Risk, Business Continuity and IT DR – the Year of 2013 in Review

Risk certainly marked the year of 2013, with knock-on effects on business continuity thinking. However, in a year picking up the pieces after different disasters, the real message was a reminder that while we collectively now know a great deal about risk, we don’t always prepare or take action appropriately. The devastation caused by rainfall in the Uttarakhand state of India was one example. Environmentalists blamed what they considered to be haphazard preceding development projects of roads, resorts and hydroelectric stations for the subsequent high level of damage and deaths. Meanwhile in the US and for much of 2013, New York was applying lessons learned the hard way following Hurricane Sandy back in 2012 to produce an improved city resilience plan.

Yet risks continue to follow a familiar pattern in many areas. Typhoon Haiyan in the Philippines caught the attention of the world in 2013: the country is also in an area of the world that statistically suffers more than most from major storms. In less exotic circumstances, snow, illness, loss of IT and loss of telecommunications were the most frequent causes of business interruptions in the UK. The percentage of business affected changes a little each year, but on current showings there’s no prize for correctly guessing what will happen in 2014. The pattern has already been laid out in this and preceding years. The same is true of bush fires in Australia, even if above average fire potential is currently being predicted for the 2013-2014 season.

That didn’t stop a few man-made disasters though. The NSA snooping scandal gave company directors sleepless nights as they worried about the real security of their data in the cloud. The gradual erosion of confidence in the biggest economies of the world continued too. Moody’s Investors Services downgraded the credit rating of the UK to AA1 from AAA; Standard and Poor’s cut France’s rating again, this time to AA, two years after it lost its AAA rating. And for 2014, the winner of the 2013 Nobel Prize for Economics, Eugene Fama, thinks global recession will be the main item on the menu. Business continuity planners and managers might like to take note and act accordingly.

What then does 2014 hold for organisations in terms of risk, business continuity and disaster recovery? Some companies are embracing risk in a positive sense and expanding from a low-technology base towards a high-technology one. The move by US retail giant Sears to begin offering IT disaster recovery services is a case in point. The computing cloud continues to grow in popularity, despite fears of data breaches. Strategies employed by organisations include simply accepting the risk (average data breach costs have been showing slight decrease) and buying cyber-insurance, in addition to reinforcing their firewall and anti-virus protection. In particular, the market for global recovery-as-a-service (RaaS) is predicted to grow by over 50% over the period 2014-2018 (TechNavio forecast).

In summary, the emphasis is likely to be on good execution in 2014, rather than on harnessing blazing new solutions. The cloud is well on the way to mainstream acceptance now, while tape backup vendors continue to tweak the technology to still keep it cheaper and better able to handle large volumes of data. Who’d have thought it for a business continuity and disaster recovery solution given up for dead a few years ago? It looks like we already know about many of the right things to do. Now we just need to do them right.