- Pricing and telematics lead the charge as insurtech patents jump 40pc
- FCA puts general insurance pricing practices under review
- Volvo and Baidu reach agreement to produce autonomous vehicles
- Cyber and D&O exposures increasingly intertwined, Airmic report finds
- Arch selects Touchstone for cat risk modelling
Confidence in disaster recovery plans falling
Written by staff reporter
New research suggests confidence in disaster recovery plans among UK companies has fallen for a second consecutive year, due to factors including lack of testing, budgetary constraints and the growing cyber threat. These are the findings Databarracks' seventh Data Health Check report, released today. The survey questioned over 400 IT decision makers in the UK about their IT, security and continuity practices over the last year, and what they expect to change in the next 12 months.
Peter Groucutt, managing director of Databarracks, commented on the results: “It isn't surprising that confidence in disaster recovery plans is falling. We have seen major IT incidents in the news regularly over the last 12 months, which has raised awareness of IT downtime and we have seen what can go wrong if recovery plans aren’t effective.
“What is surprising is that fewer businesses are testing their DR plans. The number of businesses testing their DR plans increased from 2015 to 2016 but has fallen this year. We know that testing and exercising of plans is the best way to improve confidence in your ability to recover. The test itself may not be perfect, few if any are and there are always lessons to be learned. Working through those recovery steps, however, is the best way to improve...preparedness and organisational confidence."
Groucutt further noted that new replication technologies can make testing easier. "It is now far quicker to recover systems, validate that the recovery was successful and even carry out user testing, so there is no excuse to not test," he said.
“More testing would also be our advice to organisations concerned about cyber threats. Businesses are taking the right action by reviewing and updating IT security policies in response to new threats. The next step is to test your ability to recover. What steps would you follow? How do you isolate the issue? Do you failover to replica systems or recover from backups? Cyber recoveries are often far more complex than the more common incident causes like hardware failure and human error and the increased likelihood warrants dedicated cyber recovery testing,” Groucutt concluded.
Databarracks Data Health Check: Key findings (Source: Databarracks)
•One in five organisations surveyed (18%) “had concerns” or were “not confident at all” in their disaster recovery plan; an increase from 11% in 2015 and 15% in 2016;
• Organisations are increasingly making changes to their cyber security policies in response to recent cyber threats (36% this year, up from 33% last year);
• Only a quarter (25%) have seen their IT security budgets increased. Small businesses are particularly affected with just 7% seeing IT security budgets increase;
• Financial constraints (34%), technology (24%) and lack of time (22%) are the main restrictions to improving recovery speed;
• Fewer organisations have tested their disaster recovery plans over the past 12 months – 46% of respondents had not tested in 2017, up from 42% in 2016.