Increasing dependence on tech demands board-level IT representation

There is an organisational disconnect between the board and the IT department on disaster recovery.

We asked over 400 UK IT decision makers how their Recovery Time Objective (the length of time it takes to restore IT systems following a disaster) compared with the expectation of the board. Around a quarter (26 per cent) said their recovery times were slower than their board’s expectation, and a further quarter (24 per cent) didn’t know if they were meeting its requirement. The results reflect what we see in the real-world. There is a lack of agreement on recovery requirements for businesses.  

Organisations that do business continuity planning well have recovery objectives agreed and approved by the board. This is important because it sets the goals for business continuity and individual disaster recovery plans.  Without a consensus agreement, those recovery plans just aren’t working towards a common end.

When planning a business continuity plan, there is a question we must all address. How quickly do you need your IT system back after a disaster?  Ask the accounts team about billing systems or a sales team about its CRM and the answer is likely “ASAP”. It is possible for an IT team to deliver that kind of speed of recovery but it comes at a high cost.  

Beyond that initial, knee-jerk reaction, if you get teams to think about how they would be able to continue working, using alternative methods you start to get to a more realistic recovery need.  But ultimately the business continuity team needs to collate this information and weigh the costs and implications of downtime against the cost of recovery solutions.

Once the business sets these objectives, it’s then the responsibility of the IT department to deliver on them – to build the internal capability or to select a service provider to help them meet that requirement.  It’s therefore vital that these projects are adequately funded. It’s pointless to set a very aggressive recovery time but not provide sufficient budget to deliver on it.

A growing reliance on technology

For that reason, these decisions must also consider expected changes over the short-medium term. The board must factor in that if changes are made to the objectives, it will take time for IT to then source and implement new solutions to meet them.

We were recently told a story by an IT Manager who had just suffered an IT outage. He carried out a successful recovery and had the business back up and running in two days.  After the incident, he was called in to explain himself to the board. They asked why it took such and unacceptably long time. He then showed them that the recovery went exactly according to plan and met the recovery times they had agreed two years prior.

This example highlights a specific issue:

  1. There is a growing dependence on technology from all areas of business
  2. There is an increased expectation of uptime

Even in a very short period, for that particular business, the requirement changed. Business continuity plans, risks and mitigation plans should be reviewed and updated every year. But also, consider that the average lifespan of a solution is around 36 months (depending on depreciation lifecycle or supplier contract length). It is therefore important to plan sufficiently far ahead.

The case for IT representation on the board

This disconnect over disaster recovery also points to a larger issue. We’ve recently seen numerous high profile IT incidents, such as the troubled TSB IT migration and the recent British Airways data breach. It reinforces why organisations simply can’t afford to sideline technology to the back office any more.

These aren’t supporting functions – they are the critical operations of the business. It is our opinion that there is a need for greater IT representation at the board level. There is a need for someone with specialist knowledge to be able to translate the specifics of how technology is enabling the businesses – as well as the risks it brings.

The board sets the tone for a firm’s digital future, but it is also accountable for the ramifications of tech failures across the entire business. As we’ve seen from our research, it’s clear opinions differ between stakeholders within an organisation. Having a digital leader in place embeds the board with a more realistic understanding of the company’s IT capabilities, opportunities and threats.

+ posts

Meet Stella


Related articles

Strategy and anticipation are key to securing against cyber threats

With technological progress comes increased security risks. Sophisticated and co-ordinated cyber groups are working every day to find potential entry points into organisations’ networks.

Raising talent attraction and retention with IT investment

To be at the centre of talent attraction and retention, businesses should make use of workplace technology that enables them to integrate collaborative, secure and sustainable measures into their operations.

How NIST started the countdown on the long journey to quantum safety

Leading the charge to develop a post-quantum cryptographic standard for organisations is the US government’s National Institute of Standards and Technology (NIST).

Overcoming economic uncertainty with cloud flexibility

Particularly for companies that jumped into the cloud headfirst, taking the time to optimise existing processes is a remarkable way to reduce infrastructure costs and free up OPEX for delivering business value.

“The need for speed” – Finding a way to unlock agility for today’s businesses 

To fully support agility, the solutions chosen will need to enshrine all the latest innovations in areas like artificial intelligence, machine learning or prescriptive analytics.

Subscribe to our Newsletter