In a recent survey of executive leadership and IT managers across six major industries, 64% of respondents cited “loss of customer confidence” as their biggest concern in the event of a security breach. Yet, their responses related to IT security practices suggest an inadequate focus on solving reputational risks.
Modern business depends heavily on customers being comfortable enough to share their personal information to make purchases, utilize services, etc., so the respondents are right to recognize that if their companies fail at security, they risk losing revenue. However, more than half of respondents (59%) claimed to focus their attention on preventative measures, rather than reactive planning. Sixty-five percent of respondents noted “reinforcing identity and access management controls” as being among their top five priority objectives in the next 12 months and 62% said they “conduct regular cybersecurity maintenance.” Only 41% claimed to focus on reactive measures like IT disaster recovery (DR) planning, backing up data, etc.
Here’s why this is a problem: Given the ever-changing tactics for security threats, it’s no longer sufficient to focus solely on preventative measures to deliver resiliency against breaches. It is not “if,” but “when” your business will be attacked, so it’s critical to have a plan B for when a security incident occurs.
Having a plan to mitigate the fallout from an actual breach needs to be existent and robust – and this doesn’t just mean buying better insurance. Because data loss can cripple a business’s ability to recover from downtime and move forward, it’s critical to have a DR plan that goes beyond the outdated practice of tape backups. With 44% of executive leadership claiming that “inability to recover data and systems in less than a day” is their top concern in an event, this makes fast recovery essential to company livelihood. Tape backups aren’t fast enough anymore, since retrieving them could take days. Companies no longer have that luxury.
A recently-developed white paper explores this very connection, examining the full survey results against the fundamental practices needed to secure data and operations end-to-end. The relationship between having both preventative and reactive measures to mitigate security threats implies that if one is missing or insufficient, the whole strategy runs the risk of being vulnerable.
While proactive measures are key to securing your organization’s IT systems, a failure to establish a restorative strategy is not only a missed opportunity but a vulnerability. Read “A Two-Pronged Approach to Locking Down IT Security” to see why choosing Disaster Recovery-as-a-Service (DRaaS) is a win-win strategy for ensuring both preventative and reactive measures receive equal attention.