When it comes to disaster recovery, how does one avoid becoming a statistic? By staying informed about the statistics of course. But the problem is that there are so many so which ones can you rely on and which ones can you chuck out the window? We managed to put together some stats from leading institutions to help you sift through the muck.

How much did the worst IT security incident cost?

IT security is continually under threat – it is one of the leading causes of a disaster when it comes to companies in the UK losing data and the cost of disaster recovery. The 2015 Information Security Breaches Survey from PWC has the following to say about large organisations (companies with more than 250 employees):

• They experienced an 81% increase in security breaches this year. That is, 90% of all respondents suffered a breach.
• The worst breach cost a large company 3.14 million pounds (nearly 5 million US dollars), ranging on average between that and 1.46 million pounds.

The stats for small organisations (companies with less than 50 employees) are equally disturbing:

• They experienced a 60% increase in security breaches this year. That is, 74% of all respondents suffered a breach.
• The worst breach cost a small company 311 thousand pounds (nearly 500 thousand US dollars), ranging on average between that and 75 thousand pounds.

Sadly, whether big or small, 59% of them feel that they will experience another breach in the coming year.

What are the most popular data protection mechanisms?

In the US, 62 companies were surveyed about how they were preventing the need for disaster recovery by various mechanisms of data protection. The 2015 Cost of Data breach Study solicited by IBM from the Ponemon Institute:

• 52% are using encryption more and more.
• Manual interventions are widely used with:

1. 50% are running training and awareness programs for employees.
2. 40% are using access management solutions and additional manual procedures and controls.
3. 50% were using endpoint security solutions.

Lowest ranking practices were what one would presume to be standard IT security practices: the implementation of security intelligence solutions by only 37% of companies; and security certifications or audits by only 19%.

Who is trusted most by the public when it comes to data security?

In another study by PWC in November 2014, more than two thousand people were asked who they trusted the most when it comes to protecting personal data. Titled “How financial services lost its mojo – and how it can get it back”, the results are something these organisations need to take to heart:

• Banks got away with most of the trust, at 52%.
• In the middle sits insurance providers, with 35% of people’s confidence.
• Online retailers got 22%.
• Not surprisingly, other online services such as social networking got only 15%.

It’s easy to leverage off the sensationalism of a surprising statistic but simply put, the credibility of a number comes from the credibility of its source. It goes to show that even the all-knowing Internet can get it wrong sometimes. In a changing disaster recovery landscape of evolving threats and maturing data protection software, keeping current and up to date is crucial in staying on the good side of