Throughout 2023, organisations were more reliant on their IT systems than ever before, according to new research from Databarracks.
Last year, 68% could survive less than one day without IT systems. That compares to just 46% in 2017, marking a significant increase in dependence on technology.
Databarracks Managing Director, James Watts, commented: “Organisations are finding themselves in an increasingly difficult position. On one hand, the risk of IT downtime is significantly increasing due to cyber causes. On the other hand, digital transformation efforts have led to a greater dependence on technology.
“Technology is so fundamental to the way organisations now function that the effect of IT downtime is amplified.
“So, what can businesses do to become more resilient? They should start by addressing the cyber threat and developing defences and response capability. The greater the potential impact of an outage, the more vital it is to react and respond as early as possible.
“Next, improve recovery methods to deliver the reduced Recovery Time Objective demanded by the organisation.
“We also recommend assessing what can be done to keep the business operational without IT. There are fewer manual tasks now that can keep organisations productive in the event of a systems failure or attack. As processes have been automated by technology, the old manual methods are often forgotten. These are never as fast or efficient, but they can keep the business operational at a minimum level.
“This is one reason why we would always recommend including manual workarounds in DR plans. As the incidence of cyber-attacks continues to rise, this is more important than ever.
“In Business Continuity, we talk about the Maximum Tolerable Period of Disruption. This is the period after which the viability of the organisation would be threatened. Each organisation will have a different MTPD and, as we have seen from our research, it is decreasing over time.
“MTPD is a central figure to use in BC planning. Knowing your MTPD will determine the RTO your Disaster Recovery systems need to deliver and how long you can afford to wait before declaring an incident and invoking DR to kick-off recovery. Your MTPD should be non-negotiable, and non-adjustable. This is where testing really comes in because it gives your team an opportunity to practice that recovery process – not just what to recover, but when.
“Determine your MTPD – and make it a hard line. Once you allow wiggle room, you will miss your recovery objectives. Ultimately, deciding on what outcome is unacceptable to you will help you put effective boundaries in place.”
