IT executives prepare for disaster

Executive involvement in disaster planning doubles as fear of viruses and natural disasters keep CEOs awake at night.

The impact of climate change and the inexorable rise of online threats have prompted CIOs, CTOs and IT directors to get directly involved in prioritising disaster recovery, demonstrating that it is becoming a business rather than an IT issue, writes Darren Thomson.

In 2008, a mere 33% of respondents to a study by Symantec reported that their disaster recovery plan involved senior executives. This year's Disaster Recovery survey revealed 70% of senior executives are now taking an active part in ensuring their business can cope with disaster, with 44% of plans being watched over by the careful eye of the CEO through a disaster recovery committee.

Another reason for executive involvement is the increase of applications that are seen as mission-critical. More than half (60%) of applications were deemed mission-critical by respondents, and nearly the same amount are covered in disaster recovery plans. Any sort of outage to these systems will have an enormous impact to the business.

These figures demonstrate that, with profits down and potential threats to business up, CIOs are increasingly putting an emphasis on making sure their business can cope should the worst happen.

While executive involvement has increased, the question remains whether the recession has blinded organisations to disaster recovery. The misconception is that disaster recovery should cost the earth, an all-encompassing strategy. What it should be seen as is a see-saw: as you spend on disaster recovery plans, your operational efficiency benefits.

A big concern is the fact that almost one in three businesses does not undertake disaster recovery testing because they believe it could significantly disrupt their sales and revenue. What companies do not realise is the damage to their reputation and bottom line could be severe in the face of disaster. Should disaster strike and leave a company's databases, application servers and web servers out of action, it can mean a loss of £4,300 an hour.

If you are smart, you will take a structured approach, protecting your most crucial assets and tiering the rest in order of their mission-critical status. This multiple layer approach means that you are protected without breaking the bank. It does mean, however, that you need to make sure you have asked the right questions of your business - with one in four scenario tests failing, it is clear that there is a dramatic need for improvement.

Let's see if the increase in senior involvement drives this change moving forwards.

Darren Thomson is senior technical director EMEA at Symantec (UK) Ltd

Read more on IT risk management