Almost every Caribbean SMB will tell you it has backups. Very few have ever successfully restored one. This article is about the gap between those two states — which is where most Caribbean SMB exposure actually lives — and about the operational disciplines that close it. It is the fourth article of Pillar 2 of the series, and it carries forward the operational frame established in Article 2.3: not what the firm intends to do, but what it has demonstrably done within the last ninety days.

 

The forty-seven green ticks

In November 2025 we began the post-incident review of a Caribbean distribution firm that had just lost sixteen months of business records. The firm has ninety staff, two warehouses, a regional client book in three territories, and a relationship with its bankers that goes back twenty-two years. Its primary file server, which holds the sales ledger, the inventory records, and the entire correspondence archive, had failed at 6:14 AM on a Thursday. By 9:00 AM the IT team had begun the restore from the firm’s nightly off-site backups.

By 11:30 AM they had discovered that the most recent backup the firm could actually restore was sixteen months old.

Every backup taken in the intervening period had completed without error. The monthly IT report to the managing director had recorded a green tick beside the line item “Backups completing successfully” for forty-seven consecutive months. The off-site copies had been rotated to a director’s home every Friday. The annual IT audit had recorded no findings on backup or continuity. The firm had every appearance of being well-prepared.

The technical fault, on inspection, was almost trivial: a single misconfiguration in the backup chain, introduced sixteen months earlier during a software upgrade, that had silently changed the destination of the daily backup files from the verified backup volume to a temporary scratch volume that was overwritten nightly. Every backup had completed; none had been retained. Nothing in the daily status report had distinguished the two.

The fault could have been detected within fourteen days, in a routine restore exercise of any single file from any of the backups taken after the upgrade. The firm had never performed such an exercise in any of its forty-seven months.

The managing director, asked at the close of the post-incident review whether the finding troubled him, gave the answer this article exists to honour. “It doesn’t trouble me as a finding,” he said. “It troubles me as evidence that we have spent fourteen years buying something we cannot use. Nobody ever told us we had to test it.”

The firm’s backups are not the question. The firm’s recovery is. Most Caribbean SMBs have invested significantly in keeping copies of their data, and almost nothing in confirming that the copies are restorable.

1. The Tuesday morning event

The conversation about backup and continuity in the Caribbean has, for thirty years, been a conversation about the catastrophic event: the hurricane, the fire, the regional outage. The framing has done some useful work. It has put generators in offices, produced offsite tape rotation arrangements, and put disaster-recovery clauses into commercial leases. It has not, in our observation, materially changed the operational readiness of the typical Caribbean SMB, because the threats it imagined are not the threats the firm has actually faced.

In the engagements we have run with Caribbean SMBs over the last eighteen months, only one of the disruptive events the firm has had to recover from was a named hurricane. The others, in order of frequency, were: a four-hour internet outage during the firm’s busiest invoicing afternoon of the quarter; an accidental file deletion that destroyed three weeks of a project team’s working draft; a power surge that corrupted a database in a way that did not become visible for nine days; a cloud SaaS provider regional incident that prevented the firm from issuing quotations for ninety minutes; and a ransomware detonation that arrived through a routine email three days before it encrypted the firm’s server at 4:47 AM on a Saturday.

None of these required a hurricane. All of them required something the firm should have built and exercised in advance. None of them, in any of the engagements we are describing, were materially addressed by the firm’s existing backup arrangement.

The threat the Caribbean SMB should plan for is not the disaster. It is the Tuesday morning event: the disruptive incident that arrives without warning, costs the firm somewhere between four hours and four days of operating capacity, and exposes the gap between what the firm believed it had prepared for and what it had actually prepared for. The Tuesday morning event is what continuity is for.

2. Backup is not recovery

The single most useful distinction in this entire territory is the one between backup and recovery. The two words are routinely used as if they were synonyms. They are not. The firm that conflates them is the firm most likely to find, on the morning of the Tuesday event, that it has paid for one thing while believing it had paid for another.

A backup is a copy of the firm’s data, taken at a point in time, stored somewhere other than the primary system, intended to be used in the event that the original data is lost or unusable.

A recovery is the operational act of returning the firm to a working state after the disruptive event. A recovery uses one or more backups as inputs, but it also requires: the working hardware or cloud capacity on which to restore the data; the credentials, software licences and configuration knowledge to bring the systems back to life; the trained personnel to do the work; the documented procedures; the operational verification that the restored data is correct, complete and usable for the work it supports; the elapsed time within which all of this must happen if the firm is to remain in business; and a communications and continuity protocol that keeps the firm operating manually during the recovery itself.

Backup is one component of recovery. It is not, on its own, recovery. A firm that has only the first component has not prepared for the disruptive event; it has only prepared to be in possession of a copy of its data when the event arrives.

Backup is a noun. Recovery is a verb. The firm that pays only for the noun has paid for evidence; it has not paid for capacity.

This distinction matters because almost every Caribbean SMB we have engaged with can produce backup evidence on demand. Almost none of them have ever produced recovery evidence, because they have never been asked for it. The audit committee asks whether the firm is taking backups. It rarely asks whether the firm can restore them. The IT report records a green tick against backups completing successfully. It rarely records a green tick against the last successful restore.

The shift this article is asking for is from one measure to the other: from the firm’s monthly backup status to the firm’s most recent restore exercise. The first is necessary but uninformative. The second is the only measure that tells the firm whether it has what it thinks it has.

3. Continuity in three time windows

The most useful operational frame we have found for Caribbean SMBs is to separate the continuity conversation into three time windows, each with a distinct character and a distinct deliverable. The windows are not novel; the discipline of being explicit about which window the firm has actually prepared for is.

Window	What the firm does	What it actually requires
First 30 minutes	Keep operating manually.	A printed list of the eight things the firm must still be able to do without its primary systems — issue an invoice, accept a payment, contact a key client, dispatch a delivery — and the manual procedure for each.
First 8 hours	Restore the critical systems.	A documented restore order, a named individual responsible, and an exercised restore procedure for each of the systems on which the firm’s revenue or its regulatory obligations directly depend.
First 3 days	Return to near-normal operations.	A communications plan for clients, staff, regulators, insurers and bankers; an alternate-premises arrangement if the office is inaccessible; and a route by which the firm replenishes the data created during the 30-minute and 8-hour windows.

 

The thirty-minute window is almost entirely a procedural and human-readiness question; it has almost nothing to do with backup. The eight-hour window is where the firm’s technical recovery actually happens, and is the window in which most Caribbean firms have invested without testing. The three-day window is where the firm’s commercial and reputational continuity is determined, and is the window most Caribbean firms have not thought about at all.

Each window has its own failure mode. The firm that has prepared only for the eight-hour window finds, when the internet circuit fails at 11:00 AM, that nobody knows how to issue an invoice on paper. The firm that has prepared only for the thirty-minute window finds, at hour ten, that the restore is failing and the manual procedures cannot sustain the firm into a second day. The firm that has prepared only for the three-day window finds, at hour two, that it cannot tell clients anything because the leadership team is still trying to log in.

A continuity plan that is silent on any of the three windows is not a complete plan. The firm’s next continuity review should ask, for each window, the specific question that window requires: For the first thirty minutes, what do we do? For the first eight hours, how do we restore? For the first three days, how do we communicate, where do we operate from, and how do we replenish what was lost?

4. The four failures the firm should plan for

The catastrophic-event framing has long obscured the actual operational shape of what disrupts Caribbean firms. The disruptions we have observed in practice are four, in order of frequency: accidental deletion, silent corruption, outage, and ransomware. Each has a distinct recovery profile, and the firm that has prepared for one has not necessarily prepared for the others.

Failure mode	How it actually arrives at the firm	What the firm’s recovery depends on
Accidental deletion	The bookkeeper overwrites the year-end trial balance with the prior period’s. The administrator deletes a shared folder thinking it was a copy. A departing employee, in tidying up, removes files the firm did not realise it still needed.	A backup chain that retains versions over time — not just the most recent state — and that the firm has practised restoring a single file from, not merely the whole system.
Silent corruption	A database file develops an inconsistency. The corruption replicates into the backups for weeks before anyone notices. The firm discovers, on attempted restore, that every backup in the retention window contains the corruption.	A periodic integrity check on the backed-up data, not merely on the success of the backup job — and a retention window long enough that an uncorrupted version still exists.
Outage	The internet circuit fails. The grid drops. The cloud SaaS provider has a regional incident. The firm cannot log in, cannot bill, cannot dispatch — and finds, after ninety minutes, that nobody can recall how to do the work manually.	The 30-minute window — the printed manual procedures, the offline contact list, the alternate communications channel — none of which require the systems that have failed.
Ransomware	The malicious payload arrived three days ago through a routine email and remained dormant. It detonates at 4:47 AM on a Saturday. By Monday morning every reachable file — on the server, on the workstations, and on every backup the firm has not deliberately isolated from the network — is encrypted.	An offline or immutable backup copy that the ransomware could not reach because it was not on the same network, plus a documented decision in advance about what the firm will do if a ransom is demanded.

 

The four failures are not equally common, but the firm should not plan only for the most common. They are also not equally costly, but the firm should not plan only for the most costly. The most damaging finding in any of our Continuity Readiness Reviews has consistently been the same: the firm had prepared, often quite thoroughly, for one of the four failure modes — usually outage or ransomware, because those are the failure modes that have appeared in board papers — and had no preparation for the others, because the others had never been articulated as separate failures requiring separate preparation.

A useful exercise for the firm’s next risk committee meeting is to place the four failure modes side by side, and ask, for each: When did we last test our recovery from this? The four answers, written in the same column, will tell the committee what the firm has actually prepared for and what it has only intended to prepare for.

5. The restore exercise

The single highest-yield operational discipline in this entire pillar is the restore exercise: a periodic, scheduled, documented event in which the firm takes one of its backups and actually restores it. Not a tabletop walkthrough. Not a report-based review. An actual restoration of actual data from an actual backup, performed by the people who would perform it during a real incident, on the timescale on which a real incident would unfold.

It is the discipline that almost no Caribbean SMB performs, and almost every Caribbean SMB should. The cost to run it once is modest. The cost of not running it, on the morning of the Tuesday event, is the firm’s.continuity.

What a restore exercise actually contains

Element	What it looks like in practice
Selection	The IT team and an operational owner together choose one critical system or one critical data set — not the easiest, the one that would actually hurt the firm if it were unrecoverable.
Isolation	The restore is performed to an isolated environment, not over the production system. The exercise must not put the live data at risk.
Verification	The operational owner — not the IT team — checks that the restored data is correct, complete, and usable for the work it supports. Restoration is verified by the business, not by the technology.
Timing	The exercise is timed end to end. The actual elapsed time is recorded against the firm’s stated recovery time objective. A meaningful gap between the two is the exercise’s most useful finding.
Documentation	The procedure followed, the obstacles encountered, the time required and the corrective actions identified are recorded in a one-page memorandum. This memorandum, not the success of the restore itself, is the artefact the audit committee will want to see.
Cadence	Quarterly is the right rhythm for an SMB of 30 to 200 people. Annually is the minimum that satisfies an audit committee; quarterly is the cadence that actually catches the configuration drift that makes backups silently unrestorable.

 

A firm that performs this exercise quarterly, on a rotating selection of its critical systems, will, within twelve months, have validated its recovery for every system its business actually depends on. A firm that has never performed it has, in operational terms, no recovery capability at all — only the hypothesis of one.

A backup that has not been restored is a hypothesis. A restore that has not been timed is an aspiration. The firm has paid for them both; only one of them will be there when the firm needs it.

6. The continuity artefact

The default deliverable for “business continuity planning” in the Caribbean SMB is a binder. It is typically three hundred pages, was written by a consultant who is no longer engaged, was last updated three CEOs ago, lives on a shelf in the IT director’s office, and would, in the event of an actual incident, be wholly unread and largely unreadable. It is a compliance artefact. It is not a continuity artefact.

The artefact this article argues for is different in every respect. It is short — twelve pages is generous. It is current — dated within the last ninety days, or it is treated as expired. It is operational — it tells the firm’s leadership team what to do, in the order it should be done, in the language a non-technical reader can follow. It is exercised — the restore section is supported by a memorandum of the most recent exercise, and the manual procedures section is supported by evidence that the firm has rehearsed at least one of them in the last quarter. And it is owned — there is a named individual, not a department, whose responsibility it is to keep it current.

What the continuity artefact contains

Section	Contents
1. The first 30 minutes	A numbered list of the eight to twelve operational activities the firm must continue when its systems are unavailable. For each: the manual procedure, the person responsible, the paper or alternative-channel resource required.
2. The first 8 hours	The restore order — which systems are recovered first, second, third — and the named individual responsible for each. The targeted recovery time for each, validated against the most recent restore exercise.
3. The first 3 days	Client communications templates. Staff communications templates. Regulator notification triggers and contacts. Insurer and banker contacts. Alternate-premises arrangement and access procedure.
4. Contacts and credentials	The thirty to fifty contacts the firm cannot operate without, on paper, available to the leadership team without requiring access to any firm system.
5. The last exercise	The one-page memorandum from the most recent restore exercise: what was tested, how long it took, what failed, what was corrected. Dated within the last ninety days, or the document is out of date.

 

This artefact is what the firm’s leadership team will reach for at 6:15 AM on the Tuesday of the event. It is the difference between an organised response and an improvised one, and the difference between an improvised response and an organised one is, in our observation of Caribbean firms over twenty years, very nearly the difference between the firm continuing and the firm not.

7. The Caribbean operational specifics

Continuity planning that has been imported from a North American or European template will, in practice, miss the operational specifics that determine whether a Caribbean SMB’s plan actually works. Five specifics are worth naming here, because they recur across the territories Dawgen Global serves and they materially change what the firm’s plan should contain.

Power

Grid reliability varies materially across the Caribbean. In Jamaica, the firm’s plan should assume the possibility of a multi-hour JPS outage in any given week, particularly during the wet season; in some territories the assumption is more demanding still. A continuity plan that does not specify how the firm operates during a grid outage of two, eight, and twenty-four hours has not addressed the most common disruption the firm will face. The plan should distinguish between the equipment the firm has a generator for, the equipment the firm has battery backup for, and the equipment the firm has no power-continuity arrangement for. The third category is where the firm’s actual exposure lives.

Telecoms

Single-carrier dependence is the most common single-point-of-failure in the Caribbean SMB. The firm whose primary internet circuit, primary telephony, and primary mobile data are all carried by the same provider has, on telecoms alone, a single failure mode that can disable the firm for hours. A second carrier — even one used only as a standby — changes the firm’s telecoms continuity from a hope to a procedure. The cost is modest, and the protection is real.

Fuel

A generator that has not run in six months is not a generator; it is a sculpture. Caribbean fuel logistics during a regional disruption are not what they are in normal times: queues, rationing, payment-system failures and supplier prioritisation are routine. The firm’s continuity plan should specify, for each of its generators, the supplier, the standing arrangement, the priority and the fallback. The plan should also specify when the generator was last test-run under load — not idled, run under load — which for most Caribbean firms will be longer ago than the leadership team would estimate.

Cloud latency and regional incidents

Caribbean firms increasingly depend on cloud SaaS platforms whose primary data-centre regions are in the United States or, less commonly, Europe. Regional incidents at these providers will affect the firm even though the firm itself is geographically nowhere near the incident. The firm’s plan should specify, for each of the cloud platforms its operations depend on, the provider’s incident communications channel, the documented SLA, and the firm’s manual procedure if the platform is unavailable for two hours, eight hours, and twenty-four hours. The first two of those windows occur several times a year; the third is rarer but has occurred in the last twenty-four months for platforms Caribbean firms depend on.

Insurance posture

Cyber insurance in the Caribbean is, in 2026, less standardised and less straightforward than it is in the larger markets. The firm should not assume that the policy it holds covers the failure mode it will actually face; it almost certainly does not cover all four of the failure modes set out in Section 4. The continuity plan should record, in plain language, what the firm’s cyber policy actually covers and what it explicitly excludes, the notification triggers and timeframes the policy imposes on the firm, and the insurer contact the firm will use during an incident. This section of the plan should be reviewed annually at policy renewal; the version the firm has on the morning of the event should be the version on its current policy.

None of these specifics is exotic. Each is well within the operational reach of an SMB of 30 to 200 people. The point of naming them is that they are absent from almost every continuity plan we review, because the templates from which those plans were built were not built for the Caribbean.

8. The pillar so far

Article 2.4 closes the operational core of Pillar 2. The four articles compose into a single operational position that the Caribbean SMB should be able to demonstrate, not assert:

• Posture: the firm has a posture — articulated in writing, current within the year, owned by a named executive (Article 2.1);
• Access: the firm controls who has access to what — with an inventory of accounts, a defined access-layer owner, and a discipline for Lingerers (Article 2.2);
• Data: the firm protects the data it holds — across the four data states, with an inventory and a retention policy, in operational practice not merely in legal commitment (Article 2.3);
• Continuity: the firm can recover from disruption — across the three time windows, against the four failure modes, with a continuity artefact dated within ninety days and a restore exercise dated within ninety days (Article 2.4).

 

Article 2.5 will extend this position outwards to the firm’s third parties — the suppliers, contractors, cloud platforms and outsourced services through which the firm’s data, access and operational dependencies extend beyond its own walls. Article 2.6 will translate the entire pillar into a measurable scorecard the firm can track over time. But the operational core of the pillar — posture, access, data, continuity — is now in place.

9. Dawgen Global’s Continuity Readiness Review

The Continuity Readiness Review is the fourth offering in the Pillar 2 commercial menu, designed for Caribbean SMBs that have understood the argument of this article and would like to know, in operational terms, where their firm currently stands.

The Review is a one-week fixed-price engagement that produces three deliverables. The first is a current-state inventory: the firm’s existing backup arrangements, the systems they cover, the retention they actually provide, the off-site rotation in place, and the dates of any restore exercises within the last twenty-four months. The second is an exercised restore: under the supervision of the engagement team, the firm performs a single, scoped, end-to-end restore of one critical system, timed against the firm’s stated recovery objective, with the operational verification performed by the system’s business owner rather than the IT team. The third is the continuity artefact: a twelve-page document, in the format set out in Section 6, covering the three time windows, the four failure modes, the contacts and credentials, and the memorandum of the restore exercise just performed.

The Review composes with the three Pillar 2 offerings published earlier in the series:

• the Cybersecurity Posture Review (Article 2.1), which establishes the firm’s overall security posture and 12-month roadmap;
• the Access Inventory Audit (Article 2.2), which produces the current-state inventory of who has access to what, including the Lingerers;
• the DPA 2020 Operational Readiness Review (Article 2.3), which maps the eight Data Protection Standards onto the firm’s operational practice and produces a retention policy and remediation roadmap;
• the Continuity Readiness Review (this article), which exercises the firm’s recovery capability against the three windows and the four failure modes.

 

The four engagements may be commissioned individually, sequentially, or as a combined Pillar 2 Operational Readiness Programme. Clients who commission the combined programme receive a single integrated current-state report and a single integrated 12-month roadmap, with engagement-level deliverables on each pillar.

Closing

The distribution firm whose story opens this article is, today, still in business. The eight-hour window of its November 2025 event extended to four days. The three-day window extended to a fortnight. The firm reconstructed sixteen months of records from a combination of bank statements, supplier correspondence, customer confirmations, archived emails on individuals’ mailboxes, and a stack of printed delivery dockets that a warehouse supervisor had kept in a filing cabinet against firm policy. The firm has, since the event, performed a restore exercise every quarter. Its most recent backup, taken last Thursday, has been successfully restored, in full, twice.

The cost of the discipline that would have prevented the firm’s sixteen-month gap was, on inspection, lower in any twelve-month period than the cost of the four days during which the firm was operationally dark. The Tuesday morning event came, in the end, with a price tag the firm had to pay anyway. The firms that have read this article have a choice the distribution firm did not have: to pay that price in advance, in disciplined preparation, rather than after the fact, in disorder.

The firms that survive the Tuesday morning event are not the firms that imagined the catastrophe. They are the firms that exercised the recovery.

The firms that have read this article and would like to know, in operational terms, where their own continuity actually stands are invited to contact [email protected] to discuss a Continuity Readiness Review. The conversation begins with one question, which the firm can usefully answer for itself before the call: When was the last time the firm restored a backup, end to end, and timed how long it took?

ABOUT THE AUTHOR

Dr. Dawkins Brown is Executive Chairman and Founder of Dawgen Global, an independent, integrated multidisciplinary professional services firm headquartered in New Kingston, Jamaica, with engagements across more than fifteen Caribbean territories. Dawgen Global’s services span audit and assurance, tax advisory, IT and digital transformation, risk management, cybersecurity, HR advisory, mergers and acquisitions, corporate recovery, business advisory, accounting BPO and virtual CFO services, and legal process outsourcing. The firm is independent and is not affiliated with any international network.

 

ABOUT THE SERIES

The Caribbean Digital Foundations Series is a multi-pillar thought-leadership programme published by Dawgen Global. Pillar 2 — Trust & Security — comprises six articles examining the operational disciplines a Caribbean SMB requires to build and maintain trust in its systems, its data and its continuity. Articles 2.1 (Cybersecurity Posture), 2.2 (Identity and Access), 2.3 (Data Protection), and 2.4 (Continuity) are published. Articles 2.5 (Third-Party and Supply-Chain Risk) and 2.6 (the Caribbean Cyber Hygiene Scorecard) will conclude the pillar.

© 2026 Dawgen Global. All rights reserved.

 About Dawgen Global