Press Releases

• All releases feed |

Although almost all UK companies back up their critical IT systems and data, more than a quarter of them still do not have a disaster recovery plan in place. Half of those that do have plans, fail to test them. Also, 15% of companies do not take their backups off-site. This is despite the fact that 92% of businesses now consider disaster recovery planning an important driver of their IT expenditure.

These are among the early findings of the 2008 Information Security Breaches Survey (ISBS) carried out by a consortium, led by PricewaterhouseCoopers LLP, on behalf of the Department for Business, Enterprise & Regulatory Reform (BERR). The full results of the survey will be launched at Infosecurity Europe in London, 22-24 April www.infosec.co.uk.

The survey shows that 58% of UK businesses would suffer significant business disruption if their IT systems were not available for a day – the highest figure recorded since the surveys began. This rises to 70% of large companies.

Some 68% of companies polled believe that business continuity in a disaster situation is a very important driver of their information security expenditure, and a further 24% say it is important. Only 2% say it is not very important.

As a result, UK businesses appear better protected than ever:

• 99% of UK companies back up their critical systems and data. 86% do this at least on a daily basis.

• 85% of all UK companies take their backups off-site (up from 76% two years ago); 91% of large businesses take their backups off-site.

• 72% of all UK businesses have a disaster recovery plan in place, up from 58% two years ago. 91% of large companies have a disaster recovery plan.

However, there are concerns about the effectiveness of these controls:

• 28% of companies do not have a disaster recovery plan in place.

• Almost half of the disaster recovery plans have not been tested in the last year.

• 10% of companies with a disaster recovery plan do not store backups off-site.

• When companies suffered a systems failure or data corruption incident, 31% had no contingency plan in place and a further 10% found their contingency plan to be ineffective.

The south-west has now overtaken London as the region with the most disaster recovery plans in place (possibly as a result of last year’s floods), but fewer of these plans are tested than in other regions.

Chris Potter, partner, PricewaterhouseCoopers LLP, who led the survey commented:

”It is encouraging to see that almost every UK business makes backups and the vast majority now take these backups off-site. The risks are well understood; it does not take an incident to raise awareness.

“The number of companies with a disaster recovery plan has gone up. However, experience shows that plans are only effective if regularly tested. It is a concern that only half of plans have been tested in the last year.”


Martin Sadler, Director of HP’s Systems Security Lab at HP Labs Bristol, one of the consortium members responsible for the survey, added:

“There has been an explosion of information within businesses. Acquiring, analysing and delivering the right information to people so they can act on it is a major challenge for companies. The volume of data, and companies’ dependence on it, pose significant backup challenges for them.

“Increasingly, businesses need to back up their data more frequently. One in five large companies now automatically replicates transaction data to an off-site location as those transactions occur. Companies of all sizes are now using storage area networks to organise their data better.

“Taking backups off-site poses its own security risks. Historically, backups have tended to be unencrypted to minimise the effort to restore data. More companies are now considering whether they ought to be encrypting their backups.”

ENDS

Notes to Editor:

1. The 2008 ISBS survey was carried out for the Department for Business, Enterprise & Regulatory Reform by a consortium of companies, led by PricewaterhouseCoopers LLP, and including HP, Symantec and The Security Company (International) Limited.

2. Survey methodology
The core research for ISBS 2008 was a quantitative telephone survey using a structured questionnaire. PricewaterhouseCoopers picked the sample randomly from a register of UK businesses, ensuring an appropriate mix of respondents to reflect the nature of UK businesses. In each case, the person identified as responsible for information security was contacted. In total, 1,007 computer-assisted telephone interviews were completed, each lasting on average 30 minutes. The interviews took place between October 2007 and January 2008. Figures for small businesses refer to those with fewer than 50 employees, large companies are defined as having more than 250 employees and very large businesses are those with more than 500 employees.


3. About PricewaterhouseCoopers
The member firms of the PricewaterhouseCoopers network provide industry-focused assurance, tax and advisory services to build public trust and enhance value for its clients and their stakeholders. More than 146,000 people in 150 countries across our network share their thinking, experience and solutions to develop fresh perspectives and practical advice.

Unless otherwise indicated, 'PricewaterhouseCoopers' refers to PricewaterhouseCoopers LLP (www.pwc.com/uk) a limited liability partnership incorporated in England. PricewaterhouseCoopers LLP is a member firm of PricewaterhouseCoopers International Limited.


Company: Infosecurity Europe 2008

Tags (click tag to find related articles; click icon for feed):
disaster recovery | backup | pricewaterhousecoopers |

Categories:
it/internet/software

This press release has been viewed 184 times.