The good news is enterprises are paying a lot more attention to disaster recovery (DR).
The bad news is they're not keeping up with the growth in mission-critical IT.
That's grown 20 percentage points in the past year, yet nearly half of all IT groups carry out DR testing once a year or less.
In fact, 8% of Asia-Pacific respondents and 12% in EMEA never test their DR plans, according to a survey of 1,000 IT professionals worldwide. A third said they'd had to execute DR plans in the past year, primarily because of hardware or software failure (36%), external security threats (28%) or natural disasters (23%).
A big factor in all of this is virtualization, which as well as offering scalability and cost savings opens up new security issues; security processes that work well for physical environments don't necessarily apply for virtual apps and data.
In fact, virtualization is the biggest single driver of resurgence in DR, nominated by 55% of those surveyed. As Symantec, the survey sponsor, points out, "native DR tools in virtual environments are immature and don't provide the enterprise-class protection" that corporates need.
Despite this, 35% of virtual servers are not currently covered in organizations' DR plans, and only 37% of virtual systems are backed up.
The other side of this is that the ability to leverage virtualized servers is itself an important part of a DR strategy, and a number of vendors are offering solutions that make it easy to deploy virtualization-based DR.
One intriguing data point from the survey is the shrinking involvement of senior IT execs in DR.
It's hard to tell why. It may be part of the normalization of IT security practices that makes CIOs comfortable about delegating execution to the team.
Or it may underline the disconnect shown above: organizations are increasingly reliant on their IT platforms, but have not deployed the structures or processes to ensure they will keep running in a crisis.