Research from Databarracks, has revealed that 30 per cent of organisations do not know how much of their IT budget is being spent on disaster recovery and backup services. This follows wider industry research finding that firms in Europe and North America spend seven per cent of their IT budget on backup and disaster recovery.
Data from Databarracks’ annual Data Health Check survey revealed a number of insights into organisational attitudes and approaches towards IT resiliency:
· 25 per cent do not know what percentage of their IT budget should be allocated for disaster recovery and business continuity
· Only 43 per cent of organisations have tested their disaster recovery processes over the past 12 months
· 29 per cent of respondents answered “less than ?1,000” when asked ‘how much annually does your organisation spend on backup/DR solutions’
Peter Groucutt, managing director of Databarracks comments: “It’s often difficult for IT to secure investment for resiliency because it’s not seen as a particularly dynamic or sexy investment that will add value like a new customer-facing system. But we all know we need to invest in resilience to ensure our continued operation.”
Groucutt continued: “Disaster recovery and backup spending is protection against the risks of user downtime, data loss, and business interruption, but often knowing how much investment needed is difficult to gauge. Every organisation knows it needs some level of protection, but determining the extent, and the appropriate financial investment is an ongoing challenge, as evidence from our research highlights.
“The analogy we often use is the police recommendation for protecting a bike. They suggest spending at least 10 per cent of the value of the bike on the lock to secure it, which makes sense – if you put a cheap lock on an expensive bike it will be quickly stolen. The one caveat we would add to that analogy is that the amount you spend should also relate to your risk profile. If you frequently lock your bike up at a train station with known bike thieves you would be wise to invest more in your lock. Similarly, if your premises are in a location susceptible to flooding or terrorist events it is sensible to invest more in your resilience.
Groucutt concludes that to help secure the funds needed to improve IT resilience, senior management must understand what the true cost of IT downtime would mean for an organisation: “There isn’t a simple answer to say ‘invest X per cent and you’ll remain safe,’ that works for all businesses, but that doesn’t mean that it is very difficult to budget for continuity.
“As with other aspects of continuity planning, if you have identified the risks to your business and analysed the impact incidents will have on your operations, it then becomes clear what mitigation strategies you need to put in place. It will always be difficult to secure investment for IT resilience if you don’t have a clear picture of what impact downtime will have. Presenting a downtime cost – considering both the tangible, as well as the intangible or hidden costs – immediately puts the cost of investment into context, and helps strengthen the case for improving IT resilience.”