Organizations are now less confident in their ability to recover from an incident, according to a new study conducted by Databarracks, which suggests that contributing factors include a lack of testing, budgetary constraints and the growing cyber threat landscape.
The Data Health Check report found that almost one in five organizations surveyed (18%) "had concerns" or were "not confident at all" in their disaster recovery plan; an increase from 11% in 2015 and 15% in 2016. Organizations are increasingly making changes to their cyber security policies in response to recent cyber threats (36 per cent this year, up from 33% last year), yet only a quarter (25%) have seen their IT security budgets increased. Small businesses are particularly affected with just 7% seeing IT security budgets increase.
Financial constraints (34%), technology (24%) and lack of time (22%) are the top restrictions when trying to improve recovery speed. Fewer organizations have tested their disaster recovery plans over the past 12 months – 46% of respondents had not tested in 2017, up from 42% in 2016.
Peter Groucutt, managing director of Databarracks, commented on the results: "It isn't surprising that confidence in disaster recovery (DR) plans is falling. We have seen major IT incidents in the news regularly over the last 12 months, which has raised awareness of IT downtime and we have seen what can go wrong if recovery plans aren't effective.
"What is surprising is that fewer businesses are testing their DR plans. The number of businesses testing their DR plans increased from 2015 to 2016 but has fallen this year. We know that testing and exercising of plans is the best way to improve confidence in your ability to recover. The test itself may not be perfect, few if any are and there are always lessons to be learned. Working through those recovery steps, however, is the best way to improve your preparedness and organizational confidence.
Validation is one of the six main stages of the BCM Lifecycle according to the Business Continuity Institute's Good Practice Guidelines, and is essential for ensuring an effective business continuity, and by extension - disaster recovery, programme. By regularly exercising your programme, you can find out where any vulnerabilities are and make improvements, and you can help ensure that people know what is expected of them.