Are Businesses Adopting A ‘Titanic Mindset’ To Data Recovery?

It was a year ago when the Rhysida ransomware gang made the headlines when it attacked the British Library’s systems, resulting in major disruption and the theft of service users’ data, which was leaked when the British Library refused to co-operate.

Since then, we’ve all witnessed the chaos that erupted from the more recent global outage that made headlines and affected systems across the world. While not a traditional data attack, it’s been estimated to cost businesses up to $1.5 billion and is proof that no organisation can afford to be complacent regarding downtime. 

Lessons, of course, have been learnt. The British Library, in fact, opted for full transparency in the aftermath, publishing details of the intrusion and its response. Meanwhile, CrowdStrike apologised for the faulty software update that led to system crashes at banks, airlines, healthcare, media companies, hotel chains and more.

So, what have we learnt? An organisation’s ability to reliably recover systems and data is non-negotiable. There is absolutely no room for doubt – and if there is, any uncertainty needs to be identified and addressed before disaster strikes. 

Absolute confidence in data recovery
It’s concerning that in recent study we undertook among senior IT professionals in the UK, 78% of respondents admitted they had suffered data loss due to system failure, human error or a cyberattack at least once in the past 12 months.

Yet only just over half (54%) said they are confident they could recover their data and mitigate downtime in a future disaster. 

The fact that only just over half of respondents think their data is recoverable is a concern; this figure should be much nearer to 100%. Otherwise, how can your readiness for recoverability be reported confidently to the business and senior stakeholders? Confidence comes from identifying an organisation’s realistic needs, without compromising on cost or making sure you have the right tools for the job.

Meeting the testing ‘gold standard’
Confidence also comes from thoroughly and repeatedly testing systems and disaster recovery (DR) processes. So, it was surprising to see that of the UK IT professionals interviewed, one in five say they test just once a year or less, while 60% of respondents check their data is fully recoverable and usable once every six months. Just 5% say they test monthly (below). 

We advocate for a ‘gold standard’ for DR testing – twice-yearly, non-invasive full failover tests supported by monthly system boot tests and data integrity checks. In addition to rigorous data validation, testing the ability of workloads (applications and data) for failover capabilities needs to be designed into the recovery plan. This should also allow for network and connectivity testing, a critical and often overlooked component in the testing process.

The challenge is that many technologies deployed today to recover systems and data do not allow for non-disruptive testing. While testing can be carried out, these tests can never be thorough enough without significant disruption and, as a result, deliver a compromised test. 

Organisations need to put in place a well-structured recovery environment to optimise data recovery testing and ensure it can be conducted in the least disruptive way to the business. There are sophisticated solutions now that run testing without consuming vital resources or impacting the day-to-day production environment, which means business-as-usual.

Making data recovery part of business ‘fitness agenda’
When it comes to the core challenges in DR planning, our survey respondents were clear in what they are lacking from the business, with 39% pointing to a lack of skills or expertise in-house, 29% to a lack of investment or budget, and 28% to a lack of senior support. 

A lack of top-down support can foster a culture of complacency, even apathy. If those responsible for protecting and recovering the business in the event of a data issue or cybersecurity attack do not feel that it’s being taken seriously enough, then their approach and attitude may well reflect this.

Aligned to a thorough testing regime is the confidence to report that systems are recoverable, and the business is in a state of readiness to respond. A secondary benefit is that it fosters a culture of professionalism regarding an aspect of IT that often sits in the shadows until it is needed.

To some extent, I think what we’re seeing from this study is a ‘Titanic mindset’ to data recovery, which is potentially putting data - and businesses - at risk. Organisations, it seems, think they are unsinkable -  until they’re not. 

Stephen Young is Executive Director at Assurestor

Image:  SerrNovik

You Might Also Read: 

Make Sure Your Disaster Recovery Plan Works When You Need It Most:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Preparing IT Teams For The Next AI Wave
Increase Security For Your Enterprise Cloud With A Next-Generation Firewall »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Navista

Navista

Navista's hardware and software modules are especially designed to ease the deployment of secure networks.

Verve Industrial

Verve Industrial

Verve specialize in providing software and services to help protect and secure critical industrial control systems.

Bit4id

Bit4id

Bit4id provides technologies for electronic signature, online authentication, cybersecurity and all other services based on the concept of digital identity.

CyberSift

CyberSift

CyberSift is a cyber security provider. We develop threat detection software which needs no infrastructure changes as it integrates with almost any security tool.

Resec Technologies

Resec Technologies

Resec provides total protection against all types of known and unknown malware threats including viruses, Trojans, ransomware and phishing, regardless of their delivery method.

VaultOne

VaultOne

VaultOne is a next-generation security solution that addresses security issues from different domains (Password Manager, Secure Access, PAM, Identity Management) as a single, integrated solution.

Haven Group

Haven Group

Haven Group and its companies are a cyber security one-stop-shop for our clients offering a full range of cyber security services to our clients in a unified and united way.

Athreon

Athreon

Athreon utilizes a fusion of AI technology, human interpretation, and the latest in cybersecurity to deliver sound business solutions that help our clients make better data-driven decisions.

Thistle Technologies

Thistle Technologies

Thistle Technologies is building tools that help connected device manufacturers build security resiliency into devices.

Identity Management Institute (IMI)

Identity Management Institute (IMI)

Identity Management Institute (IMI) provides professional training and certification in cyber security with a focus on identity and access management, identity theft, and data protection.

OnSecurity

OnSecurity

OnSecurity replaces the overhead of traditional penetration testing firms with a simple online interface, making it easy to book tests as and when needed.

Flat6Labs

Flat6Labs

Flat6Labs is the MENA region’s leading seed and early stage venture capital firm, currently running the most renowned startup programs in the region.

EtherAuthority

EtherAuthority

EtherAuthority's engineering team has been helping blockchain businesses to secure their smart contract based assets since 2018.

risk3sixty

risk3sixty

Risk3sixty are information and cyber risk management craftsmen helping build business-first security and compliance programs.

Liquis Inc.

Liquis Inc.

Liquis, founded in 2002, is one of the largest facility decommissioning services companies in the U.S.

CallCabinet

CallCabinet

CallCabinet is the premier cross-platform SaaS provider for end-to-end compliant call recording, AI-driven conversation analytics, call QA, and custom business intelligence reporting.