30% of Organisations Don’t Know How Much of IT Budget Being Spent on IT Resilience – Databarracks

Research from Databarrack, Ltd revealed that 30% of organisations do not know how much of their IT budget is being spent on DR and backup services.

This follows wider industry research finding that firms in Europe and North America spend 7% of their IT budget on backup and DR.

Data annual Data Health Check survey (registration required) revealed a number of insights into organisational attitudes and approaches towards IT resiliency:
• 25% do not know what percentage of their IT budget should be allocated for DR and BC
• Only 43% of organisations have tested their DR processes over the past 12 months
• 29% of respondents answered “less than £1,000” when asked “how much annually does your organisation spend on backup/DR solutions“

Has your IT security budget increased within the last year?
Click to enlarge

Peter Groucutt, MD, Databarracks, comments: “It’s often difficult for IT to secure investment for resiliency because it’s not seen as a particularly dynamic or sexy investment that will add value like a new customer-facing system. But we all know we need to invest in resilience to ensure our continued operation. DR and backup spending is protection against the risks of user downtime, data loss, and business interruption, but often knowing how much investment needed is difficult to gauge. Every organisation knows it needs some level of protection, but determining the extent, and the appropriate financial investment is an ongoing challenge, as evidence from our research highlights.”

“The analogy we often use is the police recommendation for protecting a bike,” he continued. “They suggest spending at least 10% of the value of the bike on the lock to secure it, which makes sense – if you put a cheap lock on an expensive bike it will be quickly stolen. The one caveat we would add to that analogy is that the amount you spend should also relate to your risk profile. If you frequently lock your bike up at a train station with known bike thieves you would be wise to invest more in your lock. Similarly, if your premises are in a location susceptible to flooding or terrorist events it is sensible to invest more in your resilience.”

He concludes that to help secure the funds needed to improve IT resilience, senior management must understand what the true cost of IT downtime would mean for an organisation: “There isn’t a simple answer to say ‘invest X% and you’ll remain safe,’ that works for all businesses, but that doesn’t mean that it is very difficult to budget for continuity. As with other aspects of continuity planning, if you have identified the risks to your business and analysed the impact incidents will have on your operations, it then becomes clear what mitigation strategies you need to put in place. It will always be difficult to secure investment for IT resilience if you don’t have a clear picture of what impact downtime will have. Presenting a downtime cost – considering both the tangible, as well as the intangible or hidden costs – immediately puts the cost of investment into context, and helps strengthen the case for improving IT resilience.”