3 key findings from the 2019 Data Health Check

 

Another year, another spate of cyber-attacks and companies with reputations in tatters. We’ve got used to seeing these incidents play out through the lenses of the media. So at Databarracks, we’re always curious what results the Data Health Check surveys will bring up.

The Data Health Check isn’t fed by news. It’s driven by people who work in the industry. A lot of them are the ones woken up by a call at 4 in the morning telling them all hell has broken loose in their server room. They’re the ones who carry the can when things go wrong, and get a small pat on the back when they pull their employers’ environment back from the brink.

So, after surveying IT decision makers across the country, what was most telling about the state of IT in the UK?

 

Businesses are taking backup more seriously

Self-interested ‘Backup provider says it’s good to do backups’ angle aside, this is unarguably a good thing from a basic resilience perspective. Hardware failure is one of the key obstacles, so it’s not surprising to see more and more businesses backing up to the cloud.

The cloud services market is still maturing and adapting to users’ needs. As a backup option, the cloud has helped make it possible for businesses to take backup off premises and protect data more effectively. Even for those not yet moving to the cloud, more businesses are backing up off premises (77% in 2019 vs 62% in 2008). These are not all in the cloud – private data centres are still a viable option. But as public cloud becomes more user friendly, we expect to see backups in the cloud become the norm.

Restore tests are also increasing – a practice we can’t recommend highly enough. Frequent and regular restores are a good way to maintain resilience. It’s an awful lot harder for an incident to throw you off course if your people and processes are well drilled and prepared. If we’re nit-picking, more businesses doing more frequent tests would be ideal. Monthly testing is best – so a drop in those who test annually and biannually would make us even happier.

 

People and cyber make a double-edged sword

We focused more on people this year. How are they reacting to the industry now vs previous years? As important as technological changes are, people are at the heart of what we do.

Human error as a cause of data loss has dropped from its peak of 29% in 2017 to 21% in 2019. Cyber-attacks as a cause of data loss have risen to 17% - the two points look set to intersect in the near future. Whether they will continue to drop and rise respectively remains to be seen.

It’s no secret that people are often at fault for cyber incidents, be it intentional or accidental. Combined with the 11-percentage point rise in cyber-attacks as a cause data loss since 2014, and an apparent lack of investment in cyber training, it makes for a potent cocktail.

The result?

 

More people are involved in creating Business Continuity Plans

Businesses are reaching a stage where they can’t afford to neglect resilience initiatives. The proliferation of readily available information means there’s nowhere to hide when a high profile incident happens. Businesses lose money (both current and future), customers lose trust and people lose jobs. Cyber should fall within Business Continuity Plans (BCPs) – so it’s no surprise to see at least 56% of boards we surveyed have an IT representative.

More executives are getting involved. There has been a rise in Finance Directors, Chief Financial Officers and Managing Directors taking charge of BCPs. At the same time, less IT Managers and IT Directors are sole BCP owners.

This is a more holistic approach to resilience (give the BCPcast a listen for why this is a good thing). There is always a ‘key man risk’ that comes with one person or department owning something as business critical as a BCP. More input from a more diverse working group helps ensure the plan captures and accounts for as many aspects as possible.

So much of what influences a business’ culture and environment comes from the top. Greater knowledge around resilience at board level can only be a good thing, and we hope it continues to trend upwards.