Almost two in three UK companies have lost data due to failed backups, and a third of security leaders have admitted to insufficiently robust backup processes.
This is according to annual research of security leaders in large enterprises carried out by Apricorn, which concluded that of the 90% of companies that had been forced to turn to their backup system, only 27% were able to recover all of their information and documents – a drop from 45% in 2022.
Almost a third (32%) of the security decision-makers surveyed attributed the unsuccessful recovery to a lack of robust backup processes, up from 2% in 2022.
Meanwhile, 22% admitted “we don’t have sufficiently robust backups in place to allow rapid recovery from any attack” – a rise from 15% in 2022. The ability to quickly restore information following an incident is a critical factor in cyber resilience and the capacity to resume business activities following disruption.
With a quarter (24%) of respondents stating that ransomware has been the main cause of a data breach at their organisation – an increase from 15% last year – this indicates a significant point of weakness. Backups play a vital role in maintaining business continuity in the wake of a ransomware attack that involves the theft or compromise of key data, enabling the business to restore quickly from a clean data set.
Jon Fielding, Apricorn’s managing director EMEA, comments: “Fewer companies today are successfully restoring all of their backed up data than in 2022. This fall is paralleled by a rise in recognition that backup processes are inadequate. Having processes in place is probably less than half the battle. For a business to respond effectively to an incident that has disrupted critical data – whether that’s a cyber attack, employee error, or technical failure – processes must be rigorously tested and rehearsed, and continuously refined and updated.”
Apricorn’s research also uncovered a shift in companies’ backup strategies, from an automated approach to a manual approach. Backups were automated at half (50%) of the surveyed companies, a drop from 93% in 2022. Manual backups are now carried out at 48% of companies, a significant increase from 6% last year – with a rise from 1% to 16% backing up to personal storage repositories such as removable hard drives.
Jon Fielding comments: “The upsurge in manual backups is likely to be the result of an increasing trend for IT teams to give employees greater autonomy over routine tasks. It’s good news if more employees are being required to make local backups of the data they create and handle, especially when working remotely. However, this relies on people remembering to execute the backup – and to do it correctly. This is why a ‘belt and braces’ strategy that includes automated backups to a central location is vitally important.”
The percentage of companies backing up to both central and personal repositories is still fairly low, standing at 38% across both automated and manual approaches.
“Too many companies are still at risk from having a ‘single point of failure’,” says Jon Fielding. “They must embrace the 3-2-1 rule: have at least three copies of data, stored on at least two different media, at least one of which is offsite. This means that if one copy is compromised, the information can be quickly and fully restored. Ideally, one offsite location should be offline – for instance an encrypted removable hard drive or USB which can be disconnected from the network to create an ‘air gap’ between data and threat.”
-----
The research was conducted by Censuswide with 201 security decision makers (manager level +) of large companies in the UK between 30.03.2023 – 06.04.2023. Censuswide abides by and employs members of the Market Research Society which is based on the ESOMAR principles and are members of The British Polling Council.