Truly catastrophic disasters are always big news because they very rarely happen. During last year, in fact, only 3% of the world's lost data was as a result of fires, floods or other catastrophes, says Ontrack Data Recovery.
The rest of the world's data losses are accounted for by far more prosaic causes such as system malfunction (44%), human error (32%), software corruption (14%) and viruses (7%).
So why should anyone bother very much about disaster recovery? Because, according to the London Resilience Forum, 90% of the enterprises that lose data during catastrophic events are driven out of business within two years.
And even if disaster doesn't strike very often, it does strike often enough to be a real threat. In the UK, a recent Dynamic Markets study commissioned by Veritas showed that 10% of companies have been forced to activate their disaster recovery plans in the previous 12 months – nearly double the 2003 figure.
However, more companies are better equipped. A Deloitte and CPM Global Assurance survey found that half the 200 respondents had implemented enterprise-wide business continuity and disaster recovery plans – up 20% from 2000.
As the incidence of major disasters rises, and as industry regulators take an increasingly unsympathetic view of organisations that, in their view, have made insufficient efforts to avoid, contain or survive them, it is no surprise to discover that business disaster recovery is an issue enjoying heightened interest at senior management level.
Last year, in Europe, the Middle-East and Africa, the proportion of companies that treat disaster recovery as a board-level issue rose dramatically to 23%, from 11% a year earlier. The proportion of businesses involving their CIOs, CTOs or IT directors in planning for disasters also rose 14% during 2004 to 36%, and 46% of UK firms now have a full disaster recovery team in place.
The picture may not be the same in the US however. Ted DeZabala a consultant at Deloitte says that while a third of those surveyed had a comprehensive business continuity management governance structure, only half of those actually incorporated senior executives in the programme.
However, the greater prominence given to disaster planning by business is not always translated into more effective disaster recovery strategies.
For instance, two-thirds of businesses still keep their disaster recovery plans in their main data centre – an idea akin to storing lifeboats in the cargo hold – and 8% of companies never test those plans at all. Just 3% of those surveyed reckoned on not being disrupted if their main data centre was destroyed by fire, while 38% were not able to calculate how long it would take to return to normal business.
According to research by the business continuity practice at Hewlett-Packard's Synstar IT services unit, 49% of European businesses experience over 20 minutes of unscheduled downtime each month, and nearly half of those – 26% of the total sample – admitted being down for over 65 minutes each month.
At 12% of the surveyed firms there are over 130 minutes of downtime a month – the equivalent of 26 hours a year. The survey of IT directors found that servers going down (29%) and security breaches (26%) were of greatest concern when trying to ensure that IT supports the business 24×7.