Is Your BCP a Statistic?
In 2010, CDW, a leading provider of technology products and services, conducted a straw poll1 on Information Communication Technologies (ICT) and security incidents showing the impact to business, both threats experienced and adopted preventative measures. In this paper, we’ll provide insight and mitigation recommendations for their findings.
Key poll results:
- 6% of business disruptions were caused by a cyber-security attack.
- 25% of businesses experienced a network disruption of 4 hours or more within the last twelve months.
- 97% of businesses suffered detrimental effects from network disruptions over the last year.
Picking the Low Hanging Fruit
According to the poll, 82% of noted disruptions were caused by non-human intervention. That is to say, in-house and contract staff didn’t make a mistake. As the numbers below indicate, the only mistake was the lack of redundancy, testing and scheduled maintenance.
- 21% of disruptions were caused by a loss of telecomm services to facilities.
- 29% of disruptions were caused by hardware failure.
- 32% of disruptions were caused by a loss of power.
Testing the failover solution(s) is as important as configuring for failure prevention. Without testing the solution, you should assume it will fail too. A scheduled and reliable testing procedure allows you to know that your always-on solution will indeed live up to its name.
Dealing with Disasters – After the Fact
The numbers below show 64% of all respondents had an ICT services disruption serious enough to impact business, or at least that they experienced an incident which pointed to potential risk. I’m left wondering how many of respondents uttered the phrases “should have” or “would have”. Both are bad for business as they indicate that decisions were made without forethought or planning or that the facts were put aside in favor of perceived cost savings.
- 30% of businesses plan to improve network connectivity to avoid network disruptions.
- 34% of businesses plan to update their BC/DR plan.
A thorough business risk analysis highlights the areas where disaster is more likely to strike, how much the damage will be, and what is to be done to reduce chance of it happening. This reduced risk position then becomes the organization’s business continuity plan or BCP.
One more poll result about the need for a BCP before we move on:
- 82% of respondents indicated disruptions could have been reduced or avoided by implementing a comprehensive business continuity/disaster recovery (BC/DR) plan.
Maintaining the Information Flow
The responses below to three separate questions show that ICT has become a utility much like the city water supply or the electrical grid. Both infrastructure systems are built with heavy redundancies and are maintained by highly skilled technical staff under the direction of knowledgeable managers.
- 22% of businesses say lost employee communications is a top negative factor with network disruptions.
- 34% of businesses report that lost customer communications is a major negative effect of network disruptions.
- 57% of businesses report productivity loss is the top negative effect of these disruptions.
Have a business risk analysis. Obtain and deploy equipment with built-in redundancies. Double up on network equipment and connectivity. Develop a business continuity plan proactively. You can ensure that your ICT infrastructure is always-on.
1 A straw poll is a means gathering data or information where the respondents are limited to Yes or No.
Orginally published May, 2011
2010 CDW Security Straw Poll: Data Loss Is Corporate Enemy Number One, online at CDW
PDF this Page