Who Wants to Hear Fiction About System Recovery Time

A survey of small and medium size businesses asked executives about their Recovery Time Objectives or RTOs. A company’s RTO represents the amount of time a system, such as a web site, can be down after an incident. The incident could be a software error, hardware failure, ransomware attack or many other things. Here are some of the answers they got.

  • 92% of SMB executives said they believe their businesses are prepared to recover from a disaster.

My first question for these executives is when was the last time you TESTED that preparation and what was the result? My guess is that the primary answer will be that it has never been tested.

20 percent say that they do not have a data backup or disaster recovery solution in place. If so, how are they prepared to recover?

  • 16% of executives say that they do not know their own recovery time objectives, but 24% expect to recover in less than 10 minutes and 29% expect to recover in less than an hour.

So, while 20% don’t even have a data backup solution in place, more than half expect to recover in less than an hour.

The results are from a survey of 500 SMB execs; 87% of which were CEOs.

  • Of those who said they knew what their RTOs are, 9% said it was less than one minute, 30% said it was under an hour and 17% said it was under a day.

Compare that to recent ransomware attacks. Atlanta took several months to recover. Travelex was down for over a month.

How do all of these SMB execs figure they are smarter than these guys who took weeks and months to recover?

Another problem is that people don’t agree on what the definition of a disaster is. Is it recovering from a data loss or recovering from a malware attack or the ability to become operational quickly or what?

Bottom line – executives need to understand this recovery thing because experience tells me that it takes way longer to recover than people seem to think it does. And, for most companies, if their systems are down, they are not making money and are spending money.

If executives think they have a handle on this – conduct a mock disaster drill and see how long recovery takes. For most companies it will not be 10 minutes or an hour.

Need some help figuring this out? Contact us. Credit: Help Net Security

Leave a Reply

Your email address will not be published.