Since 2008, the Data Health Check has provided business leaders and decision makers with insight into the evolving threats posed by cyber and ransomware.
This year, we’ve updated our approach. Not only have we taken a deep dive into all things cyber, continuity
and resilience – we’ve also looked at the differences between small, medium and large organisations in more
granular detail.
In a first for 2024, we also asked respondents for their thoughts on the emerging potential of AI – as well
as the risks it may pose to their organisation. As we witness rapid enhancements in the field, time will
tell whether their hopes or apprehensions come to fruition.
We have also continued to investigate common backup and recovery practices, contextualised by organisations’
policies to prevent and respond to ransomware attacks. Unsurprisingly, the results paint a fascinating picture
of the changing landscape of cyber security.
We hope you find these insights valuable.
What was the biggest cause of IT downtime for your organisation in the last 12 months?
In a continuing trend, cyber-attacks and internal security breaches are organisations’ prevailing cause of data loss.
What were the causes of any data loss over the last 12 months?
As a result of a cyber-attack, did anyone at your organisation lose their job?
Whether it was the result of an internal cyber-attack, individual negligence or other failings
– 37% of cyber-attacks resulted in job losses.
For some organisations, staff seen to be responsible could have been dismissed. For others, the
fallout from an attack may have made redundancies a financial necessity.
Encouragingly, the number of organisations with a Business Continuity Plan increased in 2024, although
a quarter continue to report that it is not up to date.
However, small companies are a notable outlier – with 39% currently lacking a BC Plan.
Do you have a Business Continuity Plan?
Three quarters of organisations have a physical, logical or combined solution for air-gapping their backups.
However, smaller organisations are much less likely to employ an air gap, with 58% reporting that they have
no air gap at all.
Do you currently have any air-gapping in place for your backups?
The Maximum Tolerable Period of Disruption (MTPD) for organisations continues to decrease year-on-year, with IT uptime critical to survival.
Our organisation could survive less than four hours without its crucial IT systems
Is AI a greater threat or benefit for security in your organisation?
Almost two thirds of respondents are optimistic about the potential of AI to enhance their security.
Both medium and large organisations believe that AI will help them to enhance their security
posture, while smaller businesses are more apprehensive.
of organisations recovered from backups
and didn’t pay in response to a ransomware attack
of organisations are confident in their
ransomware response in the last year
But comparing by company size, small businesses are between three to four times more likely to have concerns.
Perhaps unsurprisingly, medium and large organisations are also much more likely to have a policy in place for
paying out on a ransomware attack.
We don’t have a policy for paying out on a ransomware attack
The number of organisations with insurance specifically for cyber continues to grow each year.
Even so, small companies were three times less likely to have cyber insurance than large ones.
Does your organisation have cyber insurance?
Some of the results of the Data Health Check 2024 should come as little surprise. Cyber remains
the leading cause of data loss and IT downtime, but this fact is shaping a reassuring trend
among business leaders.
Testing against cyber threats is at an all-time high, as is organisations’ confidence in their
ability to respond in a crisis. While recovery times appear to be increasing, this is likely
the result of testing contributing to more realistic estimates in line with MTPD.
Many respondents are excited about the transformational potential of AI. Still, apprehension
from smaller companies suggests that the speed of advancement – as well as its potential to
create more advanced cyber threats – is a source of considerable worry.
Encouragingly, we observed a significant increase in the number of ransomware recoveries from
backups. This appears to have contributed to a significantly smaller number of insurance claims,
alongside a fall in overall payout amounts.
As we look to the future, we hope that this trend continues, and that more organisations see a
reduction in cyber-attacks by enhancing their ability to recover from backups.