Data recovery gaps found in financial systems & business tools
New research has exposed significant vulnerabilities in data recovery strategies among organisations, particularly concerning financial systems and other crucial business applications.
A survey conducted by Foundry, along with a deeper study based on interviews carried out by Keepit, highlights that 30% of organisations currently have no data recovery strategy for their financial systems. Even more concerning, half of e-commerce, CRM and HR systems also lack a recovery plan.
The rapid integration of cloud applications and generative AI has posed unprecedented challenges for enterprise IT leaders. The Keepit study, titled "The great balancing act: Cybersecurity leaders tackle rising pressures," involved interviews with numerous Chief Information Security Officers (CISOs) and Chief Information Officers (CIOs) who emphasised the need for continuous improvement. These leaders are adopting collaborative best practices and investing in data-centric solutions with an emphasis on security and simplicity.
Traditional enterprise disaster recovery strategies, designed for on-premises IT infrastructure, are not keeping pace with the increasing use of cloud applications and AI technologies. According to the Foundry survey, 70% of organisations have data protection strategies for their financial applications. However, other essential systems are less protected, with only 50% coverage for e-commerce and HR management systems, and even less for CRM (48%) and ERP (42%) systems.
Kim Larsen, CISO at Keepit, commented on the survey's findings stating, "Anything related to finance is important, most people will agree. And it's an obvious place to start when you map your critical systems and data. The survey shows that financial systems are by far the most incorporated in data protection strategies, and when you look at verticals, financial institutions are also a little more mature than others."
The research exposed strategic gaps and vulnerabilities within organisations. Only half of the surveyed companies have included cloud-stored SaaS data in their disaster recovery plans, although 40% plan to address this gap soon. A decision-maker at a Keepit CISO roundtable observed, "We solved many of these challenges 10 to 15 years ago, but with the move to cloud, it's like we're starting from scratch again."
The state of data protection has also emerged as a barrier to the broader adoption of generative AI technologies. Nearly all surveyed organisations are prioritising AI data protection, with 52% already implementing tools for chatbots and AI platforms, and 43% considering them. Larsen further noted, "Good data protection is essentially data classification plus good recovery capabilities. If you understand your data and can recover uncorrupted versions fast, you have a solid foundation to ensure business continuity, compliance and recovery."
Compliance and future-proofing are top concerns for many organisations as they enter 2024, with 73% of survey respondents prioritising compliance, followed by data governance (53%) and enterprise backup and recovery (45%). New regulatory mandates, like the SEC's requirements in the US and the upcoming Digital Operational Resiliency Act (DORA) in the EU, are increasing pressure on organisations to enhance their cybersecurity measures.
Larsen highlighted the importance of aligning cyber strategy with business objectives, explaining, "Cyber strategy must be perfectly aligned with the business to effectively support it. The more global an organisation becomes, the more difficult this is to align access, and comply with regulations. This is backed up in our study, where CISOs emphasised the need for a unified risk management strategy that aligns with regional regulatory requirements."
Keepit's research underscores the variation in organisational maturity concerning data security. Interviews with over 30 CISOs and CIOs revealed that differing backgrounds and responsibilities among these leaders contribute to the slow adoption of data-focused innovations. 80% of organisations are now adopting a "cloud smart" approach, which introduces new security and compliance challenges.
CISOs and CIOs are moving toward continuous improvement, building collaborative best practices and investing in data-centric solutions. Essential steps include establishing effective data governance frameworks and engaging the board of directors. Aligning cybersecurity with business goals, communicating technical concepts in understandable terms, and demonstrating the return on investment in cybersecurity initiatives are also considered pivotal.
Data protection remains a cornerstone of organisational resilience amid technological advancements. Effective communication of cyber risks to stakeholders and demonstrating the ROI of cybersecurity initiatives are critical for organisations as they navigate the balance between innovation and protection.