I agree with Doc totally. Every org, no matter how small or large, needs some form of "data survivability" if they wish to continue their business in the event of catastrophe (flood, fire..), loss of power, injury/death/incapacity of key individuals, hardware/software failure, disgruntled employees, external attacks.....
This is part of data/information management and/or risk managment. Often overlooked, as you are experiencing. Too many tend to use wishing/hoping something didn't/wouldn't happen as their strategy.
Think worst case scenario and set up some procedures/policies to reduce risk. Test it, communicate it and take it seriously.
Good luck.