Have you ever heard your IT team mention DR and BCP? You know how much we IT professionals love a good acronym, and I’m sure most of you know it stands for Disaster Recovery and Business Continuity Planning. But have you ever found yourself glazing over during the next five minutes of technical discussion?
If so, you’re not alone. But recent events should make every SME leader sit up and take notice.
When The “Unthinkable” Happens To The Biggest Players
I hate talk of conspiracy theories, but the recent highly publicised outages of Amazon’s AWS and Microsoft’s Azure hosting services should lead you to ask yourself one critical question: “What impact would this have on your business?”
These aren’t small players we’re talking about. AWS and Azure have vast infrastructure and, on the face of it, almost limitless resilience. Or so we thought. If services we have almost blind faith in can go down, what does that mean for your business?
The reality is stark: 40% of SMEs do not reopen after a disaster, and many that do reopen fail within a year. Yet only 20-30% of SMEs have written business continuity plans in place. That’s a recipe for disaster, literally.
DR/BCP Doesn’t Mean Breaking The Bank
Let’s clear up a common misconception right away: DR/BCP doesn’t necessarily mean you have to rush out and invest heavily in failover infrastructure, whether that’s public cloud, private hosting, or on-site backup systems.
At the very least, you should ask yourself this fundamental question: “Have you seriously considered the risk of not doing anything versus the risk of impact if your core services failed?”
It’s perfectly acceptable to do nothing, if you’ve rigorously considered this question and fully evaluated the risks. But most SME leaders haven’t done this evaluation properly.
Beyond The Obvious Disasters
Historically, business leaders tend to think of DR/BCP in terms of extreme events: terrorism, major power outages, flooding, or more minor disruptions like losing internet connectivity. The events of recent weeks demonstrate that disruption could come from services we’ve grown to depend on completely.
Think about your daily operations:
- Your CRM system hosted on the cloud
- Your accounting software running on remote servers
- Your team communication tools
- Your customer payment processing
- Your website and e-commerce platform
How many of these could you operate without for a day? A week? What would that cost you?
The Hidden Cost Of Not Being Prepared
Cost Efficiency and Financial Protection
Recovering lost data after a disaster costs exponentially more than protecting it beforehand through proper planning. Businesses with documented continuity plans become lower-risk policyholders, potentially qualifying for better insurance terms and lower premiums.
Customer Trust and Reputation
Your customers entrust you with their essential data and expect careful handling. Any customer who discovers you lack a proper recovery plan will struggle to trust you with future business. In today’s competitive landscape, can you afford that reputation hit?
Employee Productivity and Morale
When systems fail and there’s no plan, your team spends valuable time in crisis mode rather than serving customers or growing the business. Employees who know their work is secured can focus on productivity rather than worrying about potential disasters.
Challenge Your Suppliers (They Won’t Like It)
Another critical question: have you challenged your suppliers about their capabilities? The stock answer will always be “yes,” but dig deeper with these specific questions:
When was this last tested?
Not theoretically tested, but actually tested. A full simulation with real recovery scenarios.
Was this generic or did it address my service specifically?
Generic tests tell you nothing about how your particular setup would perform under pressure.
Was it a complete end-to-end test?
Many providers test individual components but never the full recovery process from start to finish.
What is the true time to recover these services fully?
Press for specific timeframes, not vague estimates. Hours? Days? Be precise.
I remember asking a very large (and nameless) consultancy these questions years ago. They had been rigorously backing up services for my client, who had rightly been paying for this service. But when asked if they had done a complete restore from backup, there was an embarrassing silence.
Don’t let that be you.
The Smart Approach: Risk-Based Planning
Here’s how to approach DR/BCP sensibly for your SME:
Step 1: Identify Your Critical Systems
List every system your business depends on to operate day-to-day. Rank them by impact if they failed.
Step 2: Calculate The Real Cost
What would losing each system for 24 hours cost you? What about a week? Include lost revenue, recovery costs, and reputation damage.
Step 3: Evaluate Current Protection
What safeguards do you currently have? Are they tested? Are they sufficient?
Step 4: Gap Analysis
Where are your biggest vulnerabilities? Which gaps would be most cost-effective to address first?
Step 5: Create Your Plan
Document specific procedures for different scenarios. Assign responsibilities. Set recovery time objectives.
Step 6: Test Regularly
A plan that’s never tested is just paperwork. Schedule regular drills and update based on what you learn.
Making It Happen: Practical Next Steps
The good news? You don’t need to solve everything overnight. Start with your most critical systems and work outward. Focus on:
Quick Wins
- Regular, tested backups of essential data
- Alternative communication channels for your team
- Key supplier and customer contact lists stored securely offline
- Basic procedures documented and shared with relevant staff
Medium-Term Planning
- Formal risk assessments for all major systems
- Service level agreements with clear recovery commitments from suppliers
- Cross-training staff on critical functions
- Regular testing and updating of procedures
Strategic Investments
Only after you’ve covered the basics should you consider major infrastructure investments. By then, you’ll have a clear understanding of what you actually need versus what vendors want to sell you.
The Bottom Line: It’s Not If, It’s When
As more of your business relies on digital technology, please don’t ignore this critical question: “What happens when (not if) something fails?”
The businesses that survive and thrive are those that plan for disruption rather than hope it won’t happen. Recent outages at major cloud providers should serve as a wake-up call: if it can happen to them, it can certainly happen to the services your business depends on.
The choice is yours: invest time and resources in sensible planning now, or face potentially catastrophic costs when disruption inevitably strikes. For SMEs operating with tight margins and limited resources, this isn’t just good practice: it’s essential for survival.
Don’t wait for your “AWS moment” to realise how vulnerable you are. Start the conversation today, ask the hard questions of your suppliers, and build the resilience your business needs to weather whatever storms lie ahead.
Ready to assess your business continuity and disaster recovery readiness? Book a meeting directly with Tim Felix via Calendly to discuss how our fractional CIO and IT leadership services can help you build a robust, cost-effective resilience strategy that protects your business without breaking the bank. ‘Work with experienced fractional IT and risk leaders to protect your business and unlock resilience.’
You and your customers will thank you for taking action now rather than hoping for the best.
