IT managers underestimate data loss impact

Survey finds most IT managers in Hong Kong, Singapore and Australia fail to consider the hidden costs of data loss

IT managers in Hong Kong, Singapore, and Australia may be putting company data at risk by underestimating the effect of its loss, said Kroll Ontrack on Thursday.

According to results of a survey by data recovery tools provider Kroll Ontrack, only 7% of respondents believe data loss has a 'high' impact on a business.

The survey, conducted earlier this year by StollzNow Research, asked IT managers from 945 companies of different sizes throughout Hong Kong, Singapore and Australia about their views and experiences related to data management, said Kroll, adding that under half (49%) of all IT managers have reported a data loss situation in the last two years.

Firms fail to back up data daily

While larger companies may not fully appreciate the risks they face with data loss, it is the small business sector that appears to be most at risk.

An alarming 49% of small companies stated that they fail to backup their data on a daily basis, said Kroll. This is despite the fact that nearly half of all participants had experienced data loss in their workplace in the past two years, and 36% felt that data loss could have a significant impact on their business, the firm added.

Small businesses were also less likely to test their backup systems on a regular basis, or to have implemented a policy for the preservation of data, Kroll said. While 61% of overall respondents reported that their company had a formalised data retention policy, this figure fell to just 45% for companies with 50 or fewer employees, the firm added.

Survey results revealed that geography may influence data protection practices, with Singaporean companies appearing to manage their data most effectively, said Kroll, adding that both Hong Kong and Australian respondents were more likely to report having more than five instances of data loss in the last five years.

"The survey exposes a worrying approach to the storage, retention, backup and disposal of organisations' valuable data," said Adrian Briscoe, general manager, Ontrack Data Recovery APAC, Kroll Ontrack. "Data loss and associated challenges can have a devastating effect on business productivity, yet the survey shows that many organizations are ill-equipped to deal with the problem and do not fully understand the importance of implementing simple procedures for protecting their data."

The need to adapt backup procedures to match changes in the IT environment was highlighted as a potential problem area for both large and small organizations, with only 52% of companies having reviewed their disaster recovery plans in the last 12 months, said Kroll.

"New technologies, such as virtualisation and client solutions like Citrix, have changed the way data is recovered," said Briscoe. "If a company's backup system fails to address these changes, when the inevitable happens and data is lost, it may be more difficult and expensive to recover."

In addition to system failure, data are at risk when end-of-life cycle or unwanted computer hardware is not completely and securely erased, according to Kroll.

This raises the potential for business-critical information to fall into the wrong hands. The survey found that nearly a quarter (24%) of companies had no formal policy for erasing sensitive data, which means that they aren't destroying their sensitive information systematically. Just under half the respondents (46%) failed to keep a log of equipment that had been erased — an omission that has compliance implications and which can lead to significant legal penalties.

Outsourcing faces resistance

Even so, survey respondents demonstrated a reluctance to seek the assistance of a third-party data service provider, said Kroll.

Only 34% of respondents said their company had used an external consultant for data recovery. When asked why, the most common response (36%) was that 'internal technology and processes were utilised.'

Other reasons cited were security reservations (18%) and cost (17%). Security concerns about using a third-party provider were more common in Singapore (23%) than Hong Kong (18%) and Australia (12%).

"These results indicate that there may be a lack of understanding of the benefits of using a data service specialist," said Briscoe. "That fact that 39% of IT managers still rated their company as doing 'well' or 'very well' even if it took more than three days to recover data, suggests there is a low expectation of what can be achieved."

Join the newsletter!

Error: Please check your email address.

Tags Security ID

Show Comments
[]