While most UK companies have needed to recover data from a backup in the last year, the number who lost data in the process has increased. This is according to annual research of security leaders in large enterprises carried out by Apricorn, the manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives. Of the 90% of companies that had been forced to turn to their backup system, only 27% were able to recover all of their information and documents, a drop from 45% in 2022.

Almost a third (32%) of the security decision-makers surveyed attributed the unsuccessful recovery to a lack of robust backup processes, up from 2% in 2022. Meanwhile, 22% admitted "we don't have sufficiently robust backups in place to allow rapid recovery from any attack", a rise from 15% in 2022. The ability to quickly restore information following an incident is critical to cyber resilience and the capacity to resume business activities following disruption. 

With a quarter (24%) of respondents stating that ransomware has been the leading cause of a data breach at their organisation – an increase from 15% last year – this indicates a significant weakness. Backups play a vital role in maintaining business continuity in the wake of a ransomware attack that involves the theft or compromise of critical data, enabling the business to restore quickly from a clean data set.

“Fewer companies today are successfully restoring all of their backed up data than in 2022. This fall is paralleled by a rise in recognition that backup processes are inadequate. Having processes in place is probably less than half the battle. For a business to respond effectively to an incident that has disrupted critical data – whether that’s a cyberattack, employee error, or technical failure – processes must be rigorously tested and rehearsed, and continuously refined and updated,” says Jon Fielding, managing director EMEA at Apricorn.

Apricorn's research also uncovered a shift in companies' backup strategies from an automated approach to a manual approach. Backups were automated at half (50%) of the surveyed companies, a drop from 93% in 2022. Manual backups are now carried out at 48% of companies, a significant increase from 6% last year, with a rise from 1% to 16% backing up to personal storage repositories such as removable hard drives.

“The upsurge in manual backups is likely to be the result of an increasing trend for IT teams to give employees greater autonomy over routine tasks. It’s good news if more employees are being required to make local backups of the data they create and handle, especially when working remotely. However, this relies on people remembering to execute the backup, and to do it correctly. This is why a ‘belt and braces’ strategy that includes automated backups to a central location is vitally important,” adds Fielding.

The percentage of companies backing up to central and personal repositories is still reasonably low, at 38% across both automated and manual approaches.

“Too many companies are still at risk from having a ‘single point of failure’,” notes Fielding. “They must embrace the 3-2-1 rule: have at least three copies of data, stored on at least two different media, at least one of which is offsite. This means that if one copy is compromised, the information can be quickly and fully restored. Ideally, one offsite location should be offline – for instance an encrypted removable hard drive or USB which can be disconnected from the network to create an ‘air gap’ between data and threat.”

Censuswide conducted the research with 201 security decision-makers (manager level +) of large companies in the UK between March 30 and April 6 this year.