The ROI of Disaster Recovery

istock 000068686973 small 4 roi

Many small businesses and medium-sized companies resist developing a disaster recovery (DR) strategy because they don’t want to spend money that could be allocated toward more immediate concerns, such as sales, marketing, and technology that will scale the business.

But treating DR like a luxury is like treating fire insurance as merely an option: You’re only asking for trouble, or worse. The Institute for Business & Home Safety writes, “Each year disasters such as floods, hurricanes, tornadoes, and wildfires force thousands of businesses to close. But even more common events, such as building fires, cause the same result. Our research shows at least 25 percent of those businesses that close following events such as these do not reopen.”

Even a temporary loss of the data center and network can be costly. In fact, hourly losses from $50,000 up to millions of dollars are considered common.

Companies that avoid investing in DR often do so because they can’t confidently calculate the return on investment, which is understandable as accurately valuing digital assets and assessing risk is difficult. What’s your data worth? Is it all equally valuable? What can you do to ensure business continuity?

Here are some steps to follow when trying to determine the ROI of disaster recovery.

Define acceptable costs and losses in the event of a disaster

Begin by establishing acceptable recovery parameters. This means specifying a Recovery Time Objective (RTO) and a Recovery Point Objective (RPO).

The RTO is the maximum amount of time your company is willing to tolerate from the moment of disaster until when operations are back online. To determine RTO, analyze your company’s business processes and operations, as well as costs of downtime and available budget.

The RPO defines how much data your business can afford to lose, as measured in seconds, minutes, hours, or days. Enterprises typically set different RTOs and RPOs for different systems, assigning lower RTOs and RPOs to mission-critical sales systems, for example, than the email server, whose loss doesn’t directly impact revenue (in the short term, anyway).

If you determine that your business can afford to be offline for more than 24 hours, a “cold DR solution” – in which data simply is backed up and copies kept offsite – is sufficient. If your RTO is 15 minutes or less, you’ll need “hot DR” capabilities, including ready stand-by systems and frequently replicated data. For RTOs of seconds or less, live, fault-tolerant, and long-distance disaster recovery is a necessity.

The final step is to calculate the expected ROI. The factors to consider are:

  • Unprotected downtime (the time required to restore operations without a DR solution)
  • Protected downtime (restoration time with a DR solution)
  • Hourly revenue realized (annual revenue divided by total working hours in a year)

Multiply both downtimes by hourly revenue to determine the loss for each. The difference of those represents avoided loss. Then apply this formula to estimate the ROI of a DR solution:

 ROI = (Avoided loss - Cost of DR solution/DR solution cost x 100%)

IT professionals making a case for the ROI of disaster recovery should work with the CFO to ensure the formula is accurate and realistic. It is also advisable to consult with an experienced vendor that can help assess the ROI of different options.

To learn more about how to determine the ROI of disaster recovery solutions, download our in-depth whitepaper here.

Computerworld's IT Salary Survey 2017 results
Shop Tech Products at Amazon