Do small businesses really need a Business Continuity and Disaster Recovery Plan?

By June 29, 2022 August 3rd, 2022 No Comments

You know what they say, “if you fail to plan, you’re planning to fail”. And, when it comes to small business cyber security, there can be a lot of truth in that saying.

For example, as many as 60% of SMEs close their doors within six months of having a major business data breach. Other disasters that impact your infrastructure or data, like fires, power outages, floods, etc., can also be just as damaging to the long- term health of your business.

Often, the difference between a survivable business blip and a catastrophe is how you respond to the disaster incident itself. And acting in a concerted way across your business – according to a prepared and formal, step-by-step plan – can help you minimize disruption levels for your staff and customers, ensure you don’t miss out on revenue opportunities and keep the overall costs associated with the breach as low as possible.

Having a Disaster Recovery Plan in place upfront will enable you to respond with greater speed and efficiency should the worst happen. And a Business Continuity Plan will enable your business keeps operating at as high a productivity level as possible between the disaster happening and fully addressing the issues your business is facing.

In combination, they can truly help your SME navigate difficult circumstances in a structured, more controllable and cost-effective way. If you don’t have this type of plan in place yet, now is the time to act before your business potentially gets caught unaware.

What is a Business Continuity and Disaster Recovery Plan?

To really understand Disaster Recovery and Business Continuity, it’s essential to know the difference between the two.

  • Business Continuity Planning is concerned with maintaining or recovering operations in the event of a disaster. The main point of Business Continuity is to minimize the impact on your day-to-day operations
  • Disaster Recovery (DR) concerns being prepared to detect, respond and recover from disasters as quickly as possible. In truth, there is some overlap between the two plans as they limit the damage an event has on your business

However, Disaster Recovery is more often used in the context of IT systems such as your software, devices or network. While continuity is concerned with every facet of your business.

In many cases, Business Continuity is an umbrella term that includes Disaster Recovery.

Why is a Business Continuity and Disaster Recovery Plan important?

As the recent COVID-19 pandemic proved, completely unforeseen circumstances can quickly envelop any business (for example, overnight staff were forced to work from home and even now many employers are grappling with how to enable hybrid working in changed circumstances).

COVID was a disaster on an unprecedented scale and threw small businesses the world over into turmoil. However. However, the immediate consequences of a flood, fire, cyberattack or other serious disaster -related event can be just as overwhelming including:

  • How will you deal with your customers and keep providing your products and services?
  • How do you ensure your employees can continue work?
  • Will you be able to take care of your payroll or pay suppliers?
  • How will you keep your supply chain and logistics moving?
  • How will you communicate the status of your business and services to employees, customers, and other stakeholders?

Without a systematic plan that lays out actionable contingencies, the situation can quickly move from desperate to chaotic and un-coordinated. While every moment of downtime or disrupted operations is directly hitting your bottom line.

In the case of cyberattacks or data breaches specifically, the overall cost of the attack is usually directly related to the time it takes to detect and respond. However, up to 20% of data breaches go undetected for months after your networks are compromised. Building up potential future and problems and risks if left unchecked.

How much work is needed to create a plan?

The short answer is that it depends on several factors:

  • The exact size and nature of your business (this is where SMBs have an advantage)
  • The scale and nature of assets you are trying to protect
  • Your business’s current maturity in Disaster Recovery, Business Continuity, and Cybersecurity.
  • The unique threat or risk profile of your business (based on a business impact analysis)
  • Any special security or compliance regulations you might be subject to
  • How much of your available leadership, talent and resources are available to work on the issue.

Actually creating a Business Continuity and Disaster Recovery Plan is a multi-stage process where you:

  • Carrying out an initial business impact and risk analysis
  • Identifying and prioritizing systems, assets, stakeholders, etc. that must be protected and reinforced
  • Drafting, validating and documenting the plan
  • Training and educating employees regarding the existence of the plan and their respective roles in the event of a disaster
  • Assessing the plan’s effectiveness and reworking it after an event (with appropriate version control).

This is also not a once-off project. It’s an ongoing process of continual reassessment and improvement. What’s more, as time goes on, the threats your business face and your priorities will change. So, the plan needs to evolve too.

So, gathering together the data for the plan is likely to take you a few weeks initially with regular time booked in for reviews and revisions. If you don’t have expertise in the area then it might be an idea to enlist the help of a specialist with specific Business Continuity and Disaster Recovery expertise.

What are common points of failure on Data Backup for SMEs?

For many SMEs today their data is their business, not with-standing the importance of good staff etc. But, without data nothing much else is possible so, protecting, securing, and maintaining access to your data is a crucial aspect of your Disaster Recovery plan.

With that in mind, here are the top common points of failure that should be addressed in a Disaster Recovery Plan:

  • Infrastructure or media failure: Today’s storage systems are less likely to experience serious media failure. However, it’s still important to have redundant backup systems in place if your devices fail.
  • Human error: Usually, backup systems, especially in-house ones, are still dependent on human input and configuration. If your backups are incorrectly set up, it could result in unexpected rewrites or corruption during disasters.
  • Cybersecurity hacks and breaches: Today, data is often the number one target of hackers and cybercriminals. Even if you use the most robust and redundant data systems, it might be no good if your cybersecurity isn’t up to par. Using Cloud Backup Services, implementing strict role and permission handling – and utilizing isolated backups can all help improve your overall security.

How can a Managed IT Service Provider help you plan?

One of the key issues that SMEs face regarding Business Continuity and Disaster Recovery Planning is a lack of experience and expertise. Perhaps this should not be too surprising as SMEs often don’t have the resources to invest heavily in areas that are not part of their core operations and skillsets.

This is where an experienced Managed Service Provider can step in to fill the gap by providing:

  • the thought-leadership, expertise and real-world experience needed to implement a robust Business Continuity and Disaster Recovery Plan effectively
  • an unbiased and honest analysis of your business and its requirements
  • the benefits of their specialist expertise in the area including effective data security (as they provide the service across a broad number of clients)
  • a way to speed the entire process up by removing the load from your in-house teams and getting your plan in place quickly
  • true partnership-based support to your business throughout the entire process


Depending on the type of IT services your business has in place an IT support company can also usually provide the manpower to deal with the early stages of disasters or incidents as they occur. Because the reality is that IT infrastructure and systems are going to be front-and-centre in your business recovery.

This will free you to focus on Business Continuity by ensuring you can maintain and re-stabilize your core operations. In the background, the IT support company’s incident response team will be hard at work recovering your systems and supporting your business.

Don’t leave it too late

A Business Continuity and Disaster Recovery plan plays a pivotal role in your business’s ability to respond to unforeseen incidents.

However, many SMEs lack the time, money, expertise and resources to create one for themselves.

If this sounds like you, then the good news is you still have options. Managed IT Experts can offer their expertise to help you create a plan that ensures you’re prepared for the worst. And can give the reinforcements you need should you need to respond to any incident rapidly.

So, feel free to get in touch for a no-obligation, ‘no sales pressure’ type discussion. Just don’t leave it too long as, truly, you never know the time and date…..