A recent report published by the British government and the insurance sector, aimed at addressing concerns surrounding cyber security, revealed that 98 per cent of large UK firms do not have an insurance policy in place which could help them recover from a serious cyber attack, despite 81 per cent suffering a breach in the past 12 months.
To address this the government has urged insurance companies to help champion better cyber security practices by raising awareness of cyber insurance amongst enterprise and SME communities. In addition to cyber insurance, Peter Groucutt, Managing Director of disaster recovery provider Databarracks, states firms can further protect themselves by implementing effective disaster recovery and business continuity practices across their business.
Groucutt applauds the efforts of the government in continuing to push good cyber security practices, but also suggests that firms need to start protecting themselves by devising and implementing their own disaster recovery plans:
“It’s great to see the government taking a much more pragmatic approach to cyber security by engaging with the likes of the insurance sector to drive good cyber security practices but there is a lot that firms can do to protect themselves too.
“Looking back at the findings from our annual Data Health Check survey, the results revealed only 30 per cent of SMEs from a sample of 400 IT professionals had an IT disaster recovery (DR) plan in place. When you consider how reliant businesses are on their IT infrastructure, it’s a staggering reality and raises the question: why?
“Cyber threats demand a comprehensive backup and disaster recovery plan. In terms of having a business operational following a cyber related outage – it is important to have failover systems in place. This type of protection will have businesses up and running again in the same way as if they had faced a physical threat like a fire, flood or damage to their IT.
In addition, cyber protection also requires excellent backup systems. Ransomware for example may have infected systems for weeks before it is identified and so it will require restoring from a backup before this point. Older backups are also needed for forensic investigations to assist in identifying malicious attacks afterwards.”
Groucutt continues: “During the recession, organisations were frantically looking across the business to see where savings could be made and unfortunately, a lot took the view that disaster recovery was one area that could be sacrificed. Now in 2015, this mind-set needs to change, and we need to start looking at disaster recovery and backup specifically as something that adds value to a business.”