It happens when you least expect it, when the timing is bad, when it’s the last thing you’re prepared to deal with. That’s why it’s a disaster. But the real disaster is that so few companies are ready with a plan to get them through one.

Most Don’t Have One

As per research done by Symantec in a study from 2011, 57% of small to medium businesses didn’t have a Disaster Recovery Plan (DRP). Those numbers don’t appear to be improving. From an article in February 2015, roughly 60% of businesses in Canada did not have a plan in place to address security incidents like hack attacks, breaches or system failures. This information comes from 2 online surveys done by analyst firm IDC Canada for Cisco, comprising 2000 Canadians and 498 Canadian businesses.

Questions addressed security preparedness, and topics like security policies, recent cyber attacks, and familiarity with mobile and cloud-based applications. The result? Per Cisco “many Canadian businesses operate without any security strategy for their networks and are ‘woefully unprepared’”.

It’s like jumping without a net. Per CRA, a managed IT solutions firm in NYC, the average cost per day of IT downtime can amount to as much as $12,500. Many smaller businesses fail to recover from the financial losses they sustain, and go out of business within a year. As stated by Tom Richer, CRA Chief Sales & Marketing Officer:

SMBs that do not have a disaster recovery plan are taking an unnecessary risk. Not recovering quickly from a disaster or outage could mean the loss of many clients and revenue

So Why Not?

If we know the risks are growing and the costs of downtime are perilously high, why do so few companies have a plan in place? Below are the results from a recent survey done by Continuity Central. The numbers speak for themselves:

• Lack of budget, funds and resources: 35.6 percent
• Lack of top management commitment, buy-in and support: 16.4 percent
• Lack of business unit support: 6.6 percent
• The low priority given to BCM compared to other deliverables. 5.3 percent
• Organizational apathy towards BCM: 4.9 percent
• Staffing difficulties (loss of business continuity staff and difficulties in recruiting staff with appropriate qualifications): 4.8 percent
• Lack of time available for business continuity staff to manage all their tasks: 3.5 percent

Simply put, lack of preparedness equals a perceived lack of funds and an ongoing lack of buy-in. We are looking at the formula for disaster.

What Are You Waiting For?

Last year gave us

• Mass data breaches: illustrating how Point of Sale malware is increasingly pervasive, continuing to feed our valuable information into the coffers of cybercriminals across the globe
• The Sony Hack: how disgruntled employees can become destructive forces we don’t anticipate
• Ransomware: cybercrime knows how to hold us hostage, and we pay regardless
• Natural disasters: global warming or not, tornadoes, hurricanes, massive blizzards shut down cities and businesses every year

Putting a Disaster Recovery Plan in place is a lot easier than cleaning up the aftermath of a disaster. There are many approaches and templates to work from (I would love to help you with that – just ask!) but the best approach is to take the proverbial bull by the horns and get to work on your plan. Because the old adage holds true: failure to plan is a plan to fail. Don’t let it be yours.

(currently featured on the JIG Technologies corporate site)