Venyu Blog

The latest edition of Computerworld Magazine hit my mailbox the other day (also available online, registration required) and there’s an article I have to call to your attention. Entitled “Calculated Risk” and written by Stacey Collett, the content is a tantalizing dissection on the calculus shaping today’s business continuity and disaster recovery thinking.

Gleaned from content produced by Forrester Research analyst Rachel Dines, it’s interesting to see how the pendulum has swung from the time disaster recovery measures were perceived, as Collett writes, “expensive insurance policies against things that might not happen” to its current positioning as a way to quantify risk and measure the cost of disruption.

To place that shift in perspective the Forrester report explains, “It’s much more likely that a CIO or other executive will approve budget for a business continuity/disaster recovery upgrade if you can explain that in the next five years there is a 20% probability that a severe winter storm will knock out power to the data center and cost $500,000 in lost revenue and employee productivity.”

To come up with “hard numbers” most likely to influence the bean counters in your organization, among others Dines makes the following recommendations:

Calculate your annualized risk cost. Make a list of each risk in your geographic area. Next, list the likely number hours of downtime that might result from outages caused by each of those risks. In a third column, list the percentage chance of such an event happening in a year. Finally, multiply all of that by your hourly cost of downtime to arrive at your annualized risk cost.

Calculate hourly cost of downtime. Start by calculating the most obvious numbers, like revenue losses or productivity losses for salaried employees who would be unable to work; those are usually the biggest downtime-related costs. Other factors worth exploring, according to Dines, include any penalties your business would incur if you weren’t able to comply with regulations because your systems were down; loss of customers; a decrease in customer satisfaction or body blows to your company’s reputation and employee morale.

To influence the business case, Collett found that where IT leaders have been successful in securing funding for business continuity and disaster recovery projects it’s been the result of  ― in 65% of subscribers surveyed by Disaster Recovery Journal ― business units working in tandem with risk management personnel to help explain their needs in business terms to said bean counters.

Among other strategies to win over non-IT executives ― including explaining that being prepared is a competitive advantage and articulating the global need for recovery when defining the business value of a project and think of each step along the way incrementally ― is the recommendation to avoid using the word “disaster” when talking about business continuity.

Dines suggests that in that context it’s actually the most common risks are the mundane ones such as power failures, hardware failures, software failures, and human errors ― and it’s easier to calculate the likelihood of one of those incidents than it is to predict a natural disaster.

Being a pop culture junkie sensitized to the challenges of the everyday IT professional I can’t help but think of the movie “Jaws” where Mayor Vaughn, in speaking with Martin Brody (as played by the late Roy Scheider) explains the impact of driving away Amity’s summer trade: “Martin, it’s all psychological. You yell barracuda, everybody says, ‘Huh? What?’ You yell shark, we’ve got a panic on our hands on the Fourth of July.”

Given the loaded charge associated with the word “disaster” and the almost touchy-feeling euphemism of “failures” of one kind or another, on that count alone I think Rachel Dines’ observation is spot-on.