Are businesses prepared for disaster recovery, or do they just think they are?

Symantec announced the findings of its 2009 SMB Disaster Preparedness Survey (which included more than 1650 respondents from 28 countries in North America, EMEA, Asia Pacific and Latin America) reflecting the attitudes and practices of small- and mid-sized businesses and their customers toward technology disaster preparedness. The report shows a large discrepancy between how SMBs perceive their disaster readiness and their actual level of preparedness.

The findings show that SMBs are confident in their disaster preparedness plans. Eighty-two percent of respondents say they are somewhat/very satisfied with their disaster plans, and a similar number (84 percent) say they feel somewhat/very protected in case a disaster strikes.

SMBs also believe their customers will be understanding and patient if there is a disruption to their computer or technology resources. In case of such an outage, only one-third (34 percent) of SMB respondents believe their customers will evaluate other options, including looking at competitors.

However, the practices of SMBs reveal that this confidence is unwarranted. The average SMB has experienced three outages within the past 12 months, with the leading causes being virus or hacker attacks, power outages or natural disasters. This is alarming as almost half report they do not yet have a plan to deal with such disruptions.

The survey found that only one in five (23 percent) SMBs back up daily and an average SMB backs up only 60 percent of their company and customer data. More than half of the SMBs estimate they would lose 40 percent of their data if their computing systems were wiped out in a fire.

SMB customers surveyed estimated the cost of these outages as being $15,000 per day on average. These outages were impactful as well, with 42 percent lasting eight hours or more. One in four customers (26 percent) reported losing important data.

According to the findings, two in five (42 percent) SMB customers have actually switched vendors because they “felt their vendor’s computers or technology systems were unreliable.” This is a stark contrast to the two-thirds of SMBs who believe their customers would either “wait patiently until our systems were back in place” or call “to get what they could, but would wait patiently for the rest until our systems were back in place.” Another side effect of downtime is damage to the company’s reputation. Sixty-three percent of the customers reported that downtime damaged their perception of the SMB vendor.

Recommendations

Although 47 percent of SMBs do not have a formal disaster preparedness plan, of those without plans, nearly 89 percent say they will create one within the next six months. This is crucial as most SMBs (77 percent) report they live in a region that is vulnerable to natural disasters (such as hurricanes, tornadoes, earthquakes). As these organizations create plans, Symantec has the following recommendations:

• Determine your needs: SMBs should take time to decide what critical information should be secured and protected. Customer, financial and business information, trade secrets and critical documents should be prioritized. In addition, SMBs should monitor industry reports that help to identify and prevent threats that SMBs face
• Engage trusted advisors: With limited time, budget and employees, SMBs can look to a solution provider to help create plans, implement automated protection solutions and monitor for trends and threats that SMBs should protect against. They can also educate employees on retrieving information from backups when needed and suggest offsite storage facilities to protect critical data
• Automate where you can: Automating the backup process ensures that it is not overlooked. SMBs can reduce the costs of downtime by implementing automated tools that minimize human involvement and address other weaknesses in disaster recovery plans
• Test annually: Recovering data is the worst time to learn that critical files were not backed up as planned. Disaster recovery testing is invaluable and SMBs should seek to improve the success of testing by evaluating and implementing testing methods which are non-disruptive.