Business, IT executives at odds on disaster recovery

U.S. business executives and CIOs are living in two different worlds when it comes to how they think about disaster recovery, according to a new survey of enterprise executives in the U.S. and Europe, which will be published on Monday.

The telephone survey, which was sponsored by storage vendor EMC but conducted by the research firm RoperASW in April and May of this year, asked executives how vulnerable they felt their company was to "losing access to business-critical data" in the event of a disaster.

The difference in attitude between U.S. business executives, which included CEOs, board directors, and senior financial executives, and CIOs was remarkable. Just 14 percent of business leaders felt that their data was "very vulnerable" in the event of a disaster, but almost four times as many IT executives felt that way: 52 percent of them saw their enterprise data as very vulnerable, according to the study's authors.

When it came to predicting disaster downtime, the disconnect was less pronounced: 91 percent of business executives thought they'd be able to resume normal business activities in less than three days after losing access to business-critical data, compared to 78 percent in IT, while 37 percent of business executives thought it would take their company eight hours or less to be up and running, compared to 40 percent on the IT side.

The poll is the first attempt ever to examine the difference between business and IT executives' attitudes toward disaster recovery, said EMC Director of Business Continuity Marketing Stephen Higgins.

"We've all felt, from a gut perspective, that the IT and the business executives have been somewhat out of synch," he said. This study proves that "the gut was right," he said. "There really is a gap."

"This report validates that one of the problems in the industry today is that there's this disconnect," said Tony Prigmore, a senior analyst with the industry research firm Enterprise Storage Group. "It says one of two things: either IT is correct in their level of concern and the business folks had better get on board," he explained, "or the business folks are actually listening to IT, and taking a calculated business risk decision to not take any action."

New regulations, like those covered in the Health Insurance Portability & Accountability Act, the Security and Exchange Act, and even the Sarbanes-Oxley Act will ultimately bring business and IT thinking in line, Prigmore predicted. "This gap that we see in the research has to go away," he said.

In Europe, this seems already to be the case. When European executives were asked the same questions as their U.S. counterparts, 40 percent of business leaders felt their data was "very vulnerable," compared to 44 percent of IT executives. Twenty five percent on the business side thought it would take more than three days to recover from a disaster, compared to 26 percent in IT. And 39 percent of business people thought the enterprise could be up and running within eight hours, compared to 31 percent of IT executives.

Two reasons account for the difference between European and U.S. responses, said EMC's Higgins. First, "The fact that the organizations tend to be a little flatter in the European marketplace probably leads to better communications between the CIOs and business executives," he said. Second, European history has simply made businesses there more aware of the possibility of a man-made disaster, such as a terrorist attack, he said. "They're just more sensitive to those situations than their American counterparts."

The survey interviewed 274 executives at U.S. corporations and 254 in European companies, all of which had at least $1 billion in annual revenue. Executives were chosen from a mix of industries, including health care, financial services, manufacturing, and retail.