As with so many issues of security, there is usually a cost/benefit trade-off. There is a financial breaking point when planning for BCP/DRP. With security, risk mitigation measures need to be developed and implemented in association with the financial exposure as well as the likelihood of a given event. In simpler terms, don’t spend money to protect an asset that’s not at risk, and don’t spend more than the value of the asset to protect it. This is not a hard and fast rule, but more of a general guideline.
With business continuity and disaster recovery, there can be a huge cost involved. The quicker the recovery time, the more expensive the recovery process will be. Therefore, care needs to be taken to ensure that the strategies developed are both realistic and achievable to the organization. This is where the cost/benefit trade-off comes into play, and it’s where organizations can make a tremendous mistake. Let’s consider some examples.