Welcome to the 2019 Data Health Check.
As usual, cyber and IT have never been far from the news. TSB, Aebi Schmidt, Norsk Hydro are just a few of the year’s big stories. Away from the sensations of the media, however, it’s been another positive year. Organisations are generally improving in their Data Protection, continuity and cyber preparedness.
The wider, macro trends have continued this year. We’re seeing greater maturity in the use of cloud computing. And, of course, the cyber threat continues to grow and mutate. It continues to torment businesses, big and small – increasing as a cause of data loss and downtime.
Last year we focused on the changes between 2018 and our first Data Health Check back in 2008. This year, we reintroduced several questions from previous years to see what has (and hasn’t) changed.
We’ve focused more on people this year. How are they reacting to the industry now vs previous years? As important as the technological changes are, people remain at the heart of what we do.
Peter Groucutt, Managing Director
IT decision makers at UK companies.
Welcome to the 2019 Data Health Check.
As usual, cyber and IT have never been far from the news. TSB, Aebi Schmidt, Norsk Hydro are just a few of the year’s big stories. Away from the sensations of the media, however, it’s been another positive year. Organisations are generally improving in their Data Protection, continuity and cyber preparedness.
The wider, macro trends have continued this year. We’re seeing greater maturity in the use of cloud computing. And, of course, the cyber threat continues to grow and mutate. It continues to torment businesses, big and small – increasing as a cause of data loss and downtime.
Last year we focused on the changes between 2018 and our first Data Health Check back in 2008. This year, we reintroduced several questions from previous years to see what has (and hasn’t) changed.
We’ve focused more on people this year. How are they reacting to the industry now vs previous years? As important as the technological changes are, people remain at the heart of what we do.
Peter Groucutt, Managing Director
IT decision makers at UK companies.
Data Protection
Hardware failure and human error are always the top causes of data loss. The numbers vary each year, but they consistently hold the top spots.
Cyber attacks are on an upward trend – an 11 percentage point increase since 2014.
There’s been a rise in restores happening more than once a week. Interestingly, daily restores have jumped the most. Possible reasons for this could be more cyber issues and/or less reliable systems. It’s not all bad news though – there could be greater awareness of restore capability. Instead of users suffering in silence and recreating lost files, they’re asking to have data restored. There’s another benefit, too. Frequent and regular restores are a good way to test and maintain resilience.
Continuity
Half of respondents have held tests, while just over a quarter intend to test – a slight rise from 2018. Often it’s only after DR has been invoked that testing becomes more regular. But after last year, results are creeping in the right direction.
Since 2016, hardware failure, upgrades/patches and cloud outages have stayed relatively consistent year-to-year. The trends that stand out are the increases in natural disasters and cyber incidents (up as a cause of data loss and as a cause of downtime).
Connectivity issues are becoming less of an issue, dropping by almost 8 percentage points since 2016. This is perhaps not long enough to judge if it’s a trend yet.
Since 2017, we’ve seen a shift towards shorter MTPDs. For 2019, there’s been increases at 30mins, through to 12 hours. 24 hour MTPDs have stayed the same, followed by a consistent drop of at least one day or more. This is likely because businesses are becoming less tolerant of downtime. The need to recover faster, particularly if there is a risk of public exposure, is stronger than ever.
The IT team is becoming less responsible for the BCP. Instead, there is an increase in operational management, FDs/CFOs and MDs taking responsibility. It’s good to see the C-suite taking ownership – this is likely driven in part by the rising fears of reputation damage and potential lost revenue (more on that later).
The top concerns for 2019 are reputational damage and loss of revenue. Given what we’ve seen in the news, this isn’t too surprising. Reputational damage manifests as loss of future revenue. Fewer customers choose your business next year or the year after (this is often immediately visible in the share price drop, as the market predicts a drop in future value).
Cyber
The stats that stand out are the increases in Ransomware and Adware attacks. Ransomware is on the way to doubling from three years ago (16% to 28%). Meanwhile, the number of businesses struck by Adware has already doubled (11% to 22%) across the same period. The arc of virus infections – starting at 25% in 2016, rising to a high of 48% and then decreasing to 40% today – symbolises the constant tug of war between cyber security and criminal actors.
In the last three years, we’ve seen plenty of organisations in the news for suffering huge damage from cyber attacks. The stats paint a clear picture of rising cyber incidents. Cyber attacks as a cause of downtime have doubled since 2016. They have almost doubled as the cause of data loss. This trend will continue – the rate at which it does is hard to predict and will depend on improvements made to defensive and responsive measures.
Since 2016, we’ve seen a decrease in how often IT professionals think employees flout security policies from 39% to 33%. This is a good way to measure our progress. Getting user buy-in for security policies is vital. We might think introducing strict policies will improve our security posture, but if draconian rules force users to work outside the law, security ultimately suffers.
People
More than half of the businesses we spoke to have an IT representative on the board. The greater knowledge diversity found at board level, the better. We hope to see this increase in the years to come, particularly as cyber continues to be a pervasive and changing threat. Digital Transformation efforts continue to make IT increasingly critical to business operations.
Less than half of respondents have a board member responsible for cyber. This is slightly less than those with IT representation at board level.
Given that more of the C-Suite is taking responsibility for Business Continuity planning, we hope to see more representation in the coming years. A joined up approach across departments and disciplines creates the most resilient plans.
In the business of Data Protection, we see the cloud services market continue to mature, and adapt to users’ needs. The cloud as a backup option has made it possible for more businesses to take backup off premises and protect data more effectively.
Restore tests are also increasing – a practice we can’t recommend highly enough. Frequent and regular restores are a good way to maintain resilience. It’s an awful lot harder for an incident to throw you off course if your people and processes are well drilled and prepared.
Continuity is, well, continuing. There are some encouraging signs. Testing is becoming more regular and a broader range of people are getting involved in continuity planning. This comes at the right time, as businesses become less tolerant of downtime.
Cyber security teams and cyber criminals continue to do battle, and this is a trend I don’t see changing anytime soon.
It’s pleasing to see an increase in IT representation at board level. So much of what influences a business’ culture and environment comes from the top. Greater knowledge around resilience at board level can only be a good thing, and I hope it continues to trend upwards.
Thank you for reading the 2019 Data Health Check. I hope you enjoyed it and found it helpful. As always, please tell us what we can do better. The Data Health Check is only as valuable as you find it.
Peter Groucutt, Managing Director
In the business of Data Protection, we see the cloud services market continue to mature, and adapt to users’ needs. The cloud as a backup option has made it possible for more businesses to take backup off premises and protect data more effectively.
Restore tests are also increasing – a practice we can’t recommend highly enough. Frequent and regular restores are a good way to maintain resilience. It’s an awful lot harder for an incident to throw you off course if your people and processes are well drilled and prepared.
Continuity is, well, continuing. There are some encouraging signs. Testing is becoming more regular and a broader range of people are getting involved in continuity planning. This comes at the right time, as businesses become less tolerant of downtime.
Cyber security teams and cyber criminals continue to do battle, and this is a trend I don’t see changing anytime soon.
It’s pleasing to see an increase in IT representation at board level. So much of what influences a business’ culture and environment comes from the top. Greater knowledge around resilience at board level can only be a good thing, and I hope it continues to trend upwards.
Thank you for reading the 2019 Data Health Check. I hope you enjoyed it and found it helpful. As always, please tell us what we can do better. The Data Health Check is only as valuable as you find it.
Peter Groucutt, Managing Director
