Making the Case for Business Continuity and Disaster Recovery

October 2, 2018   //   Security, , ,

We live in a culture that expects near-immediate response from our technology, wherever and whenever we need it. Technology downtime not only impacts productivity and profits, but it can also damage the relationship between your business and its customers.

Given the importance of technology performance and availability in today’s tech-driven world, one would assume that business leaders would be jumping at the opportunity to build a solid business continuity and disaster recovery (BC/DR) defense. And yet, it seems most business leaders don’t get involved until after disaster strikes; which is often more costly and impactful than having resumption plans in place.

IT professionals know that a highly effective BC/DR strategy is well within the reach of their organization thanks to new innovations in the cloud. So why are so many midsize organizations putting off their BC/DR plans?

In our experience, this complacency stems from a lack of information to evaluate risk. While the cost of BC/DR is easy to calculate, selling the value of preventing unplanned downtime is harder to tally. And if your organization has never suffered from such an unfortunate event, it can be even harder to sell your boss on a “what if” scenario.

3 Steps to Selling Your Boss on Business Continuity and Disaster Recovery

IT professionals who can speak the same language as the business are in a unique position to drive BC/DR initiatives forward. In order to win support for a BC/DR plan, we recommend these tips:

Step 1: Clearly identify the biggest risks

96% of companies that put together a trusted backup and disaster recovery plan are able to survive ransomware attacks. When you consider the catastrophic consequences of such an attack (loss of revenue, loss of employment, loss of productivity, loss of reputation and customers, etc.) – it’s easy to understand why a BC/DR strategy is critical.

The first step is to uncover your company’s biggest risks. Take an inventory of your apps/data/services and rank them by order of importance from a business point of view. From there, you can map business impact to recovery time and recovery point objectives and start to put a prioritized a roadmap together. This roadmap will help you make informed decisions about the proper solution to implement and where to place investments to protect your organization from the vulnerabilities that are most likely to impact your business.

Step 2: Demonstrate ROI:

The business doesn’t speak in terms of security controls and technical jargon. They speak in terms of ROI, TCO, business value, and corporate strategy. If the business were to suffer from one to two hours of downtime, how much revenue is at stake? For even greater impact, calculate the cost of a worst-case scenario where the business is down for several days to weeks. If you don’t have these figures readily available, you can use industry benchmarks – unplanned downtime costs companies between $926 – $17,244 per minute. Take these totals and compare them to the cost of implementing a BC/DR strategy; now you’re speaking the business’ language!

Step 3: Calculate ongoing effort and costs:

When it comes to BC/DR, you can’t set it and forget it. There are ongoing management efforts and costs that also must be considered. Most BC/DR plans should be tested on a regular cadence, whether that’s monthly, quarterly, or annually – decide what cadence is reasonable for you given your specific business requirements. And because support for BC/DR must come from the top down, now is a good time to set expectations for executive involvement and sponsorship. It is imperative that business is bringing IT into organization-wide priorities and plans so there is alignment to proactively safeguard assets most important to the business, before it’s too late.

If you’re looking for a strategic provider to help you define your BC/DR strategy, assist in implementation, and offer ongoing support, contact SWC to learn more about our services.