Note: The survey on which this report is based was concluded immediately prior to September 11 and therefore reflects long-term trends rather than a potentially short-term reaction to the terrorist attacks that marred the last four months of 2001. Although terrorist attack was not a major concern of those surveyed, they did report a healthy appreciation of the need for business continuity planning and preparations for surviving a possible disaster - either natural or man-made.
The survey results indicated that expenditures on disaster recovery/business continuity (DR/BC) will triple from 2000 to 2002, while annual revenues and IT expenditures will only increase by 30% and 40% respectively. Whereas four years ago DR spending in Global 2000 firms ranged from 0.5% of the IT budget for worst-practice companies to 2% for best practitioners, these figures have nearly doubled to almost 1% and 4%, respectively. This is the best barometer of corporate interest in DR.
Another measure of the relative importance of DR/BC is the size of the DR team and its place in the organization. More than 50% of survey respondents had a fulltime DR/BC coordinator, and 50% had a dedicated DR/BC team that averaged three full-time employees, with one of them being certified.
However, organizations exhibit a wide disparity in their DR practices. These vary by vertical industry (e.g., financial companies have the most serious liability), geography, corporate culture, and risk consciousness. The most serious DR practitioners focus on constant program improvement.
Survey results indicated that more than half of respondents had a full business continuity plan (BCP) compared to only 28% who had only a disaster recovery plan (DRP). Other META Group research indicates business continuity and disaster recovery plans are largely developed in isolation, due to business units' limited understanding of IT/business continuity requirements and the IT organization's inability to convince lines of business of the critical need for a unified IT/business continuity project, resulting in many fruitless recovery plans. IT operations groups should initiate an IT/business continuity project, under a governance framework, to involve business units intimately in defining/deploying DR facilities tightly coupled to business imperatives. This initiative is crucial for mission-critical systems in general and is of prime importance to complex business-to-business (B2B) commerce chain domains in particular.