Companies underfund their disaster recovery (DR) plans, not realizing how crucial they are for the survival and protection of the business. Several hours of downtime can cost thousands, even millions of dollars.
Another mistake is to mimic the DR strategies and budgets of other companies. Every DR plan’s budget should be calculated based on the assessment of the following variables unique to your company. Without an assessment of these company-specific costs, you risk following a cookie-cutter plan, overspending, or not spending enough.
Understand your compliance requirements
This is your best and first approach to determining your DR plan budget. Companies and organizations that have data must meet compliance requirements for backup and DR. They may include the Federal Deposit Insurance Corporation (FDIC), the Statement on Standards for Attestation Engagements 18 (SSAE 18), the General Data Protection Regulation (GDPR), and the Health Insurance Portability and Accountability Act of 1996 (HIPAA). List the compliance requirements relevant to your company and then consider their cost.
Downtime cost per hour
DR spending typically correlates with a company’s average cost of downtime. Knowing this number will help you understand the ROI of different approaches to DR. This number will include revenue loss, labor costs, and productivity costs. There may be other cost factors to consider, such as the cost of repairing a damaged reputation.
Cost of Downtime (per hour) = Lost Revenue + Lost Productivity + Recovery Costs + Intangible Costs
According to a study by Gartner, the average cost of IT downtime is $5,600 per minute. At the low end, this cost calculates to as much as $140,000 per hour, $300,000 per hour on average, and as much as $540,000 per hour at the higher end. 98% of organizations say a single hour of downtime costs over $100,000.
Time-to-recover is similar to downtime, but takes into account server and cloud service costs. If your organization uses the cloud for backup storage, the time to recover or downtime can last from hours to days. Take also into consideration the time and cost required to find a DR site and get emergency servers, networking, and storage ready.
The Disaster Recovery as a Service (DRaaS) option results in faster recovery and eliminates the need for emergency hardware. Providers of this service, however, will commit to no less than a 10-hour time to recover.
Carefully consider the cost of on-premise hardware and IT staff to maintain backups. For remote backups, the cloud can be costly because of the price of storage. The longer you store data in it, the more expensive it becomes. One option is to store only the latest copy of data to the cloud — data from the last 30 days, for example. This will keep cloud storage costs under control and will help make your organization’s DR budget manageable.
Annual hours of downtime
Examine your contract with your data center provider or cloud services provider to know your agreed percentage of availability or uptime. 99.9% availability, for instance, corresponds to 8.736 hours of annual downtime. Your annual hours of downtime will also be affected by how many hours of power outages your utility provider experiences annually.
Let’s take a look at other downtime cost figures. According to IDC and Carbonite, the average cost of downtime per hour for small companies is at $16,920. Given that, the total annual downtime risk for a small company with a 99.9% availability would be $147,813.
A company that does not have an infrastructure provider, such as a cloud services provider, colocation provider, or Disaster DRaaS, will have no service level agreement (SLA) covering the cost of downtime. Companies in this case will have to cover 100% of costs from outages, such as planned maintenance and natural disasters.
Outages from storms can last for several days, with restoration taking up as long as two weeks. Hurricanes, for instance, result in severely long outages. Hurricanes Rita, Sandy, and Ike resulted in outages that lasted up to 380 hours.
Data loss and RPO
Determine how much data your company can lose during downtime before suffering significant losses from fines, reputation damage, and productivity loss. The maximum allowable period of data loss is known as a Recovery Point Objective (RPO). Add your RPO to to the list of requirements for your DR budget. Some companies can have an RPO of one minute. While others may have an RPO of about an hour.
Instead of having just one DR site, some companies opt to get a secondary one. Having a secondary data center carries additional costs, such as hardware and making the secondary site DR-ready, which means IT staffing and upgrades.
Calculating a DR budget is a necessary yet complicated task. Small businesses can rely on the expertise and industry experience of a managed services provider to help them set up a cost-efficient DR plan. At Spectrumwise, we specialize in exactly that. Contact us today.