Half of organisations would struggle to get mission-critical systems up-and-running in hours following a disaster - UPDATED

Computing research: organisations fear terrorism almost as much as flooding

The mission-critical systems of the typical organisation in the UK would be down for hours in the event of a disaster, while recovering lost data would take a similar amount of time. But many admit that it could take days to get back up and running following a disaster.

That's according to Computing's latest research, sponsored by Fujitsu and CAE Technology Services.

It found that 52 per cent of organisations believe it would take them hours to recover lost data, while fully 21 per cent believe that it could take days. A worrying three per cent claimed that it could take them a week or more - risking reputational damage in the process.

Just over one-fifth - 22 per cent - suggested that it would take them mere minutes to recover lost data.

In terms of getting systems running again, the figures were better, with only 15 per cent claiming that it would take days or weeks to get mission-critical systems back up and running, compared to 30 per cent who believe that they could get key systems back online in just seconds or minutes. Fifty-five per cent, meanwhile, believe that it could take hours.

"With any business continuity, disaster recovery and/or data protection policy, every business line and interested stakeholder should be involved in deciding what is an acceptable ‘outage'," said Gordon Nother, data protection specialist at systems and services giant Fujitsu.

Nother was commenting on the research presented in Computing's recent online seminar, "The consequences of IT disasters and how to avoid them".

He added: "A sliding-scale assessment on the impact to the business for every hour of downtime should be created. From that, a catalogue of service levels can be generated and a cost associated with a particular type of service level. It should be a business decision to decide upon the correct level of service applied to a particular business unit, and IT's responsibility to deliver it."

At the same time, though, almost two-thirds of respondents suggested that their organisation would start to suffer serious reputation damage within just 24 hours, and some 30 per cent believe that their organisations would be damaged as a result of downtime to mission-critical systems of six hours or less. Just one-fifth believe they could get by with more than two days of downtime.

"The finance and IT departments must work together so that the best possible disaster recovery system is properly resourced and effectively implemented," said Justin Harling, the managing director of services firm CAE Technology Services.

Harling added: "The marketing and communications teams must also have prepared a crisis-management response that covers all eventualities and reassures every group and individual in the business process chain. The days of just blaming the IT department for all system outages is long gone; every senior manager within an organisation has a responsibility to make disaster recovery efficient and seamless."

Computing's research also examined the kinds of internal events and external shocks that IT leaders believe are most likely to bring down their systems. Despite improvements in reliability of components such as hard-disk drives, hardware failure remains the biggest fear, cited by 59 per cent of respondents, closely followed by loss of internet or network connectivity by 46 per cent and power issues, such as spikes and interruptions, by one-third.

"Most companies have an IT disaster recovery plan somewhere within the organisation that probably plans against a certain set of expected occurrences and emergencies," said Harling.

"But in a world where technology advances every day, new disparate threats are emerging on a daily basis, so the best advice is to think about the worst possible scenarios and test your companies responses against them; make sure the disaster response is properly resourced, your staff are correctly trained and test, test and test again," advised Harling.

In terms of external failures, more than half feared fire the most, but a loss of key personnel and/or suppliers also figured highly, cited by 35 per cent.

Surprisingly, flood was only cited by one-third, despite it being perhaps the most common disaster to affect businesses and data centres - many are still recovering from the winter flooding in Carlisle, for example. Perhaps even more surprising, only slightly fewer - some 26 per cent - of respondents suggested that a terrorist incident would be "most likely" to bring down their systems.

The relative occurrences of flooding and terrorism indicates, perhaps, that flooding should be taken a lot more seriously and the risk of terrorism much less.