Organizations in the UK are vulnerable to significant financial losses due to IT failures and interruptions, with many falsely believing they have a higher level of resilience than reality suggests.
===================================================================================
In the face of escalating cyber threats, human errors, and emerging risks such as AI-driven attacks, UK organizations are stepping up their efforts to bolster IT resilience. Despite improvements in preparedness, the current state of resilience remains under significant pressure [1].
Cyber incidents, particularly ransomware attacks, continue to be the leading cause of downtime and data loss. A staggering 71% of organizations have experienced a cyber attack in the past year [1]. Although fewer organizations are paying ransoms and more are relying on backup recoveries, resilience challenges persist and require continuous adaptation and testing.
Human errors pose a critical vulnerability, with 89% of UK organizations acknowledging operational failures linked to human oversight as a major weakness in their resilience strategies [2]. Despite 59% testing their business continuity and disaster recovery plans at least biannually, only 31% express extreme confidence in these plans [2]. This indicates that while testing is improving, it may not always be sufficiently thorough, reinforcing the importance of regular, comprehensive recovery objective validation and resilience testing.
Cloud service outages are mitigated by distributed data across multiple servers and redundant systems, helping maintain uptime and reduce failure risk [4]. Managed IT services commonly implement such cloud infrastructures to enhance continuity and performance, while also focusing on compliance and security to guard against data loss and cyber threats.
Measuring resilience impact beyond just outage tracking—such as including reputational damage and effects on digital transformation—is essential for a strategic approach [2]. Effective IT resilience integrates infrastructure, operations, and leadership perspectives to comprehensively address risks and recovery capabilities.
Despite widespread cloud adoption, 51% still view cloud service outages as one of the top risks to operations [1]. Just over half (56%) of businesses have defined and regularly tested Recovery Time Objectives (RTOs), while 36% have defined and regularly tested Recovery Point Objectives (RPOs) [1].
Stewart Laing, CEO of Asanti, emphasizes that measurement is the foundation of resilience. He stresses that concerns over cloud service outages surpass even traditional IT system failures, at 49% [1]. However, confidence in existing recovery plans remains moderate, with only 31% of UK organizations expressing extreme confidence in their current disaster recovery and business continuity plans [1].
Operational failures due to human error could compromise backup power capabilities, according to 89% of respondents [2]. If only outages and costs are tracked, the true business impact is being missed, according to Stewart Laing [2]. Consequently, 58% of businesses admitted to suffering substantial financial losses due to resilience disruptions [1].
Six-in-ten businesses have struggled to return to normal operations after a major resilience disruption [1]. Downtime costs enterprises $400 billion per year [1]. Only 54% of companies track less obvious indicators like reputational impact [1].
Resilience must be strategic, tested, and integrated across infrastructure, operations, and leadership thinking, according to Stewart Laing [2]. There is a lack of confidence in organizations' risk recovery abilities, with 54% reporting low or medium confidence in handling cybersecurity breaches [1]. Only 60% say they have low or medium confidence in handling data center outages or unauthorized physical access [1].
In summary, UK organizations are increasingly prioritizing recovery objectives, regular testing, and cloud-driven redundancy to bolster IT resilience amid growing threats. However, confidence in existing recovery plans remains moderate, underscoring ongoing needs for rigorous testing and holistic resilience strategies.
- To address growing cyber threats and maintain IT resilience, UK businesses are integrating digital transformation into their cybersecurity and infrastructure strategies.
- periodic testing of business continuity and disaster recovery plans helps safeguard against human errors and ensure financial stability in the event of resilience disruptions, but there's a need for comprehensive recovery objective validation and resilience testing.
- In today's technology-driven world, businesses should not only focus on reducing downtime and data loss from cyber incidents but also measure the impact of resilience disruptions on finance, operations, and digital transformation to develop a comprehensive and strategic approach to IT resilience.
