While companies in Canada and around the world are taking disaster recovery (DR) more seriously, that’s happening without the supervision of senior executives to help guide DR plans, a new report reveals.
The report — the Fourth annual global survey on disaster recovery (DR) — was released by security products vendor Symantec Corp. on Monday.
Worldwide, the study indicates, there is a decrease in executives’ involvement with their companies’ DR programs.
Last year, more than half of the organizations surveyed involved the CIO, CTO or IT director onto their DR committee.
But this year that number is down to just one-third of all companies who get C-level execs involved in planning action to take when a calamity strikes – a devastating attack by hackers, for instance, or an act of God.
Symantec says it’s “shocking” executives aren’t taking more of an interest in DR plans.
“You would think they would be highly involved and aware of what’s going on,” says Daniel Lamorena, senior manager responsible for Symantec’s high availability and DR products. “But when we pose the question [we realize] they aren’t involved.”
For Eric Schou, senior product marketing manager at Symantec, it’s a sign of executive complacency.
“It’s a little counter-intuitive because DR and IT are becoming a bigger part of the overall business, and whether it’s a success or a failure,” he says.
But the findings don’t shock everyone.
It comes as no surprise to one expert that senior execs would leave DR planning to the middle management tier, and instead focus on maintaining the company’s customer base. An expectation of executive involvement may stem from a long-held confusion between the concepts of DR and business continuity.
The industry sometimes uses them as interchangeable terms, notes John Stagl, the director of business continuity for Birmingham, Mich.-based Belfor Property Restoration.
Top-level executives are interested in factors that are even more threatening to a business than an earthquake or a fire, he adds. They are paying attention to the competition, investors, and customers – given a perceived disaster involving these groups, and a company could be in real jeopardy.
“Senior management has only so many resources to bring to the table,” Stagl says. “Continuation of the business is clearly the most important.”
The business continuity author uses a metaphor to drive home his point – involving an apple farming company and an unlikely twist of fate.
“What happens if apples become a carcinogenic agent?” he asks. “The demand falls through the floor and if your business is selling them, you’re in trouble. If you react instantly, you can survive as a company – start selling pears instead. It’s not about the perpetuation of apples, it’s about the perpetuation of the company.”
But Symantec’s Lamorena has a different perspective.
Involving an executive in DR planning could make the committee more likely to hit targets because of tight management, he says. It could also ensure tests are done more regularly.
Eighty-four per cent of Canadian organizations test DR plans at least once a year, according to the survey. That’s pretty good, but only 16 per cent of those say that the tests haven’t failed.
Worldwide, about one in three DR tests are deemed failures by the organizations that run them. That’s an improvement over a fifty-fifty chance the test would fail in 2007,” Lamorena says. “But still not good enough.”
That’s still one in three failures, the Symantec manager notes. “[While] that’s good in baseball, it’s not good in the DR world.”
He says companies should be aiming for a success rate of over 90 per cent.
One in four of Canadian organizations reported human error as the reason for DR tests failing, while inappropriate processes and technology not working properly were the next most likely culprits. But none of this is too surprising for Stagl.
“In a disaster, people are going to be panicking and not behaving like robots,” he says. “Of course your technology is going to be affected if a hurricane hits it.”
The biggest gripe organizations had about DR planning was the numerous tools needed to get the job done, with that reason being cited by more than one-third of global respondents. In Canada, the biggest problem was resource constraints, cited by 56 per cent of organizations.
Symantec will use the data to address the needs of its DR customers, Schou says. The company will try to respond with well-tuned products that are able to assist with DR and not affect other applications an organization needs to run.
Next year’s survey will delve further into why executive involvement in DR is decreasing, he adds.
The 2008 survey was conducted amongst 1,000 respondents from 15 different countries. Those polled were IT managers, or C-level decision makers responsible for DR, and worked in an organization of more than 500 employees.