Here's a tricky question: Could your company operate during a flu pandemic?
Nearly 3,000 financial services organizations tested their answers to that question with a disaster drill last September. The exercise showed that the financial sector could continue to operate during a pandemic, but it also revealed stress points throughout the industry. For instance, many recovery plans laid the groundwork for employees to telecommute -- a smart move in a scenario that could leave thousands homebound -- but the existing infrastructure couldn't handle the increased traffic.
"When you have [so many more] people working from home, the Internet is going to slow to a crawl, and that's if it's even recoverable in all parts of the country," says Nick Benvenuto, managing director and global head of business continuity at Protiviti, a risk management consulting firm.
That drill highlights the status of many companies vis-a-vis disaster recovery: They have disaster plans, but those plans aren't adequately designed to handle an actual event.
Instead, many business executives, including top IT managers, are relying on old procedures and technologies that might work for small-scale, brief disasters -- a regional power outage, for example -- but would fall woefully short during a catastrophe like another major hurricane or terrorist attack.
Moreover, many companies can't claim to have real confidence in their disaster recovery plans, either, because they fail to test and update those plans often enough to guarantee that their procedures and technologies are keeping pace with business changes and growth.
In a 2007 report from Forrester Research, only 33 per cent of 124 data center decision-makers surveyed said they believe they're very prepared to recover their data centers in the event of a failure or disaster. Meanwhile, 37 per cent said they were prepared, 27 per cent said they were somewhat prepared, and 3 per cent admitted that they weren't prepared.
However, there are leaders out there. In particular, organizations that have survived recent, massive disasters have internalized their hard-earned lessons in recovery and are now better prepared for what might come next.
And the news isn't all bad. Experts say that although companies need to work harder on disaster recovery planning and testing, they're still doing better than they have in the past.
"If you went back 10 years, things were far worse. There has been great improvement," says Jonathan Gossels, president and CEO of SystemExperts, an IT compliance and network security consulting firm. "But not enough companies are doing enough."
Although preparedness varies greatly from industry to industry and from one company to the next, Gossels says there are several factors that contribute to an organization's failures in disaster recovery preparation.
"It's expensive, it falls below the priority line, and it doesn't generate revenue. It's seen as just an ongoing high cost. It's natural for companies to do as little as they can get away with," says Gossels. "It's human nature to expect that we'll see this area underfunded."