Companies are exposing themselves to unnecessary risk by failing to adequately test disaster recovery plans, reports IT security vendor Symantec. This is increasing the potential for significant damage to company brand and reputation, it notes.
A survey conducted on behalf of Symantec found that nearly 50% of disaster recovery (DR) plans failed when put to the test. In one fifth of cases (22%), technology problems were the cause of failure; inadequately trained employees is also a major weakness, with 19% of failures caused by employees not following the correct procedure.
Guy Bunker, chief scientist at Symantec warns that without better planning the consequences could be severe: 48% of organisations have had cause to implement their disaster recovery plans in the near past, highlighting the likelihood of major incidents.
The fact that the plans are failing suggests that DR is still way down the corporate agenda, he adds. It is also apparent that companies would benefit from some guidance from the top: The research indicates that as many as three-quarters of CEOs fail to take an active role in determining their organisation’s disaster recovery processes.
In the event of a major incident, the greatest fear reported to researchers was damage to company brand and reputation; others were worried about loss of customer loyalty and competitive advantage.