For Small Biz, Data Protection Supersedes Disaster Recovery
Small businesses aren't taking many proactive steps to plan for disasters that could strike their business. They're significantly better prepared when it comes to protecting their corporate data and systems, according to exclusive research conducted by Small Business Pipeline.
Despite a recent history that includes terrorist attacks on American soil, the resulting war against terror and a flurry of virus activity, most small businesses aren't concerned enough to develop specific plans to define how to keep their businesses up and running in the event of a disaster. They are, however, cognizant of the need to protect their data and computer systems from natural disaster and hacker attacks.
A survey of 237 small business conducted by Small Business Pipeline found a whopping 73% have no written plan that defines a strategy for responding to disaster. Of the 27% of companies that do have such a plan, about 80% actually review the plan on an annual basis with their employees.
More SMB Insights
- Government Analytics: Set Goals, Drive Accountability and Improve Outcomes
- 2012 IBM Chief Information Security Officer Assessment
Six of 10 have done no formal quantification of how much it would cost their business if it was interrupted for any extended period of time. Of that small percentage that have performed this financial analysis, 56% say they'd lose less than $10,000 per day. That result is perhaps not too surprising, given that more than half of the survey respondents have less than 10 employees. Another 27% have less than 50 employees and 16% have 99 or fewer.
In a somewhat contradictory finding, the highest number of respondents, 35%, ranked disaster recovery as about equally important as other business functions such as customer service, technology operations, finance and accounting and so on. A full 34% said disaster recovery is more important while 31% said it's less important. Despite these findings, there's no apparent sense or urgency to plan for disaster.
There was some good news: 56% of survey respondents do have a defined sequence of steps to be followed if their physical location becomes unavailable.
Z Technology, a Beaverton, Ore.-based manufacturer of test and measurement equipment for the radio and television broadcast industry, appears to be fairly typical of the survey respondents. The 10-person company has no formal disaster recovery plan, says Dan Nicholas, operations manager. "I don't think it's ever been thought about a whole lot," Nicholas says. "It's not a conscious decision to not have one."
The survey found a strong, clear emphasis on data and systems protection among small businesses, however. Those businesses are acutely aware of the threat posed by viruses, hackers and system incursions. Of the 237 survey respondents, 88 or 37% say technology-driven threats " viruses, hackers, security breaches " pose the greatest danger that could interrupt the functioning of their business. Other threats identified as most concerning:
- Disaster such as fires or explosions, selected by 27% of respondents
- Natural disaster such as weather, earthquakes, 26%
- Theft or loss of intellectual property, 7%
- Other, which includes terrorism, national emergency and so on, 3%
FMSI Actuarial Concepts and Systems Inc. of Deerfield, Ill., is indicative of the focus on protecting data and systems among small business. The firm's three employees hold themselves accountable for backing up data from their workstations on a regular basis. Data gets backed up to two separate Web-based systems maintained by different outsourcing firms for an additional layer of protection. "If one is down, the other is not down at the same time," explains Gerry Kopelman, partner.
While these backup procedures aren't explicitly defined, they are a part of the company's way of doing business. "There are no formal policies. It's just become our habit to do that. It's common sense," Kopelman says.
Like FMSI, respondents to the Small Business Pipeline survey appear well-prepared to deal with threats that could impact their corporate data. Three quarters of respondents say they have a specific medium or plan for protecting data in the event of a business or technology interruption. In a related finding, 62% of respondents say they have defined policies to secure the data on individual employees' computers. Asked to identify their primary means of protecting data, they responded as follows:
- Back up data to an off-site facility we own/manage, 43%
- Back up data to servers or systems in the same office as primary systems, 28%
- Back up data to a third-party facility, 20%
- Other, 9%
Asked to rank technologies that are most important in preventing business interruptions, the most respondents "- 40% -- selected network security products such as firewalls. Another 34% selected data backup and management.
Editor's note: This survey was conducted online by Small Business Pipeline in the month of April. There were 237 qualified respondents, with a 95% confidence level and a statistical accuracy of +/- 6.3%.