Companies Exposed from Inadequate Disaster Recovery Planning, Testing

Symantec research reveals nearly half of full scenario testing conducted fails

DALLAS – Storage Networking World 2007. – Symantec Corp. (Nasdaq: SYMC) today announced the findings of an international study indicating that while 91 percent of IT organizations carry out full scenario testing of their disaster recovery plans incorporating relevant people, processes and technologies, nearly 50 percent of those tests fail. These high incidents of disaster recovery testing failures put companies at increasing risk for negative and expensive consequences if a disaster disrupts mission critical applications and services. The study also found that the most feared consequences of disasters among IT professionals include suffering harm to their company’s brand and reputation, negative impact on overall customer loyalty, damage to their competitive standing and loss of company information.

Nearly Half of Organizations Polled Have Executed Their Disaster Recovery Plan

Disaster recovery plans have traditionally been documents that companies hope they will never have to use. The findings of the survey revealed that nearly half of IT organizations have had to execute their company’s disaster recovery plans. Though the respondents polled recognize that planning and testing is important, many IT professionals have failed to put proper measures in place to ensure disaster recovery plans meet critical recovery time objectives (RTOs) and recovery point objectives (RPOs). According to the research findings, 48 percent of organizations have had to execute their disaster recovery plans. Additionally, 44 percent of organizations without a disaster recovery plan experienced one problem or disaster, while 26 percent experience two or more, and 11 percent experienced three or more.

The study findings also found that 69 percent of respondents are concerned about suffering damage to their company’s brand and reputation, 65 percent fear harm to overall customer loyalty, 65 percent are concerned about the impact to their competitive standing, and 64 percent worry about losing company data in the wake of disasters. Despite these concerns, the rigorous legal requirements and the severe fines companies can face by not ensuring that they have adequate disaster recovery plans in place, the study also indicates that 77 percent of CEOs are still failing to take an active role on disaster planning committees.

Findings Reveal Incomplete Disaster Recovery Planning and Testing Methods

Although a majority of respondents stated that they do test their disaster recovery plans, respondents surveyed indicated that even when tests do work, plan testing as well as probability and impact assessments are not comprehensive, leaving lingering concerns about the actual effectiveness of their efforts.

While 88 percent of IT professionals polled carried out a probability and impact assessment for at least one threat, only 40 percent carried these out for all threats, and 12 percent did not carry out a probability and impact assessment for any threat. Configuration change management was the least assessed threat area, and only 42 percent of respondents who felt exposed to this threat actually carried out a probability and impact assessment for it.

Failure to Plan for Disasters Carries Multiple Risks

A variety of concerns have prompted IT organizations to create a disaster recovery plan, with 69 percent citing natural disasters, 57 percent naming virus attacks and 31 percent specifying war and/or terrorism. Respondents also feel exposed to IT-specific threats, with 67 percent citing computer failure and 57 percent naming external computer threats. However, while 89 percent of respondents have agreed upon acceptable levels of risk with non-IT business executives in their organization, only 33 percent have done so for all the threats to which they feel exposed.

Findings Highlight Need for Comprehensive Disaster Recovery and Business Continuity Strategies

To help ensure business continuity, Symantec recommends that organizations adopt disaster recovery strategies that ensure application and data availability across any physical or virtual platform and distance. Symantec offers industry leading solutions and services to help organizations build disaster recovery strategies. These solutions include data protection, server provisioning, application clustering, storage management and replication offerings. Symantec offers comprehensive services which can help organizations reduce the impact of planned downtime and minimize the downtime of applications and data caused by unplanned disruptions. These consulting services include business continuity management, IT service continuity management, high availability and support services.

“IT executives are taking a fresh, hard look at their disaster recovery and business continuity strategies,” said Sean Derrington, director, storage management product marketing, Symantec. “To protect against downtime, organizations must implement high availability and disaster recovery across their enterprise environments. They must also maintain procedures for non-disruptive disaster recovery testing that continually evaluate the effectiveness of their disaster recovery strategy without impacting the production environment. Symantec addresses these critical demands through a broad range of industry-leading services and solutions for heterogeneous environments.”

About the Symantec Disaster Recovery Research Report

The Symantec Disaster Recovery Research 2007 report is an international study highlighting business trends regarding disaster planning and preparedness. Conducted by independent market research firm Dynamic Markets during June and July 2007, the study polled IT managers in large organizations across the U.S., 11 European countries, the Middle East and South Africa to gain insight and understanding into some of the more complicated factors associated with disaster recovery.