The majority of UK organisations now maintain up-to-date business continuity plans, marking a steep rise from a decade ago, according to the latest Databarracks Data Health Check survey.

The data shows that 85% of the firms polled have a business continuity plan, compared with 56% in 2015. Four in five plans are up-to-date. The research also found that over 90% of organisations have an IT disaster recovery plan, while around four in five maintain crisis management and crisis communications plans.

Testing is now routine, the data suggests. In the past year nine in ten organisations tested elements of their recovery process, with many saying they could not survive more than half a day without critical IT systems. Cyber threats remain the leading cause of downtime and data loss for the third year running, with around 71% of organisations reporting an attack in the past year.

Chris Butler, resilience director at Databarracks, said: “This year’s Data Health Check shows a positive shift: continuity isn’t just about documents anymore – it’s about capability. The organisations that test regularly are the ones that recover confidently.

“Plans give structure. Testing gives certainty. We’re seeing more organisations learning from real incidents and exercises, then feeding those lessons back into their continuity processes. That’s especially important when recovery doesn’t go to plan – and this year, 9 in 10 organisations that experienced a cyber attack said their recovery could have been more effective. More testing and exercising was the most-cited route to improvement, closely followed by better coordination of response and improved plans and documentation.”

However, the survey highlights a persistent gap between large and small organisations. While 97% of large firms have a business continuity plan, only 58% of smaller ones do, and they are far less likely to test regularly.

The study also points to improved resilience against ransomware. Some 72% of organisations now use air-gapped back-ups and 59% have immutable back-ups. Only 17% of victims paid a ransom, with most recovering from back-ups. Organisations are now more than three times more likely to recover from back-ups than pay.

Although the survey was based on a relatively small sample of 500 respondents, each participant was asked a series of in-depth questions. The largest share of respondents came from technology firms, accounting for almost a third of the sample. Other significant sectors included banking and finance, professional services, manufacturing and retail, while smaller proportions represented the health, education, construction, transport and utilities sectors.

---