New research from business continuity and disaster recovery service provider, Databarracks, has revealed that organisations are now less confident in their ability to recover from an incident. Contributing factors include a lack of testing, budgetary constraints and the growing cyber threat landscape.
The findings are part of Databarracks' seventh Data Health Check report, released today. The survey questioned over 400 IT decision makers in the UK about their IT, security and continuity practices over the last year, and what they expect to change in the next 12 months.
Key data from the survey includes:
- Almost 1-in-5 organisations surveyed (18 per cent) "had concerns" or were "not confident at all" in their disaster recovery plan; an increase from 11 per cent in 2015 and 15 per cent in 2016;
- Organisations are increasingly making changes to their cyber security policies in response to recent cyber threats (36 per cent this year, up from 33 per cent last year);
- Only a quarter (25 per cent) have seen their IT security budgets increased. Small businesses are particularly affected with just 7 per cent seeing IT security budgets increase;
- Financial constraints (34 per cent), technology (24 per cent) and lack of time (22 per cent) are the top restrictions when trying to improve recovery speed;
- Fewer organisations have tested their disaster recovery plans over the past 12 months – 46 per cent of respondents had not tested in 2017, up from 42 per cent in 2016.
Peter Groucutt, managing director of Databarracks, commented on the results: "It isn't surprising that confidence in disaster recovery (DR) plans is falling. We have seen major IT incidents in the news regularly over the last 12 months, which has raised awareness of IT downtime and we have seen what can go wrong if recovery plans aren't effective.
"What is surprising is that fewer businesses are testing their DR plans. The number of businesses testing their DR plans increased from 2015 to 2016 but has fallen this year. We know that testing and exercising of plans is the best way to improve confidence in your ability to recover. The test itself may not be perfect, few if any are and there are always lessons to be learned. Working through those recovery steps, however, is the best way to improve your preparedness and organisational confidence.
"It is also surprising to see a decrease in DR testing because new replication technologies are making testing easier. It is now far quicker to recover systems, validate that the recovery was successful and even carry out user testing, so there is no excuse to not test.
"More testing would also be our advice to organisations concerned about cyber threats. Businesses are taking the right action by reviewing and updating IT security policies in response to new threats. The next step is to test your ability to recover. What steps would you follow? How do you isolate the issue? Do you failover to replica systems or recover from backups? Cyber recoveries are often far more complex than the more common incident causes like hardware failure and human error and the increased likelihood warrants dedicated cyber recovery testing," Groucutt concluded.