More than three-quarters of UK senior IT professionals admit that their organisation has lost data due to system failure, human error or a cyberattack in the past year. Yet, despite the experience, many still lack confidence in their data recovery technology and testing capabilities. This is according to new research into business resilience in an increasingly hostile cyber landscape, published by business protection and recovery specialist Assurestor, who warns that a “concerning Titanic mindset” is putting data – and entire businesses – at risk.
While 78% of respondents have suffered data loss at least once in the past 12 months, only a little more than half (54%) are confident they could recover their data and mitigate downtime in a future disaster. One in four is not confident in recovery solutions that include tape backup and cloud backup. Backup-as-a-Service (BaaS) and Disaster Recovery-as-a-Service (DRaaS) prompt the highest levels of confidence at 63% and 56% respectively.
Most businesses not meeting the testing ‘Gold Standard’
Of IT professionals interviewed, just 5% say they test monthly, which Assurestor considers to be the ‘Gold Standard for true recoverability’. One in five (20%) admit to testing just once a year or less. f those that do test more regularly, 60% of respondents check their data is fully recoverable and usable only once every six months.
Commenting on the findings, Stephen Young, Executive Director at Assurestor, says: “Absolute reliability in your systems and data recovery is non-negotiable. If there is even an iota of doubt, it’s an open door for challenges. This uncertainty needs to be identified and addressed before disaster strikes. The fact that only just over half of respondents think their data is recoverable is a concern; this figure should be much nearer to 100%. Otherwise, how can your ‘readiness for recoverability’ be reported confidently to the Board and senior stakeholders? Confidence comes from identifying a company’s realistic needs, without compromising on cost – and thoroughly testing, repeatedly.”
He adds: “What we are seeing is what we call a ‘Titanic mindset’ when it comes to data recovery. Organisations are thinking they’re unsinkable – until they’re not. The recent global outage, while not a traditional data hack, has been estimated to cost businesses up to $1.5 billion and is proof that no organisation can afford to be complacent regarding downtime. Closer to home, last year’s Rhysida attack at the British Library highlights the impact of a cyberattack on an organisation operating with legacy systems and security in today’s aggressive cyber environment.”
The survey of senior IT professionals (including CTOs and CIOs) also highlights:
- Recoverability needs to be on the business ‘fitness agenda’. When it comes to the core challenges in disaster recovery planning, 39% of respondents point to ‘lack of skills/ expertise in-house’, 29% say ‘lack of investment or budget’, and 28% criticise ‘lack of senior support’. Assurestor adds: “Lack of top-down support in the way of insufficient funding can foster a culture of complacency, even apathy. If those tasked with protecting the business in the event of a data issue, attack or human error do not feel that threats are taken seriously – or understood – enough, then their approach and attitude may well reflect this.”
- Today’s data disasters impact more than just IT systems. The biggest impact for IT professionals suffering a disaster leading to irrecoverable data is financial loss (35%), customer service implications (30%) and operational downtime (28%). 16% of respondents admit it would likely force the closure of the business.
Providing award-winning recoverability, data backup, disaster recovery (DR) and protective technology solutions, Assurestor has created a checklist to help businesses evaluating their recoverability procedures and solutions in the face of an increasingly challenging IT landscape:
- Test, test and test again: Put in place a well-structured recovery environment to optimise data recovery testing and ensure it can be conducted in the least disruptive way to the business. Sophisticated solutions are now available that run testing without consuming vital resources or impacting the day-to-day production environment, allowing for business-as-usual.
- Consider a Chief Recovery Officer: Many put their faith – and ability to recover – into the hands of a small group or one individual. Consider what the role of a Chief Recovery Officer with more defined responsibility would look like as part of a broader team that includes IT, security and risk management collaboration, and one who reports to the Board on the business’ ongoing recoverability status.
- Redefine ‘disaster’: The traditional image of fire, flood and acts of God is outdated. The increasing threat and sophistication of cyberattacks is the new reality. When, not if, your security is compromised, what is your backup plan?
- Fail to plan, plan to fail: Two-thirds of survey respondents say they review and update DR plans at least every six months, but this leaves it open to falling down the priority list. DR and data backup is a priority that all business functions should push for and be adapted to meet any new requirements after each recovery test.
- Calculate your downtime: How long can you afford to be down? Do some napkin maths on what the costs of just one hour of downtime would be. Can you afford to lose any data without significant impact? Without this visibility your recovery plan may be flawed.