SMEs woefully ill-equipped to handle natural disasters
Inadequate budgets, poor support from top management, lack of skilled resources amongst the reasons for this
SMALL- and medium-sized enterprises in Malaysia continue to be unprepared for natural disasters despite being highly exposed to such events that will likely disrupt their businesses, according to a new study.
According to the 2012 Symantec SME Disaster Preparedness Survey for Malaysia, 73% of respondents feel less than prepared for a disaster and only 14% have an actual disaster recovery plan in place for implementation.
The survey also revealed that less than 33% of SMEs have an off-site failover plan – a secondary location where a mirror copy of information and data can be backed up – in place.
Culled from 2,053 organizations from 30 countries including nine nations from Asia Pacific and Japan, the Symantec survey conducted by ReRez also polled 100 SMEs from Malaysia in February and March 2012. The survey sampled SMEs with a staff size of between five and 250 heads and included respondents from across major industries.
Nigel Tan, principal consultant, Symantec Asia South, noted that organizations in Malaysia have experienced several disasters – including natural causes, human errors or IT system failures – in the past year, some of which have caused business disruptions.
"But yet, the key finding in our survey was that SMEs were persistently unprepared for disaster recovery and business continuity," he told a media briefing on June 6.
And while the survey numbers showed a dismal trend in disaster preparedness, what's worse in the 2012 survey was the fact that only 14% have an actual disaster recovery plan in place, a figure that was pegged at 41% the previous year of the Symantec's yearly study, noted Koh Ee Laine, senior technical consultant, Symantec Malaysia.
Asked why there is such a huge disparity in the successive years, Koh (pic, right) said she couldn't be sure, but noted that this could be due to the fact that there are a lot more SMEs could have responded to the survey this year compared to last year.
Tan (pic, left) added, "We noticed the big drop in the [previous year's] figures but our survey did not go into the reasons for that. [However] from the survey, we can say that three main reasons as to why SMEs are unprepared and do not have a plan in place are, inadequate budgets (40%), lack of interest and priority from [top] management (30%), and the lack of skilled qualified personnel (20%)."
Quizzed further as to whether disaster recovery technology is too expensive for SMEs to acquire, Tan said, "it is not."
"The government has established an RM10 million (US$3.2millon) SME emergency fund to assist SMEs affected by natural disaster by offering soft loans from the Malaysia Industrial Development Finance (MIDF)."
Tan said this fund, though a good start to help SMEs recover in the event of a disaster, was still reactive in nature. SMEs affected by disasters would have already lost their data and suffered the impact, he added.
“SMEs must begin to assess their risks versus rewards and decide if investing in the right technology will protect them from the impact of eventual disasters.”
Other findings of the Symantec survey of Malaysian SMEs disaster preparedness revealed the following: 74% back up primary storage less frequently than a weekly cycle; only 39% of SMEs have confidence in their backups; and only 44% have confidence in their archival systems.
Symantec also noted that Malaysian SMEs encountered an average of five hours duration per outage, and that they experienced 12 outages in the last year alone, which included events such as floods, power outages, storms, and wildfires.
As a comparison, Symantec revealed that only 26% of SMEs in Singapore had a disaster recovery plan and that 42% feel less than somewhat prepared for a disaster.
The key reasons for not having a disaster recovery plan in the island-state are: inadequate budgets (27%), lack of interest from management (27%), lack of resources (33%)
Koh said that to mitigate disasters, Symantec recommends the following:
Start preparing now by developing a disaster preparedness plan today;
Get SMEs owners and employees involved by taking the lead in ensuring a disaster recovery plan is in place;
Protect information completely by implementing a back up and recovery process which is a critical component of complete information protection; and
Review and test disaster preparedness regularly, at least once a quarter, to ensure that the processes are workable and can be successfully implemented.