Re: DR plans
You are absolutely correct. In fact, I think I've written the exact same thing in about a dozen different ways on this very site. Unfortunately, nerds don't control the business.
Or fortunately? It depends on your outlook. Nerds would spend a virtually unlimited amount of money on things, restrict changes to rigid procedures that had long time horizons and generally play things incredibly paranoid and "safe." This would result in an unbeatable network, but a massive money sink and virtually zero agility. At large enough scale you could provide agility - sort of - but certainly not in the SME space. So the owners of the business make choices and they take risks. "Continue operating today" versus "prevent a risk that may not happen." There isn't always money for both.
What really gets me is the armchair quarterbacks that seem to think that any systems administrator or contractor on the planet has the ability to force their clients/employers/etc to spend money and make the choices that the armchair quaterback would make.
Of course, when the Anonymous Coward knows only 10% of the story, that isn't a problem, because it's obvious that everyone should do everything according to the most paranoid possible design costing the maximum amount of money using the best possible equipment and all of the relevant whitepapers. The part where doing that would bankrupt most SMEs is irrelevant. Nerds believe in IT over all things.
Forget the people, forget cashflow; the money is always (magically) there, it is just that business owners are withholding it to fund their massage chair. Salaries of staff don't need to be paid; you need to hire more IT guys. The ability of sales, marketing etc to generate revenue is irrelevant, all that matters is that they cannot possibly affect the system stability and that the data (generated by what? Why?) is secure.
So yeah; shit happens, and in a perfect world you'd get an up front investment from them to prevent issues and solve potential issues. In the real world, however, things get messy. Oftentimes they simply don't have the money, can't obtain it and/or aren't willing to do things like mortgage their own house to cover a remote possibility event.
Other times, they are unwilling to make the investment and there's nothing you can do. It's your job as a sysadmin to do the best you can with what you have. You make your recommendations, you accept the choices the client makes and you help them as best you can.