Why is the Databarracks Data Health Check Interesting?

Databarracks have just published their 2021 Data Health Check.  You may think “So what?” – we are constantly bombarded with surveys on different aspects of information security management.  I would argue that the Data Health Check is interesting for two reasons:

  • It is explicitly UK focused; and
  • The survey has been carried out every year since 2008.

It, therefore, provides a particularly rich picture of information security trends within UK organisations.  The period from 2008 to 2021 is dominated by two main trends:

  • The increase in cyber attacks; and
  • The move to cloud computing.

Back in 2008, cyber-attacks caused around 5% of data losses; but by 2021 this had risen to over 25% of data losses (it is only exceeded now by human error).  Meanwhile, focusing on one specific form of attack, the number of organisations that were victims of ransomware has increased from 9% to 29% in just the last five years.  Interestingly, the survey looks specifically at how organisations have responded to this trend, finding that over half of organisations now have a specific policy on the payment of ransoms:

  • 21% have a policy to never pay a ransom;
  • 9% will pay as a last resort;
  • 13% will pay if the ransom is covered by insurance; and
  • 14% will pay if the ransom is less than the cost of recovery.

Whilst the fact that over a third of organisations acknowledge that they will pay a ransom in some circumstances may seem surprising, it accords with:

  • Previous research suggesting that roughly half of firms pay ransoms; and
  • The recent high-profile examples of payments by Colonial Pipeline and JBS Foods.

Turning to the evolution of cloud computing, only 20% of organisations do not have any cloud-based systems; and almost 10% have nearly all of their systems in the cloud.  However, alongside this cloud migration, there is a growing realisation of the risks of cloud computing: 77% of organisations now use additional backup and recovery capabilities for cloud services (up from only 28% in 2016).  Following the major fire at OVH’s Strasbourg site in March, we may see a further rise in this figure in next year’s survey.

Scroll to Top