This is one of the key findings of a survey launched in Hong Kong yesterday by Kroll Ontrack, a US-based provider of data recovery solutions. The survey was conducted earlier this year by StollzNow Research. It asked IT managers from 945 small, medium and large companies in Hong Kong, Singapore and Australia about their views and experiences related to data management.
The survey found that just less than half (49 per cent) of all IT managers have reported a data loss situation in the last two years.
While larger companies may not fully appreciate the risks they face with data loss, it is the small business sector that appears to be most at risk. An alarming 49 per cent of small companies stated that they fail to back up their data on a daily basis.
This is despite the fact that nearly half of all participants had experienced data loss in their workplace in the past two years, and 36 per cent felt that data loss could have a significant impact on their business.
Small businesses were also less likely to test their backup systems on a regular basis, or to have implemented a policy for the preservation of data. While 61 per cent of overall respondents reported that their company had a formalised data retention policy, this figure fell to just 45 per cent for companies with 50 or fewer employees.
The survey notes that geography may influence data protection practices, with Singaporean companies appearing to manage their data most effectively. Both Hong Kong and Australian respondents were more likely to report having more than five instances of data loss in the last five years.
"The survey exposes a worrying approach to the storage, retention, backup and disposal of organisations' valuable data," said Adrian Briscoe, general manager, Data Recovery Asia Pacific, Kroll Ontrack. "Data loss and associated challenges can have a devastating effect on business productivity, yet the survey shows that many organisations are ill-equipped to deal with the problem and do not fully understand the importance of implementing simple procedures for protecting their data."
The need to adapt backup procedures to match changes in the IT environment was highlighted as a potential problem area for both large and small organisations, with only 52 per cent of companies having reviewed their disaster recovery plans in the last 12 months.
"New technologies, such as virtualisation and client solutions like Citrix, have changed the way data is recovered," said Briscoe. "If a company's backup system fails to address these changes, when the inevitable happens and data is lost, it may be more difficult and expensive to recover."
In addition to system failure, data can be put at risk when end-of-life cycle or unwanted computer hardware is not completely and securely erased. This raises the potential for business-critical information to fall into the wrong hands. The survey found that nearly a quarter (24 per cent) of companies had no formal policy for erasing sensitive data, which means they are not destroying their sensitive information systematically.
Just less than half the respondents (46 per cent) failed to keep a log of equipment that had been erased, an omission that has compliance implications and which can lead to significant legal penalties.
Even so, survey respondents demonstrated a reluctance to seek the assistance of a third-party data service provider. Only 34 per cent of respondents said their company had used an external consultant for data recovery. When asked why, the most common response (36 per cent) was that "internal technology and processes were utilised". Other reasons cited were security reservations (18 per cent) and cost (17 per cent). Security concerns about using a third-party provider were more common in Singapore (23 per cent) than Hong Kong (18 per cent) and Australia (12 per cent).
"These results indicate that there may be a lack of understanding of the benefits of using a data service specialist," said Briscoe. "That fact that 39 per cent of IT managers still rated their company as doing 'well' or 'very well' even if it took more than three days to recover data, suggests there is a low expectation of what can be achieved."
"The best way to manage data loss is to prepare for it before the loss occurs," said Briscoe. "Organisations need to start applying business continuity and data protection safeguarding measures throughout the entire data lifecycle."