Databarracks have just published their 2021 Data Health Check. You may think “So what?” – we are constantly bombarded with surveys on different aspects of information security management. I would argue that the Data Health Check is interesting for two reasons:
- It is explicitly UK focused; and
- The survey has been carried out every year since 2008.
It, therefore, provides a particularly rich picture of information security trends within UK organisations. The period from 2008 to 2021 is dominated by two main trends:
- The increase in cyber attacks; and
- The move to cloud computing.
Back in 2008, cyber-attacks caused around 5% of data losses; but by 2021 this had risen to over 25% of data losses (it is only exceeded now by human error). Meanwhile, focusing on one specific form of attack, the number of organisations that were victims of ransomware has increased from 9% to 29% in just the last five years. Interestingly, the survey looks specifically at how organisations have responded to this trend, finding that over half of organisations now have a specific policy on the payment of ransoms:
- 21% have a policy to never pay a ransom;
- 9% will pay as a last resort;
- 13% will pay if the ransom is covered by insurance; and
- 14% will pay if the ransom is less than the cost of recovery.
Whilst the fact that over a third of organisations acknowledge that they will pay a ransom in some circumstances may seem surprising, it accords with:
- Previous research suggesting that roughly half of firms pay ransoms; and
- The recent high-profile examples of payments by Colonial Pipeline and JBS Foods.
Turning to the evolution of cloud computing, only 20% of organisations do not have any cloud-based systems; and almost 10% have nearly all of their systems in the cloud. However, alongside this cloud migration, there is a growing realisation of the risks of cloud computing: 77% of organisations now use additional backup and recovery capabilities for cloud services (up from only 28% in 2016). Following the major fire at OVH’s Strasbourg site in March, we may see a further rise in this figure in next year’s survey.