Press Release: Even Highly Regulated Industries Fail to Sufficiently Prepare for Disaster Recovery

by Patrick Redknap on September 24, 2013

Dismal State of Disaster Recovery Preparedness is Common in Regulated Industries as All Others

Recently a council was formed to gain a better understanding of Disaster Recovery (DR) best practices and make preparedness more cost-effective and efficient. This Disaster Recovery Preparedness (DRP) Council was created by IT business, government and academic leaders to address these issues, with its mission to increase DR Preparedness awareness and improve DR practices.


Organizations around the globe have participated in an online Disaster Recovery Preparedness Benchmark (DRPB) Survey created by the council that launched just over a month ago. This survey is designed to give business continuity, disaster recovery, compliance audit and risk management professionals a measure of their own preparedness in recovering critical IT systems running in virtual environments.

Preliminary findings from the survey indicate that organizations in highly regulated industries such as financial services, healthcare and government, fail to make the grade for disaster recovery preparedness. In spite of strict regulations, these organizations do not appear to be better prepared than others to recover critical IT systems in the event of a disaster. Some interesting statistics recently uncovered include the following:

Costs from business disruption and recovery are significant and growing

  • 1 in 5 financial services respondents specified losses from outages range from $100,000 to $5 million
  • 1 in 4 healthcare organization respondents estimated losses between $50,000 and $1 million
  • The cost of losing critical applications has been estimated by various experts at $5,000 per minute 

Results indicate lack of funding for disaster recovery preparedness

  • 90% of federal, state, and local government respondents said DR plans are not adequately funded
  • 40% of financial services companies indicated a lack of funds for DR
  • 37.5% of healthcare companies indicated the need for additional funds

 Companies are rarely testing DR plans more than once a year

  • More than half of financial services organizations test DR plans only once a year
  • 40% of government organizations test only once a year
  • 25% of healthcare organizations test only once a year

Without testing and verification of DR plans, most companies really have no idea as to whether they can fully recover their IT systems in the event of a disaster or extended outage.

Few regulated organizations document and report DR test results

  • Only 15% of government organizations fully document and report DR test results
  • Only 13% in financial services document and report results
  • Only 12% in healthcare organizations document and report results

Even fewer follow up after a failed test to see if results improve

  • Only 7% of healthcare organizations repeat DR testing after an initial failure
  • Only 9% of government organizations follow up with a repeat test

Without testing and follow up there can be little accountability for the effectiveness of a DR plan in the event of a disaster.

Most still struggle with DR compliance reporting 

  • While highly regulated companies need to produce DR reports for compliance, more than 60% of responding companies find compliance reporting overly difficult, manual and expensive
  • 50% have to manually create DR reports

Compliance reporting for DR is clearly an area ripe for automation.

Even with budget, most lack skills and time to test their DR preparedness

  • Most organizations do not have the skill sets to effectively perform DR tests
  • More than a third do not have the time to test their DR plan

For DR preparedness to improve, companies must automate processes to overcome the high cost in time and money of verifying and testing their DR plans.

The Disaster Recovery Preparedness Council will be publishing a “State of Disaster Recovery Preparedness” Annual Report later this year based on the results of its Benchmark Survey. Company IT management is encouraged to take the survey at A free copy of a preliminary Disaster Recovery report is also available at:

Participants receive immediate feedback in the form of a DR Preparedness grade from A through F, and a follow up email to benchmark their responses compared with all others who have participated in the survey.

The DRPB survey provides a benchmarking score from 0-100 that measures the implementation of IT disaster recovery best practices. DRPB benchmarking scores parallel the grading system familiar to most students in North America whereby a score of 90-100 is an “A” or superior grade; 80-89 is a “B” or above average grade; 70-79 is a “C” or average grade and 60-69 is a “D” or unsatisfactory grade. Below 60, rates as an “F”, or failing grade.

Leave a Comment

Previous post:

Next post: