(no title)

Get the burden rates for staff, calculate the realistic costs of doing DR preparations and exercises vs the realistic costs of recovering from an actual incident.

Factor in loss of staff (for whatever reason).

You can dig up the costs from other companies but you can only make it real to management if you use data and numbers from your own enterprise.

Make it a documented, financially driven business decision that they cannot ignore. They may well decide not to invest in DR/continuity prep. In that case, document your activities and start looking for new employment, they do not value the business enough to invest in protecting it from absolutely predictable, let alone unpredictable, I/T events.

I was spouse–adjacent to Google for many years and really admired their DR/continuity work and exercises. I don't know if that's written up anywhere but it really seemed to be embedded in their operational philosophy (at least up to 2020, my semi–inside exposure to Google ended then).