Enterprises are neglecting backup plans, and experts warn it could come back to haunt them

A third of UK organizations are failing to back up all of their sensitive data, hindering their ability to restore operations and ensure service continuity in the event of a breach.

Almost half of those surveyed by security firm Cohesity reported not backing up all their workloads, including virtual machines, applications, and unstructured data, while 38% aren’t applying consistent data categorization, backup controls, and policies globally.

Crucially, only 45% consistently follow the ‘3-2-1’ backup rule - three copies of data, stored on two different media types, with one copy kept off-site. The same number are failing to keep tamper-proof copies by using immutability across all their organizational backup data to ensure resilience against cyber attacks.

Fraser Hutchison, VP for Northern Europe at Cohesity, warned that enterprises need to sharpen their focus on backup strategies as failure to do so could exacerbate recovery in the wake of a cybersecurity incident.

"Most organizations now recognize the need to identify phishing scams or social engineering tactics; however, we can’t lose sight of what to do when disaster does strike. While complete prevention is near impossible, assurance of rapid recovery is fully within organizational control," he said.

"Our research shows that UK organizations still aren’t taking adequate precautions when it comes to data backups. By storing data on immutable platforms, they can ensure business-critical information remains beyond the reach of adversaries and that operations stay up and running, even when systems are compromised."

Sharpen up on backups

Last year, research from Beaming revealed that more than 800,000 UK firms had lost company data in the previous five years, at a total cost of more than £1 billion a year.

Businesses with between 10 and 250 staff saw the worst effects, while the most expensive data loss incidents occurred in the manufacturing sector, where the median cost was more than £60,000.

Backup strategies are now front of mind for many IT professions, alternative research shows. A survey from Kaseya earlier this year found 30% are losing sleep over lackluster backup and recovery strategies, with some pushing for a stronger focus on this area.

Complacency was also identified as a recurring problem for many enterprises, according to Kaseya. Nearly two-thirds (60%) of respondents said they believed they could fully recover from a data loss incident in the space of a day.

The reality of the situation was different, however. Kaseya’s research indicated that only 35% actually could.

Can AI solve the problem?

The boom in the use of AI is a mixed blessing, according to Cohesity. While a third of UK firms believe that generative AI adoption is progressing much more quickly than risk tolerance, 54% agree that AI capabilities are highly effective for anomaly detection and analysis.

Half of businesses, meanwhile, said they find AI tools useful for accelerated threat hunting and investigation.

"UK organizations are understandably concerned about the risks of AI technologies, with GenAI adoption still outpacing risk tolerance," said Hutchison.

"However, our research reveals some silver linings: AI is already augmenting previously time-consuming, manual security processes. By the end of next year, AI will play an increasingly central role in data security operations, enabling businesses to identify and respond faster to threats."

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.

MORE FROM ITPRO

• IT workers have become the cool kids on the block since the rise of AI
• The best backup software for your business
• How IT professionals can change careers to cybersecurity