Having recently spent a day with a group of HP’s reliability assurance engineers — whose motto should be “Our business is breaking things and business is good” — I couldn’t help thinking about other groups that like to break things (i.e. the Bad Guys or clumsy/lazy/disgruntled employees/partners/customers) and the growing importance of business continuity. “Business resiliency is now a c-level and board level issue as the costs of recovery and costs to reputation are now higher than ever before,” said Laurence Guihard-Joly, General Manager for IBM’s Business Continuity and Resiliency Services, in a recent interview.
“The big transformation in the business is the cloud and what I see as the always-on world,” Guihard-Joly. In this always-on era, bad news travels faster than ever before, which is one of the reasons why disaster recovery and continuity is more important than ever before to a business.
In a recent IBM/Ponemon Institute study on the cost of data breaches, business continuity management reduced the cost of data breach by an average of almost $9 per record. The average cost incurred for each lost or stolen record containing sensitive and confidential information increased more than 9% to $145 this year, with a strong security posture providing an up to $14 cost reduction per record, and with the appointment of a Chief Information Security Officer (CISO) coming in third, knocking $6 off the per-record cost.
Another recent survey from Continuity Central provides an interesting picture of what companies are doing with BC solutions, noting that almost half — 46.7% – do not use specialist business continuity software. Of the 53.3% that do, the top two applications were: write and develop business continuity plans (89.87%); and manage and update business continuity plans (89.24%). Tests and exercises came in at only 60.13%, and training was 39.87%.
A more bleak picture was painted by the Continuity Insights/KPMG LLP study that suggested there is still significant room for improvement in business continuity management (BCM) program maturity across organizations of all sizes and industries. Only 5.8% of respondents rated their program maturity as Level 6 – Synergistic, meaning that cross-functional coordination allows for upstream and downstream testing of business continuity plans. Most (52.5%) fall into levels 3 and 4 – they have centrally governed BCM teams that provide support and oversight to business units across the organization with varying levels of commitment and support from senior management – with the bottom two levels accounting for 22.2% of the remainder.
In what should be a red flag for those slow to recognize the criticality of having a BC capability, over 60% of respondents stated that their organization had experienced an incident in the past year leading to the activation of their crisis management plans. Most of these interruptions (60%) were weather-related, with fire, flood, and civil unrest making up the rest. More than a third (36%) are still not addressing cyber terrorism in their BCM plans, even though the threatscape is growing.
The following are 10 Dos and Don’ts for Successful Disaster Continuity Planning:
1) DO: Make It a Common Occurrence
2) DON’T: Wing It
3) DO: Face the Facts
4) DON’T: Compartmentalize
5) DO: Think About DR Every Day
6) DON’T: Depend Solely on Your Cloud Backup Provider
7) DO: Prioritize Data
8) DON’T: Confuse High Availability with Disaster Recovery
9) DO: Take a Multi-Pronged Approach to Disaster Recovery
10) DON’T: Ignore Hardware Effects on Disaster Recovery