There appears to be a disconnect between confidence in managing IT-related issues and the adverse impact of an IT failure, a survey from Kyndryl has found.
The global survey of 300 IT decision-makers reported that 71% of respondents said they had experienced a cyber security-related event, while 88% said they had experienced an adverse event that was non-cyber security related.
When asked to compare themselves to peers, 65% rate their organisation’s preparation for adverse events ahead of other organisations. But, at the same time, Kyndryl’s poll found that 92% confirmed their organisations have experienced adverse events in the past two years that compromised or disrupted IT systems. Most respondents said they had experienced three or four different types of disruption events.
The most common adverse event experienced over the past 24 months by the IT decision-makers polled was IT hardware failure, followed by network failure. Malware was the third most common IT issue, followed by datacentre failures. Human error was the sixth most common issue that resulted in an adverse effect.
Half of the IT decision-makers surveyed said the IT issues their organisations had experienced over the past 24 months had resulted in an operational failure, while 40% admitted the IT issues resulted in compliance, regulatory fines or legal ramifications. Over a third (35%) said the IT issue had damaged their brand, and 34% said they had lost business or revenue due to the IT issue.
Kyndryl found that a lack of ability to recover systems and data from an encrypted, clean backup featured most often as a top challenge respondents faced in managing the impact of adverse events. Kyndryl’s global security and resilience leader, Kris Lovejoy, urged IT leaders to invest in automating and orchestrating recovery processes and assess and establish how best to mitigate human error in restoring from backups. She recommended that IT departments test incident response plans repeatedly and often.
“Whether or not your organisation is challenged with backups, a complicating factor is that ransomware attackers increasingly target backups,” Lovejoy warned.
In these scenarios, when backups have been compromised, she said that IT departments are unable to restore systems, adding: “They also can’t check for malware. As a result, the risk and potential impacts skyrocket.”
Along with the risk of being unable to recover IT systems from clean backups, Kyndryl reported that expanding IT footprint (37%), the inability to stay up-to-date with emerging threats (34%), lack of skilled staff (32%) and reliance on third-party IT providers (28%) were among the top challenges affecting the ability of IT decision-makers to manage adverse events.