Disasters are by definition rare and unpredictable and therefore not front and centre when executives think about day to day operational activities. Yet an information technology disaster can strike any business, and the costs to recover from such an event can be tremendous. As with many risks, the probability of a disaster affecting your company’s information technology infrastructure can be mitigated, and so can the fallout should the worst happen. One of the best ways to reduce the damage is to have a well-designed and tested disaster recovery plan (DRP) in place.

Why a disaster recovery plan is so important

Most businesses are highly reliant on their information technology infrastructure, and this reliance implies that disaster can strike via many routes. IT security breaches and hacking attempts are one of the most prominent: these can lead to anything from the exposure of personally identifiable information to the permanent loss of customer data. Of course, human error and hardware failure can lead to a loss of data and functionality too.
Finally, natural disasters can have huge IT implications - major fires have severely disrupted entire data centres in the past. Clearly, bad stuff can happen, but if that is so obviously the case, why do so many businesses skip on disaster recovery planning? In many cases, business executives have simply not thought through the implications. Here are 5 serious risks worth thinking about.

1. Turning away customers – possibly forever

   

   Quick and confident action after disaster strikes is the best way to retain customers, by comparison delayed and opaque responses will anger your clients. In the case of a security breach, a DRP is essential to quickly reassure customers that their data is safe, or at least establishing to what extent data have been compromised. Desperately hunting for answers while news reports circulate is a sure route to generating resentment.

   This counts for services outages too – if customers are relying on your business to get things done they will not put up with extended outages compounded by an information gap. A disaster recovery plan can help you get services back on track much quicker and should include a communications plan that will reassure your customers. Clearly, planning is key to retaining customers during adverse events. In contrast, the absence of a DRP could mean that you turn customers away permanently.

2. Losing the ability to generate revenue

   

   Service-based businesses simply cannot function without IT infrastructure, any lapse in availability impacts the ability to generate revenue. Product-driven businesses can also suffer difficulties if they sell directly, for example. It is worth thinking about the losses your business will face if it is no longer able to go through the day to day motions of serving customers.

   What if your business has no access to e-mail for a week? Or, a crucial website is out of action for days? The resulting loss in revenue can be serious and very damaging for a business. DRP’s can strongly mitigate these risks by, for example, enabling the quick and efficient switchover to alternative infrastructure to ensure business continuity. Ignoring the prospect of a disaster, however, can lead to extended disruption and extensive losses.

3. Permanent loss of records

   

   It is commonplace for businesses to store records electronically, but not every business appreciates the risks of losing these records – forever. If you have no plan in place to recover the loss of your business records, what impact will this have on the ability to continue functioning as a business? What degree of damage will your customer relationships incur if you have to rely on customers to reconstitute your business records?

   Keeping backups is essential, including an online backup in case your physical premises is affected. Equally essential is regularly testing the ability to retrieve these backups, as it is not unknown for a data recovery strategy to fail because the backup system which was thought to be in place was not available when needed. These are the type of activities that will be covered with a well-written and regularly tested DRP.

4. Long-term reduction in productivity

   

   The lack of a DRP does not necessarily mean that your business won’t recover from a disaster. You may be able to reconstitute data and recreate records. However, much of the institutional knowledge that makes a business productive over time, including processes, are stored electronically and if these go lost it may take years for your business to fully recover to its previously productive state.

   Instead of risking a permanent dent in your business productivity, make sure your DRP makes it easy to recover all of the knowledge your business has built up. Back up data, but also document processes and ensure there is an easy way to reconstitute these processes if the worst happens.

5. Business failure

   

   A massive and wide-spread disruption in technology infrastructure can well and truly bring a business to its knees. It is not always possible to prevent this, as even some of the most well protected and IT-savvy companies can suffer from catastrophic disruption. Yet it is a combination of proactive measures such as a data backup and disaster recovery plan incorporating, say, a secondary data centre that enables a business to survive a catastrophic disaster.

   When the risk to the livelihood of a business is so real it is imperative that the need for a disaster recovery plan is evaluated in a serious light. Though the aforementioned risks are important too, the catastrophic impact a disaster can have in the absence of a DRP should really provide food for thought for business executives and senior IT staff.

A study released by IHS in 2016 estimates that North American companies lose up to US$ 700 billion per year due to downtime caused by IT outages. There is no question that disaster and business continuity planning can strongly mitigate these types of losses. Importantly, the costs and efforts involved in disaster planning are relatively low. Taking pause to consider the risks involved should prompt any senior IT worker or business executive to engage in formally planning for adverse events.