70% of organisations suffered downtime in 2021, report shows

A just released cybersecurity and data protection report shows that most organisations and individuals experience cyber attacks and data loss.

The report, Cyber Protection Week Global Report 2022 was released yesterday by Acronis, the global leader in cyber protection.  

The report which surveyed over 6,200 IT users and IT managers from small businesses to enterprises across 22 countries,  including South Africa, exposes some of the most critical shortcomings appearing in cyber protection practices today. It also examines why they’re appearing and offers guidance on how they can be fixed.

One of the report’s key findings last year was that 80% of organizations ran as many as 10 solutions simultaneously for data protection and cybersecurity — yet more than half of them suffered downtime because of loss. Clearly, more solutions do not translate into more protection.

“This year, we see that trend getting worse: while 78% of organizations globally run as many as 10 different solutions, 76% of organizations experienced downtime due to data loss — a 25% increase from 2021. This downtime stemmed from a number of sources, including system crashes (52%), human error (42%), cyberattacks (36%) and insider attacks (20%),” says the report.

As a result, 61% of global organizations’ IT teams now report a preference for integrated solutions that replace their complicated stacks of cybersecurity and data protection tools with a single, unified console.

Candid Wuest, Acronis V.P. of Cyber Protection Research believes that an integrated solution is the real deal of cybersecurity issues.

As the entire world is increasingly at risk from different types of attacks, accelerating to universal all-in-one solutions is the only way to achieve truly complete cyber protection. And that’s precisely the problem Acronis has set out to solve.”

“Attackers don’t discriminate when it comes to means or targets, so strong and reliable security is no longer an option, it’s a necessity,” Wuest added.

Citing Nigeria as an example, Liora Rosenblum,  executive director of MapleLeaf, noted that where both the public and private sectors are increasingly embracing cloud adoption, the demand for comprehensive cyber protection has become an essential concern.

“As a company that operates in-country cloud infrastructure services, MapleLeaf is in the vanguard of efforts to mitigate cybersecurity risks in the region. At the starting line of our strategic partnership, Acronis and MapleLeaf jointly launched the Acronis Cloud Data Centre in Nigeria, which in effect means that Nigerian service providers and their customers can leverage fast access, superb data sovereignty and resiliency to achieve their objectives and drive business growth,” said Loira.

The report reveals that most IT managers are exuding unfounded confidence in their systems, thus misleading their managers, who could otherwise take steps to protect their systems.

In South Africa, 20% of organizations  claim to spend over 25% of their IT budget on security.

Another 70% of organizations’ IT managers claim to have automated patch management. However, based on any reliable industry research, only a handful of companies follow the 72-hour “golden time” for patch management.

82% also claim to have ransomware protection and remediation. Yet, successful attacks occur weekly and the size of ransom demands grows each year.

20% claimed to be testing backup restoration weekly. Again, not consistent with any other industry-issued data.

It seems that IT managers are trying to appear better prepared than they are; but that is, in turn, misleading their managers, boards of directors, industry analysts and customers. 

However, if the overwhelming majority of IT managers indeed have these solutions, they aren’t using them right: they have simply stocked their IT stacks with all of the recommended cybersecurity technologies — spending more money in vain.

The report findings prove that organizations are spending more on IT security this year, but when compared to their overall IT budget, it becomes clear – organizations are still treating cyber protection as a “nice-to-have” not as a “must-have”:

Half of organizations globally allocate less than 10% of their overall IT budget on IT security. 

Only 23% of organizations globally are investing over 15% of their overall IT budget in security — even despite the increasingly threatening cyber landscape.

The report further indicated that the extra vigilance of companies that was triggered by the Covid-19 pandemic is now wearing out, exposing them to more risk.

Frequent backups that were fuelled by the shift to remote work are over. Only a third of IT managers  back up weekly, while another 25% back up monthly. Use of backup best practices is declining across the board — only 15% of organizations’ IT teams adhere to them.

Same as last year, 10% of IT managers still aren’t sure if their company is subject to any data privacy regulations — proving that IT managers, like IT users, get stuck in their ways. 

In South Africa, only 5% of internal IT teams are unsure if their companies are subject to data privacy regulations.

According to the research, 86% of organizations globally are also concerned about the threat of increasing politically-driven cyberattacks caused by the worsening geopolitical climate — but their concern does not translate into improvements to their cyber protection.

When asked about rising cyber threats in the region, 83% of IT users in South Africa said that they were either very or moderately concerned with increased politically-motivated cyberattacks.

Bottom line, it has been established that the outdated approaches that professional IT teams have relied on for years are now actively failing them. A comprehensive, easy-to-follow approach is essential to achieving a more reliable, holistic protection for data, applications and systems – one that combines cybersecurity, data protection and management into one solution.

Computer users also showed concern over cyber threats, though they did nothing much to protect themselves, the report further shows.

Only one in ten users backs up daily, while 34% of users back up on a monthly basis — a staggering 41% of users back up rarely or never. Still, 72% of users had to recover from backup at least once in the past year (33% — more than once). Meaning that some of the users who chose not to back up have permanently lost their data.

43% of users update a week or more after an update release — of those, 7% take more than a month to perform these recommended updates. A decline in response time compared to 2021. 

Meanwhile, only 12% of users are following the recommended hybrid model of cloud and local backup storage, users have doubled down on cloud backup: for 4 years, we saw local backups shrinking from 62% in 2019 to 33% in 2022 — at the same time cloud backups jumped from 28% to 54%.

Interestingly, 66% of users would not know or be able to tell if their data had been modified. 

43% of users are not sure if their anti-malware solutions could protect against new and emerging cyberthreats.

In South Africa, 71% of IT users in suffered permanent data loss from a computer or mobile device in the last year. Data was lost due to accidental deletions, app or system crashes, malware attacks and other common causes.

In contrast, roughly half of IT users in South Africa (49%) claimed that they have the means to tell the difference — far above the global average of 34%.

Definitely, there is a massive gap in how organizations and individuals approach cyber protection in theory — and in practice. Acronis provides a number of solutions that are able to bridge that gap — among them Acronis Cyber Protect, used by over 20,000 service providers to protect more than 750,000 businesses.

For more global and regional insights, you can download the full report here — download the reports for free on our website

Afcacia seeks to be a powerful tech mouthpiece, giving a voice to your products and services in a way that has never seen before.