UK companies’ confidence in IT disaster recovery plans is decreasing

• Print

Details

Published: Wednesday, 09 August 2017 08:44

New research from Databarracks has found that organizations have become less confident in their ability to recover from an incident. Contributing factors include a lack of testing, budgetary constraints and the growing cyber threat landscape. These findings are part of Databarracks' seventh Data Health Check report, which includes the results of a survey of over 400 IT decision makers in the UK about their IT, security and continuity practices over the last year, and what they expect to change in the next 12 months.

 Key findings include:

• Almost 1-in-5 organizations surveyed (18 percent) “had concerns” or were “not confident at all” in their disaster recovery plan; an increase from 11 percent in 2015 and 15 percent in 2016;
• Organizations are increasingly making changes to their cyber security policies in response to recent cyber threats (36 percent this year, up from 33 percent last year);
• Only a quarter (25 percent) have seen their IT security budgets increased. Small businesses are particularly affected with just 7 percent seeing IT security budgets increase;
• Financial constraints (34 percent), technology (24 percent) and lack of time (22 percent) are the top restrictions when trying to improve recovery speed;
• Fewer organizations have tested their disaster recovery plans over the past 12 months:  46 percent of respondents had not tested in 2017, up from 42 percent in 2016.

Peter Groucutt, managing director of Databarracks, commented on the results:

“It isn't surprising that confidence in disaster recovery plans is falling. We have seen major IT incidents in the news regularly over the last 12 months, which has raised awareness of IT downtime and we have seen what can go wrong if recovery plans aren’t effective.

“What is surprising is that fewer businesses are testing their DR plans. The number of businesses testing their DR plans increased from 2015 to 2016 but has fallen this year. We know that testing and exercising of plans is the best way to improve confidence in your ability to recover. The test itself may not be perfect, few if any are and there are always lessons to be learned. Working through those recovery steps, however, is the best way to improve your preparedness and organisational confidence.

“It is also surprising to see a decrease in DR testing because new replication technologies are making testing easier. It is now far quicker to recover systems, validate that the recovery was successful and even carry out user testing, so there is no excuse to not test.

“More testing would also be our advice to organizations concerned about cyber threats. Businesses are taking the right action by reviewing and updating IT security policies in response to new threats. The next step is to test your ability to recover. What steps would you follow? How do you isolate the issue? Do you failover to replica systems or recover from backups? Cyber recoveries are often far more complex than the more common incident causes like hardware failure and human error and the increased likelihood warrants dedicated cyber recovery testing,” Groucutt concluded.