Two-thirds of companies don't regularly test their disaster recovery plans

[Inga Goddijn <inga () riskbasedsecurity com>]

http://betanews.com/2015/12/02/two-thirds-of-companies-dont-regularly-test-their-disaster-recovery-plans/

More than 60 percent of companies in the UK and Germany say that they
either test their disaster recovery plan either less than once a year, or
don't test it at all.

This is among the findings of research conducted by data recovery
specialist Kroll Ontrack which finds that a mere nine percent of companies
test their plan every one to five months and another 29 percent every six
months to a year.

Half of the companies surveyed hadn't experienced an IT disaster in the
previous three years, but more than a third had needed to invoke their
disaster recovery plan. While the majority of these companies had to invoke
their plan between one and five times, an unfortunate minority were forced
to undertake disaster recovery measures more than 10 times during the last
three years.

A further issue raised by the survey is that even though employees' mobile
devices are now an important element of corporate IT infrastructure, this
hasn't been accounted for by most disaster recovery plans. Almost half (48
per cent) of respondents say that their plans don't cover mobile devices
used by employees to access corporate systems.

"These findings are a clear indication that many companies still face
significant risks in terms of data security, data loss and data recovery,"
says Paul Le Messurier, Programme and Operations Manager at Kroll Ontrack.
"They also lack a thought-out disaster recovery plan that is tested
regularly and is bullet-proof when a real disaster strikes the company and
it is faced with system failure and data loss. Without an effective plan in
place, companies face the prospect of a loss of business continuity plus
reputational and financial damage. It's important that disaster recovery
plans are in place, but it’s just as important to ensure that they are
tested regularly and updated accordingly".

In a separate poll undertaken in the UK, almost 46 percent of respondents
say that they don't have a disaster recovery plan in place at all, while a
worrying 24 percent were unaware whether they had a plan or not.

"Even though the cost of downtime for a small to medium sized company may
not be as high as for a Fortune 1000 one, it can still have an impact that
threatens the existence of the company. It pays to have a disaster plan in
place that is tested regularly and that can be invoked quickly and
efficiently," adds Le Messurier.

Kroll Ontrack has developed a free template that smaller enterprises can
use to develop their own disaster plans, including advice on what should be
included and what testing is necessary.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!