Creating a Highly Effective Credit Risk Review Function in 2023 and Beyond
by Kelly Jenkins Global economic growth slowed considerably last year as many central banks continued hiking interest rates to close out the year.
Disaster Recovery: Why Your Organization Needs a Plan
Introduction
Modern financial institutions rely on a consistent flow of real-time data to power some of their most critical business processes. In certain cases, losing just a few minutes of data to disaster can result in irreversible damage to an organization.
Disasters are significant events that can periodically disrupt or completely halt critical business operations or business systems. They can strike companies of every size, and it is difficult to predict when a disaster will occur and how serious its impact will be. According to NOAA’s National Centers for Environmental Information (NCEI), in 2020 there were 7 disasters linked to tropical cyclones, 13 to severe storms, 1 to drought, and 1 to wildfires. These cost U.S. businesses roughly $95 billion—due to damages sustained to residential and commercial buildings, time element losses such as business interruption, system infrastructure damages, power outages, and other related damages. Man-made disasters can prove just as costly, and are becoming increasingly prevalent. According to data from NCC Group’s global managed detection and response service (MDR) and global cyber incident response team (CIRT), ransomware attacks rose by 92.7% from 2020 to 2021. The 2,690 reported attacks in 2021 mostly targeted organizations in North America and Europe, which accounted for 53% and 30% of all attacks, respectively.
This article aims to provide a general definition of Disaster Recovery and identify the types of disasters that can impact business operations. It also describes how an organization can prepare for a disaster through disaster planning and highlights the importance of a Disaster Recovery Plan as a means for mitigating damage and recovering quickly from an unexpected interruption.
What is Disaster Recovery?
Disaster Recovery (DR) is an organization’s approach to resuming normal operations and regaining access to IT systems and data after experiencing a natural disaster, power outage, or cyber attack. A Disaster Recovery Plan (DRP) is a formal document that outlines policies, procedures, roles, and resource allocation to help organizations navigate the aftermath of a disaster.
Types of Disaster
COVID-19, an infectious disease outbreak, is an example of a natural disaster that every organization and business worldwide experienced. Disaster recovery testing in this type of event is ongoing, ensuring that organizations are well prepared to manage future or continuing incidents. Loss of power due to a storm (hurricane or tornado) is an example of a natural disaster that could have grave consequences. A storm can affect our power infrastructure and our ability to work and respond effectively. A concrete Disaster Recovery Plan supplies a backup strategy in the case of power failure.
Infiltration of IT security, an example of a technical disaster, could result in data loss or damage. Therefore, regularly performing system backups is an essential element of a Disaster Recovery plan.
Disasters often fit into 3 categories: Natural, Man-Made, and Technical.
What is a Disaster Recovery Plan?
A Disaster Recovery Plan is a formal document that includes instructions that enable organizations to quickly respond and take actions to reduce a disaster’s impact and promptly resume operations.
Benefits of a Disaster Recovery Plan
Disaster Recovery Plans help protect an organization’s operations in several important ways. Some common cases include:
- Ensures faster recovery and minimal downtime for customers and clients. Having a Disaster Recovery Plan in place can help an organization recover without affecting normal routine operations, especially if the disaster is a big one that takes time to remediate.
- Facilitates enhanced employee management in times of disaster. Each employee is trained and understands their role and responsibilities in a disaster scenario.
- Safeguards business reputation by being able to resume business operations promptly and smoothly after an outage.
- Minimizes data loss risk, as data loss is directly proportional to the time a system is offline.
Why Do Organizations Need a Disaster Recovery Plan?
An organization would never be affected by disaster or lose data or access to its systems in an ideal world. However, the reality is that disasters happen and severely affect both large and small organizations. Something as simple as a brief infrastructure outage could result in frustrated customers and revenue loss to an e-commerce system. Alternatively, a tornado could destroy an entire data center or office. A 2019 Logic Monitor study reported that a majority (96%) of organizations have experienced at least one system outage in the past three years and 95% had experienced at least one partial outage or brownout. According to Sophos, the average bill for recovering from a ransomware attack, including downtime, people hours, network costs, lost opportunities, etc. was $1.85 million in 2021. According to Veeam’s 2021 Data Protection Report, the average downtime cost is $84,650 per hour.
In addition to the costs presented in the preceding table, many other factors should compel organizations to be proactive. Any of the following risks could pose a significant threat to businesses that don’t have a robust Disaster Recover Plan in place:
- Business Revenue Loss: A disaster can affect any revenue-generating offering that relies on consistent data flow. For example, Facebook, which generates major revenue from advertisements, experienced multiple outages in October 2021. One outage lasted 5 hours and impacted Instagram, Messenger, and other subsidiaries, costing Facebook an estimated loss of more than $100 million in advertisement revenue.
- Data Loss: System data loss can have extreme and highly adverse effects on an organization. For example, a financial organization that loses or exposes customer information as a result of a cyberattack could be faced with a loss of customer trust, litigation fees, regulatory fines, and more. According to Sophos’ 2021 State of Ransomware Report, an investigation found that only around 8% of victims recover all their data, even after paying attackers. The average ransomware victim loses approximately 35% of their data.
- Customer Loss: Any interruption to a normal service or failure to protect data could frustrate customers, who might then look for alternative service providers (potentially among direct competitors). For example, in May 2019, the UK-based telecommunications firm TalkTalk faced a cyber attack that revealed the personal details of more than 150,000 customers. The company lost more than 100,000 customers due to the incident. Unfortunately, it is unlikely that a lost customer will come back.
- Reputation Loss: Loss of customer/client information, particularly personal property information or financial information, can result in lasting damage to a company’s reputation, which could in turn increase the costs of customer acquisition an retention. A Forbes Insight report found that 46% of organizations had suffered reputational damage because of a data breach.
Conclusion
The prevalence of natural disasters, Ransomware attacks, and geopolitical upheaval has increased significantly in recent years, heightening risk for organizations around the globe. Don’t wait until disaster strikes. If you haven’t begun prioritizing Disaster Recovery just yet, FI Consulting can help you identify and prioritize your systems, develop and implement a Disaster Recovery Plan, and build a more resilient business. If you are interested in learning more about disaster recovery management, planning, and procedures, download our latest white paper here.
If you want to know more about how FI Consulting can support your organization in assessing risk and developing an effective disaster management strategy for your systems, please email contact@ficonsulting.com or call us at 571.255.6900.
