Over the last year, there have been a number of incidents which have highlighted the value of disaster recovery (DR) policies. Cyber-attacks have demonstrated what can happen when a company is hacked. Air traffic control ground to a halt after, according to BA, an engineer switched off something vital in error. We’re also approaching the time of year when the weather can wreak havoc on business operations, from storms bringing down lines of communication to flooding which may limit access to an office or cause outages.
SMEs Continue To Ignore Risk
There are numerous reasons why you need to have disaster recovery solutions in place; still, there are many SMEs across the country that ignore the risks and keep their fingers crossed that these things won’t happen to them. For many, there is still a lack of understanding of the risks and implications of not having a disaster recovery plan; for others they may be aware of the risk but unwilling to invest the resources.
Business Insurers Asking Questions About IT Provision
However, insurers are beginning to wake up to the importance of adequate business continuity plans, which means that even if nothing ever happens, your lack of action could cost you more than you might think. DR solutions focus on business continuity and ensure that there are no interruptions to your customer service, communications and logistics functions after the worst happens. As insurers wake up to the importance of back-up servers and storage within business operations and the essential requirement of connectivity, many are writing the requirement for dual redundancy within IT systems into the contract. If you’re not protecting yourself against possible disasters, then this could impact on whether you receive any insurance payments.
Keeping Your Business On The Road
This isn’t a new idea – a car must be proven road-worthy with an MOT certificate to be considered insured, after all – but it’s clear that insurance companies are now putting an increased focus on this area for businesses. To carry on the car analogy, if you don’t have proof that your brakes work and your car crashes into a wall, an insurer will consider this your fault and not pay for damages. Similarly, if your systems go down or even offline for any reason and you don’t have back-up systems in place, insurers are less likely to pay for any loss in revenue or restoration costs. If you have a back-up system, you may not even need an insurer to step in because you can transition smoothly to this system without any interruption in your normal operations. It’s worth insuring against accidents, but after all, we’d all much prefer that they never happened.
Building Redundancy Into Your Systems
The advantage of building this redundancy into your IT system goes beyond making sure that your insurance is fit for purpose. Even if your insurance does pay out after your systems go down in a flood, for example, the loss of reputation and customers while you scramble to deliver a solution on the hoof is immeasurable. You may get back some of the costs of the kit, maybe even the time lost, but you may never get those customers back – and you’ve just demonstrated to your insurers that you’re not adequately protected, so that means your premiums are likely to go up in future.
Keep Your DR Up To Date To Reduce Premiums
The increased awareness of insurers about the scope and possibilities of disaster recovery options and solutions means that it’s incumbent on businesses to make sure they’re up to date. Over time, it’s likely to become standard practice for all insurers to ask about disaster recovery policies and develop minimum requirements for the policy to be valid. Just as insurers are looking to reward careful drivers, there may even be options to reduce the premiums of businesses which can clearly demonstrate strong business continuity plans. Developing a disaster recovery strategy and solution with a company certified to ISO27001 standard, for example, might offer some of the same benefits as driving a car with a proven safety record.
Raising Standards Across All IT Policies & Practices
ISO27001 doesn’t just look at the kit you’re using and the plans you have in place if that fails. The standard relates to information security management, and is a framework of policies and procedures that includes not just technical but also legal and physical controls relating to risk management. That means if you chose a provider for disaster recovery that is certified, your own DR solution is likely to be more robust. That helps with business continuity, it gives peace of mind and keeps the insurers happy and such a range of benefits has to be worth the investment.
Implementing DR As Standard Practice
The concern is always that new standards or requirements become yet another box to tick, another layer of red tape for business owners. However, the interest insurers are paying to the area of disaster recovery is likely to raise both awareness and standards across the board, making it simpler for SMEs to implement a robust disaster recovery strategy. With insurance guidelines in place, business owners will know what to look for in a technology partner and which elements of DR are essential for business continuity.