In “The State of IT Resilience,” analysis firm IDC estimates that as many as 50% of organizations could not survive a disaster event. A co-author of the report says long-time threats of hardware failure and human error have been minimized by advanced technologies only to be replaced by sinister threats such as ransomware.
“Many organizations do not have properly protected and staged offsite data, have not tested the [disaster recovery] environment, or do not have automated DR processes as part of documentation and planning,” said the report, written by analysts Phil Goodwin and Andrew Smith. “The reasons for this are complex, but principal among them are typically cost, time and training.”
The report, commissioned by DR and resilience provider Zerto, defines IT resilience as “an organization’s ability to protect data in the event of any unplanned or planned disruption and, simultaneously, support data-oriented initiatives for business modernization and digital transformation.”
Forty-nine percent of organizations have suffered a data loss event in the last three years, said Goodwin, an IDC research director of storage systems and software. Ransomware and other types of malware are top drivers of data loss.
“The cardinal sin of data protection is not being able to recover data,” Goodwin said.
Goodwin said an air gap – creating a physical disconnect between primary and backup data – is critical in protection from ransomware. He noted that ransomware hitting backups is prevalent now. Replication, for example, doesn’t have an air gap. The cloud and tape, though, are two possible platforms for creating that disconnect.
Damages rise quickly when you’re down
For the report, IDC received responses from 500 senior-level IT and business managers. Ninety-three percent reported experiencing a tech-related business disruption in the past two years. In addition, 20% of respondents experienced major reputational damage and permanent loss of customers as a result of disruptions.
IDC has determined that the average cost of downtime is $250,000 per hour, including indirect costs of lost revenue and lost productivity.
“The survey results indicate that most respondents have not optimized their IT resilience strategy, evidenced by the high levels of IT and business-related disruptions,” the report said. “However, the majority of organizations surveyed will undertake a transformation, cloud or modernization project within the next two years.”
On the plus side, organizations are taking advantage of the cloud for data protection, Goodwin said. Disaster recovery as a service (DRaaS) has helped make DR more affordable and easier, especially for businesses that might have previously balked at the cost and complexity.
“DRaaS has fundamentally changed the economics of disaster recovery,” Goodwin said.
In addition, 85% of organizations plan to hire and/or train more staff, and 94% expect to spend more on IT resilience in the next 24 months.
However, if cost is still an issue, Goodwin recommended an organization figure out how to more effectively use people and technology resources.
“Take a look at process and improve that first,” Goodwin said.