Practical, Cost Effective and award-winning

Business Continuity, Crisis Management & Information Security Solutions

Phone:

0800 035 1231 (Mon to Fri 9am – 5pm)

Suite 3, The Cotton Mill, Torr Vale Mills, New Mills, Derbyshire, SK22 4HS, UK

Why is the Databarracks Data Health Check Interesting?

Databarracks have just published their 2021 Data Health Check.  You may think “So what?” – we are constantly bombarded with surveys on different aspects of information security management.  I would argues that the Data Health Check is interesting for two reasons:

  • It is explicitly UK focused; and
  • The survey has been carried out every year since 2008.

It therefore provides a particularly rich picture of information security trends within UK organisations.  The period from 2008 to 2021 is dominated by two main trends:

  • The increase in cyber attacks; and
  • The move to cloud computing.

Back in 2008, cyber attacks caused around 5% of data losses; but by 2021 this had risen to over 25% of data losses (it is only exceeded now by human error).  Meanwhile, focusing on one specific form of attack, the number of organisations that were victims of ransomware has increased from 9% to 29% in just the last five years.  Interestingly, the survey looks specifically at how organisations have responded to this trend, finding that over half of organisations now have a specific policy on the payment of ransoms:

  • 21% have a policy to never pay a ransom;
  • 9% will pay as a last resort;
  • 13% will pay if the ransom is covered by insurance; and
  • 14% will pay if the ransom is less than the cost of recovery.

Whilst the fact that over a third of organisations acknowledge that they will pay a ransom in some circumstances may seem surprising, it accords with:

  • Previous research suggesting that roughly half of firms pay ransoms; and
  • The recent high-profile examples of payments by Colonial Pipeline and JBS Foods.

Turning to the evolution of cloud computing, only 20% of organisations do not have any cloud-based systems; and almost 10% have nearly all of their systems in the cloud.  However, alongside this cloud migration, there is a growing realisation of the risks of cloud computing: 77% of organisations now use additional backup and recovery capabilities for cloud services (up from only 28% in 2016).  Following the major fire at OVH’s Strasbourg site in March, we may see a further rise in this figure in next year’s survey.