On the heels of its sixth annual Disaster Recovery Survey, Symantec has announced the findings of its 2011 SMB Disaster Preparedness Survey, which measured the attitudes and practices of SMBs and their customers toward disaster preparedness. The survey findings show that though SMBs are at risk, they're still not making disaster preparedness a priority until they experience a disaster or data loss. The data also reveals that the cost of not being prepared is high, putting an SMB at risk of going out of business. According to the survey, downtime not only costs SMBs several thousands of dollars, it also causes their customers to leave.
“According to the research findings, SMBs still haven’t recognized the tremendous impact a disaster can have on their businesses. Despite warnings, it seems like many still think it can’t happen to them,” said Bernard Laroche, senior director, SMB product marketing, Symantec. “Disasters happen and SMBs cannot afford to risk losing their information or—more importantly—their customers’ critical information. Simple planning can enable SMBs to protect their information in the event of a disaster, which in turn will help them build trust with their customers.”
The findings show that many SMBs do not understand the importance of disaster preparedness. Half of the respondents do not have a plan in place. Forty-one percent said that it never occurred to them to put together a plan, and 40 percent stated that disaster preparedness is not a priority for them.
This lack of preparation is surprising given how many SMBs are at risk. Sixty-five percent of respondents live in regions susceptible to natural disasters. In the past 12 months, the typical SMB experienced 6 computer outages, with the leading causes being cyberattacks, power outages or natural disasters.
The survey revealed that the information that drives most small- and mid-sized businesses is simply not protected. Less than half of SMBs back up their data weekly or more frequently and only 23 percent back up daily. Respondents also reported that a disaster would cause information loss. In fact, forty-four percent of SMBs said they would lose at least 40 percent of their data in the event of a disaster.
According to the survey findings, half of the SMBs that have implemented disaster preparedness plans did so after experiencing an outage and/or data loss. Fifty-two percent put together their plans within the last six months. However, only 28 percent have actually tested their recovery plans, which is a critical component of actually being prepared for a potential disaster.
Disasters can have a significant financial impact on SMBs. The median cost of downtime for an SMB is $12,500 per day. Outages cause customers to leave—54 percent of SMB customer respondents reported they have switched SMB vendors due to unreliable computing systems, a 12 percent increase compared with last year’s survey. This downtime can also put them out of business. Also, 44 percent of SMB customers surveyed stated that their SMB vendors have temporarily shut down due to a disaster.
Customers of SMBs also reported considerable effects to their own businesses. When SMBs experience downtime, it costs their customers an average of $10,000 per day. In addition to direct financial costs, 29 percent of the customers surveyed lost “some” or “a lot” of important data as a result of disasters impacting their SMB vendors.
The survey found that 36 percent of SMBs intend to create a disaster preparedness plan in the future. As these and other organizations create plans, Symantec offers the following recommendations:
• Don’t wait until it’s too late: It is critical for SMBs to not wait until after a disaster to think about what they should have done to protect their information. Not only is downtime costly from a financial perspective, but it could mean the complete demise of the business. SMBs can’t wait until it is too late, and need to begin mapping out a disaster preparedness plan today. A plan should include identification of key systems and data that is intrinsic to the running of the business. Basically, identify your critical resources.
• Protect information completely: To reduce the risk of losing critical business information, SMBs must implement the appropriate security and backup solutions to archive important files, such as customer records and financial information. Natural disasters, power outages and cyberattacks can all result in data and financial loss, so SMBs need to make sure important files are saved not only on an external hard drive and/or company network, but in a safe, off-site location.
• Get employees involved: SMB employees play a key role in helping to prevent downtime, and should be educated on computer security best practices and what to do if information is accidentally deleted or cannot easily be found in their files. Since SMBs have few resources, all employees should know how to retrieve the businesses’ information in times of disaster.
• Test frequently: After a disaster hits is the worst time to learn that critical files were not backed up as planned. Regular disaster recovery testing is invaluable. Test your plan anytime anything changes in your environment.
• Review your plan: If frequent testing is not feasible due to resources and bandwidth, SMBs should at least review their disaster preparedness plan on a quarterly basis.
Symantec’s SMB Disaster Preparedness Survey is the result of research conducted in October and November 2010 by Applied Research, which surveyed IT professionals responsible for computers, networks and technology resources at small- and mid-sized businesses. The report was designed to gauge the impact and stage of disaster recovery preparedness, perceptions and practices of small- and mid-sized businesses. The study included more than 1,840 respondents from 23 countries in North America, EMEA (Europe, Middle East and Africa), Asia Pacific and Latin America.
In this Symantec podcast, Donna Childs of Prepared Small Business discusses some best practices to help small businesses keep their information secure, protected, and well-managed.