"New technologies, such as virtualisation and client solutions like Citrix, have changed the way data is recovered," said Briscoe. "If a company's backup system fails to address these changes, when the inevitable happens and data is lost, it may be more difficult and expensive to recover."

In addition to system failure, data can be put at risk when end-of-life cycle or unwanted computer hardware is not completely and securely erased. This raises the potential for business-critical information to fall into the wrong hands. The survey found that nearly a quarter (24 per cent) of companies had no formal policy for erasing sensitive data, which means they are not destroying their sensitive information systematically.

Just less than half the respondents (46 per cent) failed to keep a log of equipment that had been erased, an omission that has compliance implications and which can lead to significant legal penalties.

Even so, survey respondents demonstrated a reluctance to seek the assistance of a third-party data service provider. Only 34 per cent of respondents said their company had used an external consultant for data recovery. When asked why, the most common response (36 per cent) was that "internal technology and processes were utilised". Other reasons cited were security reservations (18 per cent) and cost (17 per cent). Security concerns about using a third-party provider were more common in Singapore (23 per cent) than Hong Kong (18 per cent) and Australia (12 per cent).