Wilson explodes the top five myths about business continuity and
disaster recovery solutions.
Twenty years ago, ‘disaster recovery’
was the buzzword du jour and businesses only concerned themselves
with lost revenue and other tangible losses. Businesses behaved
in ‘reactive mode’ when disaster struck, a mode which
is only one component of business continuity preparedness.
In the wake of major disasters, such as the
Loma Prieta earthquake, 9/11, SARS, and the looming threat of additional
potential terrorist attacks, the message has still not hit home
because individuals and businesses alike believe that buying larger
insurance policies, retrofitting their homes and businesses, and
hording supplies, sufficiently prepares them for “the next
big one.” Despite high awareness that something should be
done, many IT leaders either don’t act on that awareness or
they focus their efforts in the wrong direction.
Today’s businesses see that disaster
recovery is no longer the magical ‘band-aid’ they once
perceived it to be. They recognise the benefits of taking a holistic
and proactive approach to solving these issues, and the shift in
how people think about business continuity and disaster recovery
solutions. However, several myths about the industry still prevent
many businesses from adopting ‘best practices’ in this
Changing behaviour requires education. To that
end, here are the five most common myths about business continuity
and disaster recovery solutions:
Small-to-medium (SMB)-sized businesses don’t need business
continuity and disaster recovery solutions
Small business development and entrepreneurship are on the upswing
since many people started small businesses during the economic downturn,
generating 60-80 percent of the net new jobs annually over the past
decade, according to the US Bureau of the Census. Even as crucial
players in the business and IT community, some entrepreneurs don’t
feel they need business continuity or disaster recovery solutions
because they are too small or believe solutions for their organisation
are too expensive.
Exploding myth #1
Small businesses have the same need for protection and access to
data and records as large organisations. Business continuity and
disaster recovery solutions are scaleable - from the Fortune 1000
to the mom-and-pop shop around the corner, and can be tailored to
meet any company’s needs. There are an abundance of relevant
articles and resources available for small business owners on implementing
a business continuity plan, identifying common hazards, evaluating
key issues, and finding the right plan to meet SMB needs.
Without comprehensive investment or coverage a catastrophic event
will most likely put the SMB out of business.
There is no ROI or compelling business reason for business continuity
There is no tangible return on investment for implementing business
continuity solutions. Organisations that survived 9/11, the Loma
Prieta earthquake and a myriad of other disasters can handle anything
else that comes their way.
Exploding myth #2
Business continuity planning efforts make money for a firm as they
serve to minimise disruptions and financial loss during even minor
events. This means increased reliability and productivity, a competitive
advantage and increased market share. When disaster strikes and
employees can’t do their jobs, what’s the cost to the
business and to competitive advantage? Can businesses tolerate eight
to 24 hours of lost data?
‘It won’t happen here’ syndrome
Companies often turn a blind eye to business continuity regulations
and compliances, because they feel they are adequately prepared
for disaster recovery or for the next ‘big one,’ and
frankly, take the ‘it won’t happen here’ attitude.
Exploding myth #3
A study conducted by KPMG/Continuity Insights, found that business
executives are uninformed about the risks that can, and very possibly
will, affect their company. When surveying the executives responsible
for disaster recovery and business continuity efforts, they found
that 80 percent believed their company was at risk and, at the same
time, that they had not communicated this knowledge to upper management.
There is a communication gap that needs to be closed because the
ramifications could be disastrous. Companies that ignore business
continuity regulations and compliances are worse off and could be
in violation of business regulations. Business continuity regulations
are put in place to guide organisations in making smart decisions
about selecting the right portfolio for long-terms results.
Admitting we need to plan for business continuity and disaster recovery
solutions creates the perception of vulnerability; plus it’s
too late to think about business continuity plans
Since 9/11, general awareness is high for business
continuity, but customers are not acting on this awareness. Seventeen
years ago, businesses were concerned with lost product and audit
requirements. Now the driver is company image and reputation. Implementing
a business continuity plan gives an organisation the perception
of vulnerability and weakness.
Exploding myth #4
It’s never too late to implement a business continuity or
disaster recovery plan. Organisations that had business continuity
plans in place during the Northeastern blackout maintained continuous
service and were operating seamlessly because of effective business
continuity plans. And most importantly, what is the cost to a business
when its brand image is tarnished – or more importantly, what’s
it worth to the business?
Only financial services or healthcare organizations need business
continuity solutions. My business is non-traditional and doesn’t
fall into financial services or healthcare silos, so therefore,
I don’t need a business continuity solution.
Exploding Myth #5
Disaster recovery and business continuity solutions have fallen
victim to industry stereotypes. And many organisations outside of
the financial services or healthcare industries have business continuity
solutions. In fact, the most successful practitioners of business
continuity are within vertical industries, such as retail, broadcast,
manufacturing, and the private and public sector.
One truth to explode them all
There is a simple solution to dispelling all of the myths above:
developing a holistic approach to business continuity and disaster
Awareness of disaster recovery and business
continuity as a holistic approach is changing the market and there’s
a sea-change underway from business continuity planning being an
option to being mandatory. The bottom line: no matter what size
the business or the perception of invincibility to disaster, there
needs to be an additional layer of protection to the business. The
ROI of business continuity is that the business is still open.
Since the 1980’s, disaster recovery has
morphed into being just one component of business continuity, with
the mindset moving from reactive to proactive, and including much
more than just the technology. In fact in late 2002, IDC said that
IT security/business continuity is the number one priority of business
professionals, and this concern will translate into $155 billion
in worldwide spending on these products and services by 2006.
Today, the IT community must radically change
its thinking about risks – recognising that they encompass
more than just the ‘next big one.’ Intangible costs
such as brand protection and corporate image have become significantly
more important than tangible costs. More damaging than a natural
disaster are the new risks that enter the market daily such as e-mail
viruses, internal threats and employee theft, computer hacking and
The implementation of disaster recovery and
business continuity solutions have changed the way CIOs and IT managers
do business, and this shift is becoming more visible. It is incumbent
on businesses to have a thorough understanding of what makes up
a comprehensive business continuity plan to help mitigate risks
with both internal and external issues that can affect the business.
Based on work HP has done with its customers, the key advantages
of taking a holistic approach is that companies enjoy a significantly
higher success rate than that of the industry overall, translating
into eight times less downtime.
Changing the perception
The reason that myths continue to flourish and spread today is the
lack of understanding of business continuity, and that it’s
not just protecting the business, but its intellectual property.
CIOs and IT leaders must ‘get religion’; incorporate
business continuity into everyday practices, and have a better understanding
of what makes up a comprehensive business continuity plan. They
need to develop several ways for learning to live and breathe business
continuity, by building it into company culture, designing the infrastructure
with continuity in mind (i.e., not after but while), and partnering
with the right vendor. Services vendors need to educate and change
the way CIOs and IT managers think about business continuity from
end-to-end. It’s never too late to begin thinking about business
continuity and the smallest investment can go a long way.
Author: Belinda Wilson, CBCP,
executive director, Business Continuity Services, Americas, HP Services.
22nd October 2004 •Region: N.America •Type:
Article •Topic: BC
this article or make a comment - click