Companies' angst over disaster recovery plans

Organisations are feeling the pressure to ensure their disaster recovery plan is ready to go and unfailingly reliable, a report by Symantec has found.

The report, the security software vendor's fifth annual IT Disaster Recovery survey, found that while DR times were reduced from previous years, disaster recovery testing and virtualisation are still major challenges for organisations.

According to the survey, the average cost of executing/implementing disaster recovery plans for each downtime incident worldwide $287,600 (£173,000). However, for organisations in North America, the median cost can climb to as high as $900,000.

Globally, this number is highest for healthcare and financial services organisations. In North America, the median cost for financial institutions is $650,000, according to the report.

Most organisations, 93 percent of respondents, said they have had to put their DR plans to work and that it takes on average three hours to achieve skeleton operations after an outage, and four hours to be up and running.

This is dramatically improved over the 2008 findings, where only three percent of respondents reported that they could achieve skeleton operations within 12 hours, and 31 percent believed they would have baseline operations within one day, said Symantec officials in a release on the findings.

The report also said that respondents report DR testing increasingly impacts customers and revenue, and one in four tests fail. Nearly a third of organisations don't test virtual environments as part of their disaster recovery plans, and a slightly larger percentage of virtual environments aren't regularly backed up.

The study also shows that while DR budgets are higher in 2009, they are expected to remain flat over the next few years. The annual median budget for disaster recovery initiatives, including backup, recovery, clustering, archiving, spare servers, replication, tape, services, disaster recovery plan development and offsite costs at data centres surveyed is $50 million.

According to respondents, this number will continue to grow throughout 2009, but more than half, 52 percent, of respondents believe that budgets will be flat in 2010.

The report makes no mention of the CSO's role in DR but did find 70 percent of respondents involved the CIO, CTO or IT director on their DR committees. This is a significant increase from last year's research where 33 percent of respondents indicated executive involvement, said Symantec.

"As budgets increased over the past year, disaster recovery initiatives have become more of a competitive differentiator, and impact of downtown on customers is greater than ever. Another reason for executive involvement is the increase of applications that are seen as mission critical," Symantec officials said in the statement.

"Sixty percent of applications were deemed mission-critical by respondents, and nearly the same amount is covered in disaster recovery plans. Any sort of outage to these systems will have an enormous impact to the business."