.shock - stock.adobe.com

Most UK firms lack confidence in disaster recovery

Only a third of UK firms are confident in their ability to recover from cyber attacks and other disasters, with business continuity still relatively low on the agenda, a study reveals

Only 35% of UK organisations have full confidence in their current disaster recovery (DR) plans, according to the latest annual Data health check survey by business continuity firm Databarracks.

The poll of more than 400 IT decision-makers in the UK also revealed that while 8% said they had concerns about their DR plans, the majority (53%) said they were “fairly confident”. At the same time, less than half (49%) have complete confidence in their current backup capability, which is a key element to any business continuity plan and defence against ransomware attacks.

“Over the last year, we haven’t seen a huge amount of progress in DR and backup confidence, but at the same time, the number of cyber threats has continued to grow as a cause of both data loss and downtime, of which the Norsk Hydro ransomware incident is a leading example,” said Peter Groucutt, managing director at Databarracks.

“Organisations are lacking something in terms of disaster recovery strategy, and the policies, procedures and technology needed to execute this strategy. It’s hard to function confidently as a business if you’re unsure how well you’d cope if disaster struck – whether that’s cyber-related or something else, such as a power outage.”

The latest study shows that almost a quarter (23%) of respondents do not have offsite backups, 13% of organisations never test backups and 42% have not tested DR processes in the past 12 months, highlighting the areas that need to be improved, the report said.

“Frequent testing and having offsite copies of data should be crucial pillars of any DR and business continuity strategy. This doesn’t need to be expensive or difficult – it’s simply a case of taking the right steps to improve resilience,” said Groucutt.

“Find ways to make testing part of your day-to-day operations. If there is a public transport strike, test your remote working practices. Whenever you need to make updates to IT systems, test backups. Exercise these processes on a consistent basis, and staff and the business will always be ready to act when an incident does strike.”

Read more about business continuity and disaster recovery

Nearly a quarter (24%) of respondents said their biggest worry in a disaster is lost revenue, and 17% cited reputational damage.

“These concerns are actually very reasonable,” said Groucutt. “This year we’ve seen disasters cause both, but we can minimise – or even eliminate – these consequences with good business continuity planning.”

“Conduct a business impact analysis (BIA). Determine the potential effects of disruption to critical business operations. Decide what is important for your business and how you might be affected if something happened to your people, premises, IT or suppliers. Then put plans and workarounds in place to keep you operational.”

With a clear vision and strategy, Groucutt said any business will be in a position to tackle any incident with confidence.

Data protection improvement

Although the study shows that more needs to be done if businesses want to guard against data loss, the report notes that organisations are generally improving in their data protection, continuity and cyber preparedness.

Where data loss from cyber attacks increased from 12% to 17% in the past year, the top causes of data loss remain hardware failure and human error. But the report shows improvements in both these areas, with data loss due to hardware failure decreasing from 27% to 23% and proportion of data losses due to human error decreasing from 26% to 21%.

At the same time, while IT outages due to hardware failure, connectivity issues, upgrades and cloud outages either declined or remained static in the past year, IT outages due to cyber incidents increased from 10% to 12%.

An analysis of cyber threats that have affected businesses reveals that ransomware is on the way to doubling from 16% in 2016 to 28% in 2019, while the number of businesses struck by adware has already doubled in the same period to 22%.

“The arc of virus infections – starting at 25% in 2016, rising to a high of 48% [in 2018] and then decreasing to 40% today – symbolises the constant tug of war between cyber security and criminal actors,” the report said.

Read more on Business continuity planning