In this article, we'll share with you some scary stories about big checks that some companies have had to write, due to lack of adequate planning. We've highlighted important ideas to emphasize when pressing your case with executives that disaster recovery planning makes a lot of sense.
What facts are considered the most relevant and important to upper management? You may recall from our previous articles that, fundamentally, management needs to know only four things in order to decide whether to fund your plan:
- What can happen? (Fire, flood, hurricane, sabotage, etc.)
- What is the probability that it will happen? (Expressed best in percent probability of the event in a given year.)
- What does it cost when it happens? (Expressed in terms of lost sales, market share, employee productivity, and customer confidence.)
- What does preventing it cost? (Expressed as a high-level overview of the proposed protective system, procedure, or function.)
Loss of Customer Confidence
Let's do some thinking about cost—but with a twist. "Cost" is not always limited to money for rebuilding buildings and systems. Indeed, your business may experience indirect costs that are not even financial—at first, anyway. Consider this scenario: If a distraught parent can't get through to a 911 call center after little Johnny swallows drain cleaner, a real tangible cost is involved. Everyone concerned ends up on the news (and not in a good way), and someone's job is most likely on the line—and don't forget the possibility of legal repercussions. Now think about some of the other potential costs outlined in the following real examples.
Consider the letter I received from my bank recently. You can see the full document in Figure 1, but I'll cut to the chase for you:
[W]e believe one of our most important jobs is to provide the highest possible level of security for our customers. And that is the purpose of this letter. Visa® recently notified us that some of our customers [sic] debit card numbers[...] may have been stolen when a third-party vendor's systems were compromised. Upon receiving this information, we immediately took the necessary action to protect you from any potential threat.
Uh, oh. This doesn't sound good. The letter goes on:
As a result, you will soon be receiving a new check card with a new number that will replace your existing card. Your new card should arrive within the next 7 to 10 days.
Oh, rats. Do these people realize how many places (car rental companies, airline sites, and so on) now have to be changed for my "new" card?! This is one of those hidden costs: customer confidence. A bit later on, the letter continues with even more good news:
Your existing card number will be deactivated automatically within 30 days and will no longer be available for you to use.
This little present from my bank promises to become the gift that keeps on giving: Months from now, when I travel, rental car companies and airlines will be calling me because the numbers in my "secure profile" with them no longer work.
Accidents happen—that's why you plan!—but this isn't Visa's first accident. A few years back, one of Visa's servers was stolen, with several hundred thousand credit card numbers on it, and customers and clients went through the same trauma that time around.
Consider the letter I received from the U.S. Veterans Administration a couple of years ago. A laptop was ripped off, and it contained Social Security numbers and other personal info for millions of veterans. I'm concerned; I used to be Sergeant Wrobel. Again, not only the cost of the equipment was a factor, but also all the bad faith associated with the loss.
And the problem isn't getting any better.
Do you have an iPhone or a BlackBerry? The phone I carry has 16GB of memory. I make it a point not to carry critical data on my phone, although it does have a lot of people's email addresses and phone numbers.
Can you just imagine if the CEO of one of today's financially strapped automakers, banks, or some other company dropped his or her PDA in the Dallas/Fort Worth airport, and that little gadget fell into the wrong hands? Can you picture the people who could suddenly be short-selling the stock of that corporation? Two lessons to learn here:
- The obvious lesson is the cost to your company if this sort of accident happens.
- The less-obvious lesson is that wireless technology such as iPhones and BlackBerry devices takes data—which used to be very secure in computer rooms or server closets—and, for better or worse, transfers it to people's pockets. Have you updated your security standards to include PDAs?