Dataquest to Business: You're Not Ready

Business continuity is at risk

Even with warnings from the U.S. government about the increased threat of terrorist attacks, analyst firm Dataquest found that when it comes to withstanding business and IT outages, a whopping one in three businesses would lose critical data or even operational capability if a disaster occurred.

Dataquest Inc., part of Stamford, Conn.-based Gartner Inc., surveyed 205 U.S. professionals responsible for, or knowledgeable about, their organizations’ business continuity and disaster recovery planning for its new report, “Investment Decisions: Preparing for Organizational Disasters.”

The research firm advises companies to prioritize the appropriate investments immediately. “Preparation is key, and without adequate investment for protection of critical systems, the repercussions of disasters will be lengthier and more costly,” cautions Dataquest analyst Tony Adams.

Dataquest also warns against assuming that the only required investment is technological. In fact, the firm says that companies showed a “particular prejudice” for information technology recovery over that of “people-based systems.” In other words, though companies might quickly recover data, many didn’t know how their employees actually did their jobs—which data and systems they touched on a regular basis, and how. Mapping critical job functions is also critical to ensuring business continuity.

According to the survey, another flaw in organizations’ approach to disaster planning is that too few actually involve IT managers in the planning process. Though executives often weigh in on which business disruptions would most hurt the bottom line, IT managers actually know which people and systems run the business, and how. Dataquest urges companies to get their IT managers involved in the disaster planning, as well as helping evaluate every new corporate initiative. Much like information security in general, the analyst firm cautions that organizations must begin factoring in business continuity and disaster planning whenever evaluating a new project, instead of just treating recovery as an afterthought or add-on.

What’s to blame for businesses’ lack of preparedness? Money, of course. “IT managers are not investing appropriately in disaster plans because they do not have a budget to accomplish their needed readiness,” says Adams. According to the survey, 24 percent blamed lack of funds for not yet initiating a formal disaster plan. Forty percent said that budget constraints forced them to guess at potential risks, rather than formally assessing them and bringing in impartial outsiders.

For companies that did initiate disaster planning, 37 percent said they didn’t have adequate funds to develop said plans to a satisfactory level.

The report also cautions that planning gets applied unequally across different parts of the organization, and that too few people keep the CEO appraised of what’s going on.

“The good news is that businesses now more widely understand that they must prepare in advance to solve the complex logistical and personnel problems inherent in a disaster,” says Adams. “Responsible leaders will rely on preparatory investment to better the odds of surviving such a hit to their business.”

About the Author

Mathew Schwartz is a Contributing Editor for Enterprise Systems and is its Security Strategies column, as well as being a long-time contributor to the company's print publications. Mr. Schwartz is also a security and technology freelance writer.