A Symantec survey reveals the "rising [disaster recovery] pressures on organizations caused by soaring downtime costs and more stringent IT service-level requirements to mitigate risk to the business."
Symantec Corp.'s fifth annual "IT Disaster Recovery" survey reveals the "rising DR [disaster recovery] pressures on organizations caused by soaring downtime costs and more stringent IT service-level requirements to mitigate risk to the business."
The June 2009 survey of 1,650 enterprise IT professionals involved in DR in companies of at least 5,000 employees worldwide reported that 93 percent of organizations have had to execute their DR plans. The cost per incident averaged $287,000 (costs were higher on average in the health care and financial services sectors). The median cost for North American enterprises can be as high as $900,000.
The median time to recover to "skeleton operations" was three hours; four hours were needed to return to "normal operations." According to a release, "This is dramatically improved over the 2008 findings, where only 3 percent of respondents reported that they could achieve skeleton operations within 12 hours, and 31 percent believed they would have baseline operations within one day." The leading reasons given for executing their recovery plan included computer system failure (hardware or software), external computer threats (viruses, hackers) and natural disasters (fires, floods).
Database servers are the asset most often included in a disaster recovery plan, though not all are protected. The survey reported that although 92 percent of respondents have database servers, only 62 percent of respondents include these servers in their DR plans. The importance of applications has risen since last year's survey; 60 percent of applications were deemed "mission-critical" in 2009 versus 56 percent in 2008. Sixty-one percent of respondents include applications in their DR plans.
The good news: despite the poor economy, DR budgets are higher in 2009 and are likely to remain flat for several years. "The research shows that the annual median budget for disaster recovery initiatives including backup, recovery, clustering, archiving, spare servers, replication, tape, services, disaster recovery plan development and offsite costs at data centers surveyed is $50 million."
There was cause for alarm, however. One in four DR tests fails. Given that over one-third (35 percent) of respondents say they test their DR plans no more than once a year, enterprises may be at considerable risk. Among the reasons for the infrequent testing: lack of resources (time) (48 percent), budget resources (44 percent), and disruption to employees (44 percent) to customers (40 percent). "Forty percent of respondents reported that disaster recovery testing will impact their organizations' customers and nearly one third (27 percent) reported that such testing could impact their organization's sales and revenue."
Virtualization also leads to exposure. DR plans are always in flux, of course; the survey noted that 64 percent of respondents said that virtualization is one factor in re-evaluating their plans (up from 55 percent in 2008). Even so, 27 percent of organizations do not test virtual environments. While improving -- 35 percent of enterprises last year said they didn't test virtual environments -- more than a third (36 percent) of data residing on virtualized systems is still included in regular backups. "Over half of the respondents cited lack of backup storage capacity and automated recovery tools as top challenges to protecting data in virtual environments," Symantec said.
The full text of Symantec's report can be downloaded here (PDF).