Ask a business owner whether they have a disaster recovery plan, and most will say yes.
Ask them when they last tested it, and the room goes quiet.
Ask them what specifically happens, step by step, if their server fails at 9am on a Monday. Who does what, in what order, and how long it takes to restore normal operation, and most cannot answer.
That is not a disaster recovery plan. That is a backup, possibly, and a great deal of hope.
Backup and disaster recovery are not the same thing
A backup is a copy of your data. It is a necessary component of disaster recovery. It is not, on its own, a plan.
Disaster recovery is the documented, tested, rehearsed process by which a business restores normal operation following a significant failure. It covers: what failed, what the recovery sequence is, who is responsible for each step, what the recovery time objective (RTO) is, and what the recovery point objective (RPO) is.
RTO is how long you can afford to be offline. RPO is how much data you can afford to lose. Most small businesses have never defined either of these numbers. They have no idea whether their backup infrastructure is calibrated to meet them.
The backup that cannot be restored
There is a common and deeply uncomfortable finding in managed IT: a significant proportion of backups, when tested for the first time, do not restore correctly.
The backup job has been failing silently for months, and nobody has noticed. The backup includes the data but not the system state, meaning the server can be restored, but not the applications running on it. The backup is held on-site and was destroyed in the same event as the original data. The backup software has expired or requires a licence key that nobody can find. The person who knew how to restore it has left the company.
None of these scenarios is rare. Testing a backup is not an optional extra. It is the only way to know whether the backup is real.
The six-month statistic
Research consistently shows that approximately 60% of small businesses that experience significant data loss close within six months of the event.
The data loss itself may not be recoverable. The time taken to rebuild what was lost often exceeds what the business can absorb. The reputational impact on clients who are affected by the disruption can be permanent. And the cost of the recovery process arrives at exactly the moment when the business is least able to meet it.
This is not a risk that applies only to businesses that are reckless with their data. It applies to any business that has not verified that its recovery capability actually works.
What a genuine disaster recovery plan looks like
A proper DR plan is a document, not a feeling. It contains the recovery time objective, the recovery point objective, the backup schedule, the backup location, the restoration procedure, the person responsible for each step, and contact details for every system and service involved.
It is tested. Not once, on installation, but regularly. Quarterly is reasonable for most businesses. The test involves actually restoring from backup to a test environment and verifying that critical systems and data are intact.
It accounts for different failure scenarios. A server failure differs from a ransomware attack, which is different from a fire. Each scenario has a different recovery sequence.
IT Works helps businesses across the UK to assess their current backup and recovery position honestly, implement proper backup solutions, including offsite and cloud backup, and build tested, documented disaster recovery plans that reflect the actual risk profile of the business.
IT Works disaster recovery assessment:
enquiries@it-works.co.uk | 0121 270 0808 | it-works.co.uk/disaster-recovery/