Despite Warnings, SMBs Still Not Prepared For Disasters

Symantec announced the findings of its 2011 SMB Disaster Preparedness Survey, which measured the attitudes and practices of small- and mid-sized businesses (SMBs) and their customers toward disaster preparedness.

The survey findings show that though SMBs are at risk, they are still not making disaster preparedness a priority until they experience a disaster or data loss. The data also reveals that the cost of not being prepared is high, putting an SMB at risk of going out of business. According to the survey, downtime not only costs SMBs several thousands of pounds, it also causes their customers to leave.

“According to the research findings, SMBs still haven’t recognised the tremendous impact a disaster can have on their businesses. Despite warnings, it seems like many still think it can’t happen to them,” said Ross Walker, director of distribution and SMB for UK and Ireland at Symantec. “Disasters happen and SMBs cannot afford to risk losing their information or – more importantly – their customers’ critical information. Simple planning can enable SMBs to protect their information in the event of a disaster, which in turn will help them build trust with their customers.”

SMBs Still Not Prepared

The findings show that many SMBs do not understand the importance of disaster preparedness. Half of the respondents do not have a plan in place. Forty-one percent said that it never occurred to them to put together a plan and 40 percent stated that disaster preparedness is not a priority for them.

This lack of preparation is surprising given how many SMBs are at risk. Sixty-five percent of respondents live in regions susceptible to natural disasters. In the past 12 months, the typical SMB experienced 6 computer outages, with the leading causes being cyberattacks, power outages or natural disasters.

The survey revealed that the information that drives most small- and mid-sized businesses is simply not protected. Less than half of SMBs back up their data weekly or more frequently and only 23 percent back up daily. Respondents also reported that a disaster would cause information loss. In fact, forty-four percent of SMBs said they would lose at least 40 percent of their data in the event of a disaster.

SMBs Don’t Act Until After a Disaster

According to the survey findings, half of the SMBs that have implemented disaster preparedness plans did so after experiencing an outage and/or data loss. Fifty-two percent put together their plans within the last six months. However, only 28 percent have actually tested their recovery plans, which is a critical component of actually being prepared for a potential disaster.

Lack of Preparedness Impacts the Business

Disasters can have a significant financial impact on SMBs. The median cost of downtime for an SMB is £78,000 per day. Outages cause customers to leave—54 percent of SMB customer respondents reported they have switched SMB vendors due to unreliable computing systems, a 12 percent increase compared with last year’s survey. This downtime can also put them out of business. Also, forty-four percent of SMB customers surveyed stated that their SMB vendors have temporarily shut down due to a disaster.

Customers of SMBs also reported considerable effects to their own businesses. When SMBs experience downtime, it costs their customers an average of £65,000 per day. In addition to direct financial costs, 29 percent of SMB customers lost “some” or “a lot” of important data as a result of disasters impacting their SMB vendors.

Recommendations

The survey found that 36 percent of SMBs intend to create a disaster preparedness plan in the future. As these and other organisations create plans, Symantec offers the following recommendations:

  • Don’t wait until it’s too late: It is critical for SMBs to not wait until after a disaster to think about what they should have done to protect their information. Not only is downtime costly from a financial perspective, but it could mean the complete demise of the business. SMBs can’t wait until it is too late, and need to begin mapping out a disaster preparedness plan today. A plan should include identification of key systems and data that is intrinsic to the running of the business. Basically, identify your critical resources.
  • Protect information completely: To reduce the risk of losing critical business information, SMBs must implement the appropriate security and backup solutions to archive important files, such as customer records and financial information. Natural disasters, power outages and cyberattacks can all result in data and financial loss, so SMBs need to make sure important files are saved not only on an external hard drive and/or company network, but in a safe, off-site location.
  • Get employees involved: SMB employees play a key role in helping to prevent downtime, and should be educated on computer security best practices and what to do if information is accidentally deleted or cannot easily be found in their files. Since SMBs have few resources, all employees should know how to retrieve the businesses’ information in times of disaster.
  • Test frequently: After a disaster hits is the worst time to learn that critical files were not backed up as planned. Regular disaster recovery testing is invaluable. Test your plan anytime anything changes in your environment.
  • Review your plan: If frequent testing is not feasible due to resources and bandwidth, SMBs should at least review their disaster preparedness plan on a quarterly basis.

Phil Orford joined the FPB in February 2008 as Chief Executive. Following a brief spell as a sales executive, Phil set up his first company in 1983 at the age of 21. In the years that followed, he was involved in a number of start-up companies, which eventually formed a small group employing more than 100 staff and which had a turnover in excess of £10m. In 2005, Phil left the group and set up a new business to assist small companies comply with environmental legislation through the use of Web-enabled apps and tools.