The Disaster Recovery Preparedness (DRP) Council announced findings from its benchmark study which show that 73% of respondent organizations worldwide are not taking adequate steps to protect their data and IT systems.
Poor planning, testing and technological deficiencies have led to more than $5M worth of critical applications failure, data center outages and data loss.
The study polled more than 1,000 organizations, from small businesses to large enterprises, to help them benchmark readiness for critical IT systems recovery in virtual environments. Key findings include:
- 64% of respondents surveyed say that their organization’s disaster recovery (DR) budget is inadequate and underfunded.
- More than 60% report that they do not have a fully documented disaster recovery plan, and among the minority that does, 23% of respondents have never tested those plans.
- Approximately one-third say that they test their plan only once or twice a year, and more than 65% of those organizations do not pass their own DR tests.
- 78% of respondents have experienced outages of critical applications, and of that group, 63% say that losses ranged from a few thousand dollars to over $5M.
- Of the respondents who have experienced outages, approximately 28% say their organization lost datacenter functionality for up to weeks at a time.
The majority of respondents surveyed acknowledge their deficiency in disaster preparedness and report that their organization is now planning or revising its implementation strategy. Some organizations have already taken steps to improve their disaster preparedness, employing best industry practices which include:
- Building a comprehensive DR plan to recover applications, networks and business services, including primary and secondary sites.
- Defining recovery time objectives (RTOs) and recovery point objectives (RPOs) for critical applications to set proper expectations and assumptions for management and staff.
- Automating frequent recovery testing for critical applications to validate their recovery capabilities within specified RTOs/RPOs.