According to a 2012 Forrester research survey, 7% of corporate IT budgets are spent on disaster recovery (DR) and business continuation. That’s a significant investment in IT redundancy, and a signal that a majority of C-level executives, including the CIO, believe that DR and business continuation is predicated on the ability of systems to recover quickly. It’s good to be prepared for disasters, as some businesses are nearly at a standstill when systems go offline.

But there are also hidden risks and exposures that crop up when organizations become so focused on failing over their systems as a monolithic DR solution that they forget about what else has to happen in a crisis. Here’s a sample scenario:

A mission critical order system goes down during peak holiday season, and instead of waiting for a system status, someone in the order processing department calls an acquaintance in IT. The tech reports that the system is down, and he doesn’t know what is wrong or when it will be up (he doesn’t even work on the system). The order processing person then tells everyone in his department that the system is down indefinitely. Within the hour, customers are calling, alarmed that their last-minute shopping transactions aren’t being processed. The order entry people tell customers that the system is down, and they don’t know when it will be up. Eventually, the message gets passed through so many people that a reporter from a local media outlet calls, and someone (no one knows which employee) tells the reporter he heard that the system was down indefinitely. By evening, a news flash is airing, warning customers that if they want to finish their holiday shopping, they will have a hard time getting it done at XYZ company, due to system failure.

Overnight, the company has a revenue and a brand crisis because the wrong messages were issued by the wrong people to fellow employees and to the public.

How do you avoid this?

The companies that are most progressive in their DR and business continuation planning invest as heavily in ensuring that their PR and DR “communication trees” work as they do in their IT system failover provisions. These companies train their employees to refer disaster communications to individuals who are pre-designated spokespersons who are trained to convey the “right” types of messages to employees, to stakeholders, and to the public.

I once was a C-level executive for a multi-branch financial institution when our system went down. Customers attempting to do deposits and withdrawals at local branches were understandably frustrated, but all it took were senior tellers who could tell them, “The system is temporarily down, but when it comes back online, this transaction will process. Meanwhile, I can do this for you manually and have you on your way. It isn’t any problem.”

Handling disasters on the “front lines” of customer, employee, and stakeholder interactions can be that simple with effective PR and with the right people in the right places to handle these communications. It’s a DR “must” that no C-level executive should ever forget.