The worst time to learn your disaster recovery plan is outdated is when a disaster occurs. As more businesses are prompted to turn to recovery plans, many have learned there is room for improvement to create a defined approach to recovery so they can bounce back from incidents.
Between 70% and 75% of organizations activated recovery plans in the last two years, Gartner research vice president Roberta Witty said in a talk during this week's Security and Risk Management Summit. Of the 298 that did IT disaster recovery, 23% report addressing one incident; 22% report two; 16%, three; 7%, four; and 8% report at least five events.
"With so many organizations having disruptions — up to five events over the last 24 months — having a defined approach for a recovery plan is imperative so you can successfully recover from all types of events," Witty explained.
There are several reasons why existing business recovery plans aren't effective. Many of these plans are outdated, for one, and often organizations lack the situational awareness they need to properly respond to any given security incident.
"Lots of times, you don't have enough information about the actual crisis at hand," she said. "The plans and procedures you've defined don't really align with what's taking place in that moment." Other problems include the development of an enterprisewide plan and neglecting to use automation, without which it's harder for businesses to align, update, and use plans.
Of course, there's no such thing as a generic recovery plan. Each plan has to be specific to the company using it, she added, and a strong plan starts with a strong program and governance structure. This means taking the time ..
Support the originator by clicking the read the rest link below.
