- 93% of UK companies have faced a business-critical incident (86% globally)
- They’re not testing recovery plans frequently enough, though
- Some are putting together inventories of critical systems
New research has warned UK companies could be at a higher risk of facing dangerous cyber incidents, with 93% having experienced a business-critical incident compared with 86% globally.
The data comes from a Commvault study in the months following the impactful attack on UK retail giant M&S and reveals a recent uptick in incidents, with 57% having occurred in the past 18 months.
However, despite the more at-risk nature of UK companies, 21% are less likely to have dedicated recovery environments than their global counterparts and 11% are less likely to have tested recovery plans in the last month.
UK firms get more cyberattacks than the global average
Commvault noted, even though British firms are more likely to experience “frequent devastating incidents,” they’re falling behind when it comes to their recovery readiness, and that’s down to three key failures: the complexity of existing systems and applications (52%), the struggle to keep recovery plans in line with their changing needs (47%) and difficulties separating core systems from less business-critical operations (30%).
“Having a tested recovery plan in place and a dedicated recovery environment in the cloud can make all the difference between chaos and continuous business,” Commvault EMEA SVP Richard Gadd explained.
However, tables and turning and companies are starting to lay the foundations of change. The report details how two in three (65%) have an inventory of business-critical systems and dependencies, which is higher than the global average (50%).
Looking ahead, companies can strengthen their cybersecurity postures by adopting zero trust and deny-by-default principles to prevent many threats while also deploying continuous monitoring systems.
With UK firms less likely to have conducted a recovery test in the past month, there’s clear scope for further testing including both recovery and penetration testing to highlight any weak points before an attack takes place.