APAC SMBs still not ready for disasters

Small and midsize businesses (SMBs) are still not prepared to deal with IT disasters, with only 48 percent of companies in the Asia-Pacific region that have established disaster recovery (DR) plans, according to a new survey.

Released by Symantec Monday, the survey revealed that 12 percent of Asia-Pacific SMBs did not have a DR plan or had plans to create one. Among them, 44 percent did not think computer systems were critical to the business, while 38 percent said it never occurred to them to put together a DR plan and 28 percent said disaster preparedness was not a priority.

In a phone interview with ZDNet Asia, Ronnie Ng, Symantec's manager for systems engineering, said these companies were ignoring the risks of data loss and its impact on their business by not taking disaster preparedness seriously.

Keeping in mind that SMBs in the region suffered an average of five outages last year due to cyberattacks, power outages, upgrades and employee errors, Ng noted that only 52 percent of companies said they backed up at least 60 percent of their data.

Less than half backed up their data weekly or more frequently, only 21 percent carried out daily backups.

Of those with DR plans, half said they implemented one after suffering either an outage or data loss, and only 28 percent actually tested their plan, according to the survey.

Ngsaid: "No DR plan is ready until you have tested it and that could involve having automated tools, for example, simulation of a disaster recovery, and putting that process in place. It also means making sure that every six months to a year, you should be running some kind of tests, such as recovering lost system, ensuring that systems are sound and the team is fully ready to handle a crisis."

Without a sound DR plan, SMBs in the region that encountered some form of downtime lost up to US$14,500 per day, with those in Singapore experiencing a slightly higher loss at US$14,700. Outages cost more serious damage, with some SMB customers reportedly bleeding up to US$45,000 a day, according to the Symantec report.

Companies who had experienced outages might also have lost some customers, the survey pointed out. A check with 552 SMB customers worldwide revealed that 72 percent would switch vendors in the event of disasters, Ng said, noting that customers "are not as tolerant" as their vendors might think they are.

Some 51 percent of these customers stated that their vendors' networks were temporarily shut down due to a disaster, which explained why "they are ready to switch vendors if the service level provided is not up to expectations", according to Symantec.

This is the security vendor's second SMB disaster preparedness survey which this year polled 1,288 companies worldwide. There were 900 respondents from the Asia-Pacific region which included Singapore, Malaysia, China and India.

Importance of foresight
Ng said: "Even after the first survey, we realize that SMBs are not taking [DR preparedness] seriously. This boils down to the fact that the IT teams [in SMBs] are usually small, and when they prioritize their work, it is usually the day-to-day operations that come first."

He referred to the Orchard Road flooding incident in Singapore last year as a prime example of why it is important to be "insured" against disasters. "That was one of the situations which no one thought would ever happen. With computers under water, you're likely to lose a lot of data and the recovery can be expensive if you choose to [initiate the recovery process] and provided it can still be done. This can put SMBs out of business as well," he said.

Ng explained that it is critical companies recognize the importance of protecting their data. "At the very least, back up your data and important information, and make sure you put good security solutions in place to defend external threats," he said.

Cloud computing is an option SMBs can explore to better protect their data, he recommended.

Disaster preparedness also involves getting employees educated on good IT practices, which should include not storing important data on their mobile laptops and ensuring data is duplicated on file servers to allow for a better management in the event of DR, he said.

Safe and secure access to the Internet can also help mitigate risks against potential threats, he shared.

Ng also highlighted that associations and government agencies such as Singapore's Media Development Authority (MDA) have initiatives and seminars to raise IT awareness among SMB executives.