Introduction


Following a year of high-profile cyber attacks across the UK, the Data Health Check returns in 2026 to provide a snapshot of the IT resilience landscape.

Based on a survey of 500 IT decision-makers, it explores the threats, barriers and priorities shaping resilience today. Explore the key findings below.

Background Overlay

Cyber the #1 cause of downtime and data loss


Cyber is the leading cause of downtime for the fourth year in succession and continues to drive data loss.
5 years ago, only 13% of organisations cited cyber as their biggest cause of downtime.
That figure has now more than doubled to 30%.



Biggest causes of IT downtime


Biggest causes of IT downtime


Existential threat posed by cyber


65% of organisations say a serious cyber attack could threaten their survival.
Once viewed primarily as an IT issue, cyber is now recognised as a critical threat to operational resilience.



Do you believe a serious cyber attack could threaten your organisation’s survival?


Surge in cyber attacks
Background Overlay

Growing optimism around AI


The number of organisations that see AI as a greater benefit than threat continues to grow, reaching 79% in 2026.



Is AI a greater threat or benefit to security in your organisation?


How did you respond to the ransomware attack?




AI remains a double-edged sword


Organisations are responding fast to both the opportunities and risks presented by AI.

85% now assess AI risk at least annually.

For the second year running, AI-driven cyber threats were identified as the biggest resilience challenge facing organisations over the next 5 years.

With AI-driven attacks more than doubling in frequency this year, the challenge is already materialising.



How regularly do you review AI risk?



How did you respond to the ransomware attack?



Organisations affected by AI-driven cyber attacks


How did you respond to the ransomware attack?
Background Overlay

Supply chain leaving organisations exposed

1 in 4 organisations experienced a cyber incident originating from a supplier or third party, with large organisations disproportionately affected.



In the last 12 months, has your organisation experienced a cyber incident originating from a supplier or third party?



Surge in cyber attacks
Background Overlay

More organisations than ever have a business continuity plan


Business continuity planning has reached a new high. In 2026, 90% of organisations have a business continuity plan, and 81% of those are up to date.



Do you have a business continuity plan?


How did you respond to the ransomware attack?



Organisations with a business continuity plan


How did you respond to the ransomware attack?





Resilience improving but still reactive


While 3 in 4 organisations believe they are more resilient than they were 12 months ago, many still appear to approach resilience reactively:

51% believe their organisation treats resilience as a box-ticking exercise, and 43% say resilience only becomes a focus after something goes wrong.



How did you respond to the ransomware attack?
Background Overlay

IT resilience priorities for 2026


Integrating IT and business resilience is the top resilience priority for organisations in 2026, followed by updating continuity plans and improving backup processes.


What are your priorities for IT resilience this year?



Deeper AI concerns beneath the surface



5-year resilience horizon


AI-driven cyber threats remain the biggest resilience challenge organisations expect to face over the next 5 years.

Concerns around supply chain vulnerabilities and integrating resilience operations are growing fastest, rising by around 30% and 40% respectively since 2025.



What will be your biggest IT resilience challenges over the next 5 years?



Deeper AI concerns beneath the surface
Background Overlay

Summary




The Databarracks Data Health Check provides an annual snapshot of IT resilience in the UK, having tracked how organisations prepare for and respond to disruption since 2008.

The 2026 report shows organisations preparing for a harsher resilience environment, where serious cyber disruption is no longer treated as a remote possibility.

Following a year of high-profile cyber attacks across the UK, 65% of organisations now believe a serious cyber attack could threaten their survival.

This concern is grounded in operational reality. Cyber is the leading cause of downtime for the fourth year in succession, with 30% of organisations citing it as their biggest cause of downtime. Cyber attacks and internal security breaches are also the leading combined cause of data loss, affecting 43% of organisations.

The full scale of cyber disruption may not be visible, however. 1 in 5 organisations say they have chosen not to report a serious cyber incident to avoid negative consequences.

AI is accelerating the pressure. AI-driven attacks have more than doubled in frequency over the last 12 months, now affecting 25% of organisations. Despite this, 79% believe AI is a greater benefit than threat to security, and 93% of resilience teams now use AI in some form.

Supplier resilience is another growing concern. 1 in 4 organisations experienced a cyber incident originating from a supplier or third party. Alarmingly, nearly half of organisations (48%) continue working with suppliers despite known resilience or security concerns.


There is progress. 90% of organisations now have business continuity plans, and 4 in 5 of those are up to date. Adoption of air-gapped and immutable backups also continues to grow, putting more organisations in a stronger position to recover from cyber attacks. That recovery capability is reflected in ransomware response: even as attacks rise, organisations continue to hold the line on payments. 1 in 4 experienced a ransomware attack in the last 12 months. Of those, only 18% paid the ransom, while 59% recovered from backups instead.

Confidence in continuity and recovery capability is also growing, with 76% of organisations believing they are more resilient than they were 12 months ago. That confidence is not always backed by testing, however, and likely exceeds capability in many cases.

The overall picture is one of progress and pressure. Organisations are strengthening their resilience posture, but the threats they are facing are becoming harder to manage through isolated teams, plans or controls. This helps explain why “integrating IT and business resilience” is the most-cited priority for resilience in 2026.

Modern incidents cut across cyber security, IT operations, business continuity, crisis communications, suppliers and executive decision-making. Resilience now has to operate across those boundaries.