If you own a business and don’t yet have a disaster recovery plan in place, these data loss statistics might make you think again.
1. Just 45% of businesses consider their security budget adequate
The Ponemon Institute’s report, Cybersecurity in the Remote Work Era, found that only 45% of businesses believe they have the funds required to adequately prepare for cyberattacks brought on by the switch to remote working. Further, just 39% believe that their staff has the expertise needed to properly defend against attackers.
Of course, some businesses are more prepared than others. The Ponemon Institute’s 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses study found that more than one-third (39 percent) of small and medium-sized businesses don’t have an incident response plan in place for responding to data breaches and cyber attacks. This is in spite of the fact that of the same study participants, 60 percent had experienced a loss or theft of sensitive data in the previous 12 months.
2. 33% of folders are not protected in any way
According to the 2021 Global Data Risk Report by Varonis, on average, 33 percent of all folders used by a company are open to everyone. Don’t think that’s a problem? Put it this way: 64% of your employees have access to 1,000 or more sensitive files. In other words, there’s a solid chance that your intern can accidentally create, update, and delete vital documents without you knowing.
This is a sharp increase from the 2019 report, which found just 22% of files accessible by anyone.
Attackers look for unsecured folders such as these. Files that are open to anyone can provide easy access to sensitive information, putting organizations at risk.
3. 28% of data breaches involve malware
Causes for data loss range from human error to physical theft. However, according to Verizon’s 2020 Data Breach Investigations Report, a type of malware was involved in some 17 percent of data breaches.
The number of mobile malware infections decreased in 2019, but according to Sophos Labs, mobile attacks are becoming more sophisticated each year. Needless to say, it’s important to use quality, up-to-date antivirus software to help prevent data loss caused by malware.
4. An incident response team can drastically reduce the cost of a data breach
The Ponemon Institute’s Cost of a Data Breach Report 2020 puts the average cost of a data breach at $3.86 million, with healthcare being the most costly industry ($7.13 million). The average time taken to identify and contain a data breach is a whopping 280 days.
As expected, the shorter the lifecycle of the breach, the better. A breach lasting under 200 days costs $1 million less than one with a lifecycle longer than 200 days.
An interesting statistic in this report is that companies that form an incident response team can reduce the average cost of a breach by $1 million.
5. 0.93% of hard drives failed in 2020
As many of us have found to our cost, hard drives can and do fail. According to Backblaze, the average failure rate for hard drives in 2020 was 93%. This is significant as it shows that overall, failure rates has remained stable — the average for 2019 was 0.92%.
You can protect yourself from losing data in such an event by having a reliable data backup solution. For many, this may entail having a backup hard drive in a physical off-site location or storing files on the cloud.
6. Ransomware attacks cause an average of 16.2 days of downtime
Ransomware makes files on the target system unreadable without a decryption key (held by the attacker). Typically, ransomware works by encrypting select files, then forcing the victim to pay up in order to decrypt them.
A 2020 Coveware study reported that the average downtime for businesses as a result of a ransomware attack was 16.2 days. Interestingly, this hasn’t changed much throughout the pandemic; in Q2 of 2020, this dropped to 16 days — a small but nonetheless welcome improvement.
The report explains that the increase is due to more attacks hitting larger enterprises. These businesses have more complex systems and restoring networks takes longer than it does for smaller businesses. In addition, some forms of ransomware, such as the Ryuk attack, have evolved such that they are having a larger impact on victims’ networks.
Aside from suffering the costs of downtime, companies are having to fork over larger ransoms than ever before. The average Q4 2019 ransomware payment was $84,116, more than double that of the previous quarter ($41,198).
7. 97% of data is recovered after a ransomware attack
It’s true that when you pay the fee demanded by ransomware, there’s no guarantee that you’ll receive a working decryption key. And even if you do get a key, you still may not recover all of your data.
That said, it’s not all doom and gloom as the Coveware study found that in Q4 of 2019, the number of victims who received a working decryption key was about 98 percent. In addition, 97 percent of data encrypted by ransomware was successfully decrypted after paying the ransom.
Note that even if you manage to decrypt all of your files, there’s nothing to stop the criminal from maintaining copies. Information could be stored and used in subsequent crimes, for example, in fraud or spear-phishing attempts.
8. The average cost of downtime is up to $11,600 per minute
According to Datto: “An hour of downtime costs $8,000 for a small company, $74,000 for a medium company and $700,000 for a large enterprise.” For large enterprises, this equates to around $11,600 per minute.
Needless to say, this emphasizes the importance of having an effective disaster recovery plan that allows a business to continue operations as normal.
9. 93% of small businesses store data or backups in the cloud
According to promising results from a Unitrends’ 2019 survey, 84 percent of all businesses store data or backups in the cloud, with a further eight percent planning to do so within the next year.
Small enterprises have a higher adoption rate of cloud technology, with 93 percent of companies using it. This is compared to 82 percent of mid-sized businesses and 81 percent of large businesses. Using cloud backup offers a number of advantages including ease of access and affordability.
The report also found that cloud-based Disaster Recovery-as-a-Software (DRaaS) will be used by 59 percent of businesses by 2021. Currently, 36 percent of businesses use this, and a further 23 percent plan to add the technology within the next year.
10. 96% of business experienced an outage in a 3-year period
A 2019 LogicMonitor study reported that the huge majority (96 percent) of organizations have experienced at least one outage in the past three years and 95 percent had experienced at least one brownout.
A large portion of companies (55 percent) experienced five or more outages during that period. The same report reveals that IT decision-makers believe that 51 percent of outages and 53 percent of brownouts are avoidable.
Of course, outages and brownouts have related costs, including lost revenue, compliance failure, and lost productivity. LogicMontor found that companies experiencing frequent outages or brownouts had 16 times higher costs than organizations that experience fewer such instances.
What is disaster recovery?
Disaster recovery is a form of security planning that allows a business to maintain or recover infrastructure and systems following a disaster. With good planning, a business should be able to resume normal operations by regaining access to hardware, applications, and data. This is achieved through the use of a disaster recovery plan — a set of policies and procedures to follow in the event of a disaster.
The disaster that impacts a business may be anything from a natural event such as a flood or earthquake to one that is man-made, whether by human error, a device failure, or a cyberattack. Disaster recovery involves planning for a variety of possible circumstances, allowing businesses to reduce overall downtime and save time, money, and customer trust.
Related post: Best Data Loss Prevention Software Tools
How does disaster recovery work?
The disaster recovery process involves a lot of planning and testing. First, risk assessment and business impact analysis needs to be carried out. Security vulnerabilities must be identified in order to draft an effective disaster recovery plan. Even when a disaster recovery plan is created, it must be tested and revisited on a regular basis.
Naturally, plans differ based on the type of disaster they’re addressing, each offering varying immediate, intermediate, and long-term responses with specific responsibilities assigned to select staff members. Aside from offering corrective measures in the event of a disaster, a disaster recovery plan should also have preventive measures in place as well as detective measures that help discover events that may otherwise be missed.
Tips for an effective disaster recovery plan
There are a number of things that your business can do in order to prevent and prepare for a disaster, whether natural or man-made.
Here’s how to make a disaster recovery plan:
- Back up data and send it to physical off-site locations. You may also wish to use cloud storage. Either way, backups should be made on a regular basis to ensure minimal disruption should you lose data in a disaster.
- Test your disaster recovery plan. Carrying out practice drills can help determine the overall effectiveness of the plan. This way, you can modify the plan if you find anything that doesn’t work in practice.
- Establish a disaster recovery team. The team should receive regular training on how to prepare for a variety of different situations. The disaster recovery plan should also be communicated to other key staff members, ensuring it’s understood.
- Maintain up-to-date contact information. Should a disaster occur when key staff members are out of the office, you may need their latest contact details for such an emergency. Contact details should be updated on a regular, periodic basis.
- Update your plan. As businesses change and technology develops, it’s important to regularly revisit your disaster recovery plan. Potential changes may involve a new antivirus software or cloud provider, for example.