Technical issues were enough to hit TSB with a brutal three-week outage in April last year. The damage from that event is well documented – an eightfold increase in customers choosing to bank elsewhere, a bill for compensation and repairs costing roughly £176m, and a chief executive who decided to walk.
The events suffered by the bank did a great deal to highlight the potential damage that can be caused by a data outage, although we’ve seen other more malicious factors put companies at major risk.
Ransomware has thrived on taking away a company’s ability to access the services it needs most unless the demands of cyber criminals are met – in 2017, WannaCry and NotPetya both halted vital operations for the likes of the NHS and shipping firm Maersk.
Insider threats can also be problematic – sometimes employees may sabotage their own companies, as we saw with Tesla in June last year.
But sometimes accidental events can be even more significant than this kind of hostile, purposeful activity.
Think back. When was the last time that your boardroom had a chat about how to cope with cataclysmic weather, earthquakes, flooding, or fire?
It is realistic to expect that technical issues could strike at any time, or that your company could be hit by malware or sabotage. But many of us assume that natural disasters will never happen to us. Yet when they do, they prove to be devastating, both personally and professionally. Beyond the significant concern for public safety, they’re an operational nightmare that can grind cities to a halt for weeks.
From a business perspective, some of the first issues to deal with following a natural disaster are outages. Typically a business would hope to have a disaster recovery plan in place so that, when it is affected, data remains available and the impact of the incident is mitigated as much as possible. It can therefore remain functional in the face of extreme events.
Plans have historically centred on off-site servers, or even old-fashioned tapes, depending on how long ago the plans were put together.
But today’s plans should look to take advantage of cloud computing, which offers an excellent alternative to those traditional recovery methods, be it using “disaster recovery as a service” from a provider, or simply putting backups on the cloud.
This might seem like an unimportant choice now, but when an outage takes place due to a hurricane or flood, a firm will not need to wait for on-premise servers to be recovered at the affected site, or face both risks and delays travelling in person to that location – if that’s even possible.
It might feel dramatic to discuss these kinds of issues in the boardroom, but they deserve consideration, because nobody can truly guarantee that they will never face these levels of adversity, especially in an era of climate change and extreme weather events.
Whatever the circumstances, businesses can only remain functional through long-term, well-planned resilience. In a digitally transformed world, where geographical borders have dropped, what looks to be overly paranoid is in reality a business imperative. Having a plan for data recovery could offer a much-needed source of stability when disaster strikes.