Disasters which affect the operational functionality and integrity of an organisation’s IT infrastructure are an eventuality that every organisation will face. It isn’t a matter of “if” but rather “when” it will occur. In Ireland, the stark reality of this fact was highlighted earlier this year when on the 14th of May the Health Service Executive (HSE) suffered a calamitous ransomware attack. Overnight, the IT capabilities of the nationwide organisation were set back by 20 years as health care professionals frantically scrambled to mitigate the ill effects of this crime to patient healthcare. Paul Reid, chief executive of the HSE, has previously stated that the cost of the attack could rise to half a billion euro.

This is an extreme case, however the risks of ransomware and other forms of cyber-attack are on the rise and represent a very real threat to companies of all sizes. A 2021 Mimecast survey reports that 79% of respondents had experienced business disruption and financial loss in 2020 attributed to a lack of cyber awareness. Disruptions to a company’s IT capabilities can also stem from far more mundane sources – power outages, natural disaster, and malicious deletion, to name but a few. These all represent a very real risk to an organisation’s operational integrity. This level of risk makes one thing glaringly obvious – every single company needs to have a Disaster Recovery (DR) plan in place.

Before continuing, some commonly conflated terminology needs to be clarified, namely the difference between a DR Plan and a Business Continuity Plan.

DR Plan – Considers how best to restore business processes within a certain time frame – the recovery time objective (RTO) – in the likely event of a disaster.

Business Continuity Plan – Details how to ensure that critical business functions can continue working with minimal downtime in the event of a disruption.


What is a Disaster Recovery (DR) Plan?

A DR Plan is a detailed formal document created by an organisation which contains in-depth granular instructions on how to respond to disruptive unplanned incidents. This plan will contain strategies to minimise disruption in the event of a disaster, so that a company may resume critical business processes. Rather than merely seeking a way to mitigate the damage caused by a disaster, a DR plan will focus on getting business back to normal. It is important to note that while easily definable in the broad sense, the specific set of circumstances which would constitute an event being designated a “disaster” will vary from one company to the next. For example, a company which holds all of their customer data on one physical server will be in far more dire straits in the event of a server fire than an internet company which hosts all their data in the cloud.


Why do I need a DR Plan

The importance of a detailed and thoroughly tested DR plan cannot be overstated. The loss and/or theft of your company’s critical data can have immense financial, legal and reputational ramifications. Harking back to the HSE example, it is expected that the HSE will face legal ramifications as certain patients sue the organisation for having their personal medical information posted on the dark web as a result of the cyber-attack. In terms of direct financial loss, industry leading BCDR provider Datto advise that the average opportunity cost of lost productivity and downtime in the wake of a disaster is just shy of €20,000 (based on an average recovery time of 9 hours). Less tangible but just as damaging is the reputational damage that a company may suffer, further impinging future business opportunities. Once there is a DR plan in place, the downtime and ultimate the damage will be minimised as all the relevant business stakeholders are aware of exactly what needs to be done in the event of a disaster and in what time frame to restore proper business functionality.


But I have a Backup Solution, Isn’t that Enough?

It is a commonly held belief among many businesses that having a backup solution in place is the “be-all, end-all” of DR planning. Indeed, utilising such a solution is a fundamental starting point for a DR plan. Having all business data backed up with 3 separate copies on two different forms of media, 1 copy being held off-site for disaster recovery (assuming the 3-2-1 guidelines are being adhered to) is a great starting point. However, like an iceberg, many of the machinations which allow a DR Plan to function as intended operate beneath this surface level. An effective DR Plan needs to be able to answer the following questions:

  • Is the backup capturing the correct data? Is the data being backed up frequently enough?
  • What is the restore point and the recovery time objective?
  • Which individuals within the organisation have the authority to invoke the DR Plan? Are there redundancies in place in the event of missing/absent personnel when the disaster strikes?
  • In what order does connectivity need to be restored to appliances across the organisation?
  • Will connectivity be restored to all users or just a select few? What decides the order that connectivity is restored?


It is now apparent that having a Disaster Recovery Plan in place is a complex undertaking involving much more than simply having a third party backup solution in place.

Follow us on Twitter and LinkedIn to receive notifications on the next instalment of our Disaster Recovery series where we go in-depth into how to structure a DR Plan for your organisation.

Pamela Keane, Service Delivery Manager, Datapac.

register for upcoming events

Register for upcoming events

  • Datapac provides IT services to Glanbia
  • Datapac provides ICT infrastrure to Holfeld Plastics