Incident response plans, disaster recovery plans, and business continuity plans are essential components in a well-developed information security program. Despite this many organizations don’t test their recovery and continuity plans. A plan that hasn’t been tested is really just a guess. You’re guessing that the actions that you define in your plan will work. It’s best to think of it as insurance against the inevitable. When it’s all over, you’ll have a plan that you can feel confident in and your staff will know what to do when the grog hits the fan.”]
Source: https://www.csoonline.com/article/2135439/guess-what—can-you-trust-your-plan-.html