Which of the following do you think is most likely to disrupt your business: Natural disasters like hurricanes and tornadoes? Cybercrime? Fires or utility issues? Your own systems failing?
Cybercrime, terrorism and other civil defense events make up just 12 percent of disaster recovery incidents.
Utility issues and fires comprise 20 percent.
And while natural disasters make up 30 percent of declared disasters, infrastructure failures are the most common, making up 37 percent of disaster recovery incidents.
The most likely disruption to your business comes not from outside, but from within.
Customers Lose Patience with Avoidable Mistakes
That’s important to note, because while the general public has patience with region-wide natural disasters, self-inflicted wounds like a poorly implemented or maintained data centers — or even vulnerability to a cyberattack — are greeted with customer frustration more than sympathy.
These disasters ding the organization’s brand, not just in the minds of customers but with the company’s entire ecosystem of suppliers, partners and employees.
A power loss at Delta Air Lines’ operations center in Atlanta triggered a five-hour computer outage that grounded jets, stranded passengers and left employees hand-writing boarding passes. Delta later reported that the total cost for the outage would run to $150 million. The cost of fixing the computer systems paled in comparison to the lost revenue, and reputational damage.
We all remember when hackers infiltrated Target’s point-of-sale (POS) system through the network of its HVAC contractor and stole 40 million customer credit and debit cards at the height of the holiday shopping season.
Target saw its profits drop 46 percent that quarter. Longer term, costs related to cleaning up after the breach are in excess of $300 million, to say nothing of the damage to its reputation. “Stolen credit cards” is likely to be one of the top brand attributes for Target for years to come.
CEOs, CMOs and CIOs are beginning to understand that disruptions in their information systems are no longer just an IT issue. With more and more business moving online, even a short disruption to a company website or other critical system can mean lost revenue.
Your Disaster Prep Checklist
Preparing for and sidestepping brand-damaging service disruptions begin with the following steps:
Know the impact of an outage
If you incurred an outage for an hour, what would be the impact to your brand? If the outage lasted a day or three days or seven days, what can you expect the impact to be? What interdependencies do you have with key suppliers and vendors that could be affected? Which applications are most crucial to your business and must be quickly recoverable?
By assessing the potential impact and determining the most important applications and relationships, you can prioritize your disaster recovery and business continuity strategies and plans.
Address competing agendas
When considering disaster recovery strategies and plans, COOs might be more likely to look at the long-term effects of resiliency and recoverability, while CIOs are more likely to look at the economics of say, using always-on cloud-based recovery compared to traditional recovery methods.
Recognize where different roles are competing for resources and whether stakeholders are united around your business’ top initiatives. Agreement from your senior leadership team will provide the requisite focus and funding to develop an executable resiliency strategy and the ability to resume operations in a timely manner.
Recognize that the cloud alone isn’t a failsafe
The move to the cloud has complicated the infrastructure issues for many businesses.
The cloud is often inexpensive, flexible and easily scalable, and it has enabled businesses to become more agile.
It has also increased the risk of external disruptions, proven over and over again each time a problem in a major cloud provider’s data centers takes down Netflix, Tinder or IMDb. It’s easy to assume that putting data “in the cloud” solves issues around availability and resiliency, but that isn’t so. A company must make careful decisions about its IT infrastructure in order to take full advantage of the benefits of cloud.
It’s not just about agility and cost — it is also about being fundamentally resilient.
Prepare for multiple types of “disaster”
Hurricanes certainly count, but they’re one of the few disasters you can see coming. Many of the others — from infrastructure failures to data breaches to power outages — arrive without warning.
What protects you from one disaster might not protect you from others. If your business doesn’t have a disaster recovery and business continuity plans in place or if they aren’t tested regularly, you’re leaving yourself susceptible to a surprise that can end up costing millions of dollars and damaging your brand for years to come.
Are You Prepared for What Tomorrow May Bring?
The real impetus for working on strategies and plans for disaster recovery, business continuity and organizational resiliency is no longer the fear of natural disasters. Instead, companies are waking up to the impact that a cyberattack or even a slight hiccup in an e-commerce site would have on the business.
As Delta and Target can tell you, an unexpected outage can have ripple effects that sometimes last for years. Don’t let a disaster sneak up on you. Have a meaningful conversation about your company’s current state and execution posture today.