The presence of specific IT DR planning within existing Business Continuity Plans was equally similar to last year’s results.

However, fewer than half the respondents had tested their IT DR processes in the last year.

What was the biggest cause of IT downtime?

Hardware failure, connectivity issues and upgrades/patches remained the biggest causes of IT downtime for respondents. Cloud outages stayed a relatively minor cause of downtime.

However, splitting respondents by the size of their IT team revealed some interesting differences. 'Connectivity issues' was the biggest cause of downtime among respondents from organisations with fewer than 5 people in their IT team – respondents in this group were also more likely to report experiencing no IT downtime throughout the year.

What challenges do you face when trying to improve your recovery speed?

The common challenges preventing respondents from improving their recovery speed were fairly consistent across different sizes of organisation. Larger organisations were marginally more likely to experience financial constraints, which makes sense given their size.

Bizarrely, as a group, smaller organisations not only desire the shortest RTOs, they also claim the fewest impediments to achieving them. It could be argued that this gives further credence to the idea that a lack of experience around actual recoveries informs both ideal RTO ambitions, and the perceived challenges along to way to achieving them.

What is the average cost per hour of IT downtime?

Respondents from small organisations didn’t report much in the way of financial consequences from IT downtime, with 41% of respondents rating the cost per hour as less than £5000, and 39% rating it as zero.

Whilst over half of respondents from large organisations didn’t know the average cost per hour of IT downtime, the largest response from those that did was over £50,000 per hour.

How long could your organisation survive without its crucial IT systems (MTPD)?

The Maximum Tolerable Period of Disruption (MTPD) refers to the length of time an organisation can survive without its critical systems before recovery plans must be invoked in order to ensure the business can safely recover from the disruption. If the decision to invoke is made after the MTPD has passed, it’s likely the organisation will experience adverse, and possible fatal consequences.

Interestingly, there wasn’t as much variation between respondents from different sizes of organisation. Estimates were fairly consistent – smaller organisations are not overestimating their needs as one might expect given the ambitious RTOs stated earlier.