Data backup and recovery may not always get as much attention as they deserve from information security departments, but a new report on the cost of data recovery shows that even when companies do have plans in place, they can still take far too long to get their systems up and running after a major failure, costing them thousands of euros.
Most companies installed their backup systems a long time ago and take the view that, if they're not broken, why fix them?
senior director of business developmentCA Technologies
In a study commissioned by Islandia, NY-based vendor CA Technologies, 1,808 companies in 11 European countries were interviewed about their experiences of data recovery and the costs they incurred when systems were down.
The resulting Avoidable Cost of Downtime 2010 Report (.pdf) concludes that the time taken to fix failed IT systems costs the average European organisation €263,347 a year through lost revenue.
The survey found that organisations suffered an average of 14 hours of IT downtime per year. The UK experienced the most downtime with an average per organisation of 27 hours each year, whereas Belgium experienced the least, averaging downtime per organisation of only eight hours per year.
When business-critical systems are interrupted, the organisations estimated their ability to generate revenue was reduced by 32%. Of the countries surveyed, companies in France experienced the highest average revenue loss from downtime at nearly €500,000 per year, whereas Italy experienced the lowest at just under €34,000. The UK's average annual loss was €244,888.
The study also found that, even when companies had their systems back online, it took a further 9 hours per year on average for data to be recovered.
The findings call into question organization's data backup and recovery tactics, considering that organisations are only becoming more dependent upon these technologies to maintain business continuity when problems occur. "Most companies installed their backup systems a long time ago and take the view that, if they're not broken, why fix them?" said Andy Brewerton, a senior director of business development for CA. "But in the meantime, many of their systems have become more mission-critical."
He said that if companies re-evaluate their disaster recovery strategies, it is possible to achieve lower recovery times. One technique offered by several storage manufacturers is continuous data protection, whereby the backup software takes more frequent snapshots of any changes in the systems and updates backup files accordingly. This has less of an effect on system performance, and, by creating more data recovery points, means there is less data to recover when systems go down.
The figures are certainly borne out in the Information Security Breaches Survey, published earlier this year by PriceWaterhouseCoopers.. The survey found that 54% of companies had suffered a 'major' or 'very major' system failure or data corruption incident in the previous year -- far more than the number of companies that suffered from a serious malware infection. Furthermore, in 20% of the cases of system failure, companies reported that their contingency plans had proved to be ineffective.