don’t even consider it essential to cover 100% of their critical applications.

Outdated runbooks are common as more than half of enterprises (58%) go almost a year, and sometimes longer, between tests of their business continuity and disaster recovery plans. Only 28% of companies run assessments on a monthly basis. As a result, nearly half of the executives (47%) say that disaster recovery drills or actual events showed the runbook was ‘out of sync’. Almost half (46%) of the executives questioned believe that testing disrupts their organisations, while the cost of running tests keeps another 25% from testing more frequently.

There’s often an over-reliance on manual processes as disaster recovery strategies are not becoming automated as quickly as production processes, leaving nearly a third (31%) of enterprises struggling with manual disaster recovery resources. Even many of the more mature organisations have only pockets of automation.

“Clearly, many executives don’t realise the full extent of risks they’re running,” said Bruce Rogers, chief insights officer at Forbes Media. “On top of that, tight budgets force many to make trade-offs.

Chandra Sekhar Pulamarasetti, co-founder and CEO of Sanovi Technologies and vice-president of cloud resiliency orchestration software and services at IBM, added: “Today’s clients demand IT recovery solutions that are designed for complex hybrid cloud environments to restore their confidence and meet their business needs. Cyber attacks and other threats require innovative business resiliency plans that are orchestrated to anticipate problems and reduce risk, cost and downtime in the process.”

About the Author

Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications)

Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting.

In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector.

In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute’s George van Schalkwyk Award.

An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award.

Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site.

Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media.

Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014.

Related Posts