Why IT carelessness can turn disaster into a crisis

2008

The vast majority of UK firms have now recognised the importance of backing up their business critical IT systems and data. Yet a significant minority are still leaving a gaping hole in their preparedness by failing to ensure a copy is stored off-site too.

Government-backed research by consultancy PricewaterhouseCoopers has found that nine out of 10 UK firms now see disaster recovery as an important part of their IT expenditure and virtually all back up their data and IT systems.

Yet a quarter of the more than 1,000 firms polled still did not have a disaster recovery plan in place and half of those that did had never tested it out.

What's more, 15 per cent of those that went to the trouble of backing up then failed to take a version of it off-site, meaning that if disaster struck and their building was, for whatever reason, inaccessible they would be completely stuck.

Worryingly, nearly six out of UK businesses admitted they would suffer significant business disruption if their IT systems were not available for a day – the highest figure recorded since the surveys began. And this figure rose to seven out of 10 of large companies.

In detail, the survey found that 99 per cent of UK companies backed up their critical systems and data, with 86 per cent doing so on at least a daily basis.

A total of 85 per cent took their backups off-site, up from just over three quarters two years ago, with more than nine out of 10 large businesses doing so.

More than seven out of 10 UK businesses had disaster recovery plans in place, up from 58 per cent two years ago, rising to nine out of 10 large companies.

Remarkably, however, even a tenth of companies with a disaster recovery plan still did not store backups off-site.

And when companies suffered a systems failure or data corruption incident, nearly a third had no contingency plan in place and a further tenth found their contingency plan to be ineffective.

PwC partner Chris Potter said: "It is encouraging to see that almost every UK business makes back-ups and the vast majority now take these back-ups off-site. The risks are well understood; it does not take an incident to raise awareness.

"The number of companies with a disaster recovery plan has gone up. However, experience shows that plans are only effective if regularly tested. It is a concern that only half of plans have been tested in the last year," he added.

Martin Sadler, director of Bristol-based HP's Systems Security Lab, and one of the consortium members responsible for the survey, warned that businesses generally needed to back up more frequently.

"There has been an explosion of information within businesses. Acquiring, analysing and delivering the right information to people so they can act on it is a major challenge for companies. The volume of data, and companies' dependence on it, pose significant backup challenges for them," he said.

"One in five large companies now automatically replicates transaction data to an off-site location as those transactions occur. Companies of all sizes are now using storage area networks to organise their data better.

"Taking backups off-site poses its own security risks. Historically, backups have tended to be unencrypted to minimise the effort to restore data. More companies are now considering whether they ought to be encrypting their backups," he added.