The findings are taken from Databarracks’ annual Data Health Check survey which has run since 2008. The survey questions over 400 IT decision-makers in the UK on a series of critical issues relating to IT, security, Disaster Recovery and Business Continuity practices.
The findings show organisations have been steadily increasing cyber budgets, with 40% reporting increased investment in the last 12 months (up from 33% last year). There is an increase in confidence as 64% of respondents (up from 56% last year) claim they now have sufficient in-house cyber security skills to deal with the current threat landscape.
Peter Groucutt, managing director of Databarracks explained the findings: “For as long as we have been running the Data Health Check, cyber-attacks have been growing as a cause of data loss – until now. It looks like we are finally starting to turn the tide.
“Although we have seen a reduction in data loss caused by cyber-attacks, it is still growing as a cause of downtime, increasing every year since 2016. A cyber-attack does not necessitate a loss of data if it can be adequately defended or data restored from backups. Recovering from a cyber incident takes time and may require systems to be taken offline as a precaution. The research suggests many organisations have prioritised protecting their data and improving their in-house defences against common cyber threats.”
Groucutt continued: “These improvements are the result of sustained investment and effort over several years. However, it needs to be emphasised that defending against these threats is an ongoing battle. We might have closed the gap in the arms-race with cyber criminals but if we don’t keep up our pace, we’ll soon fall behind.
“Since lockdown began, cyber criminals have been looking to take advantage of the disruption. Ransomware attacks on Honda, Blackbaud, the healthcare sector and more recently Garmin have highlighted how damaging it can be for an organisation to be affected by multiple concurrent crises when in an already weakened state.
“Staff are decentralised, working remotely, increasing the attack surface. That gives cyber criminals new opportunities to exploit.”
Groucutt concluded: “It is understandable that many organisations will be operating under budget constraints due to COVID-19, but IT has proven to be the critical business service in the pandemic. It’s vital that they continue to invest in mission-critical IT services, especially cyber security to avoid having to cope with a ‘crisis in a crisis’.