Data protection in finance and insurance: deficient top of the class

Ransomware, info-stealers, phishing emails: malware has many faces, and many companies and organizations reveal weaknesses in the defensibility of their IT security systems. Hackers blackmail companies with their own data, a backup is not available and so the restoration of the systems sometimes takes months until daily operations can be returned to.

By Dan Popa, Senior Territory Manager Romania and Bulgaria

This includes financial services and insurance institutions (FSIs) and their particularly valuable and sensitive customer data. However, although FSIs have received a boost in innovation with the help of startups and young financial technology (FinTech) companies, the sector is revealed to be slack in the areas of backup, recovery and service levels. The Veeam Data Protection Trends Report 2022 that bases on a global survey conducted by Vanson Bourne, an independent research group, clearly shows this.

To better understand the data protection strategies of companies, more than 3,000 IT managers worldwide were surveyed. Among them were 472 participants from the FSI sector, which prompted the researchers to take a closer look at the industry in a separate analysis. As a result, while FSI organizations had many similarities with other industries, they possessed unique differences in their data protection strategy for 2022.

The study reveals some bitter shortcomings in the industry: The FSI companies surveyed were exactly in line with the global average when it came to meeting recovery times and service level expectations in the event of data loss – which, unfortunately, is below average when measured against the target state and does not come close to meeting the necessary value. Comparing this year’s figures with those of previous years reveals another, even more significant shortcoming: the gap between expectations and their fulfillment is widening. The industry’s ability to respond to new security threats is thus getting worse every year.

But there is also good news for the FSI industry. In terms of cloud computing, they turn out to be forward-looking: According to the study, enterprises are expected to run more than half of their FSI workloads in the cloud by 2024 – a feat that can also be attributed to FinTechs’ power to change. The percentage of their servers that experienced an unexpected outage in the last year (28 percent) is well below the global average (40 percent) and nearly half that of healthcare (52 percent). Fewer outages mean fewer interruptions, which in turn means fewer attempts to recover. So compared to other industries, especially healthcare, FSI in general is slightly ahead, but the industry cannot rest on its laurels.

All of this gives a good insight into the current state and future of backup in the FSI space. However, anyone watching the news and realizing what ransomware can do to government agencies, businesses and organizations both financially and administratively should take another look at the topic of backup. How quickly can systems be restored after an attack? Are the company’s own servers susceptible to failure? Does the service level correspond to the necessary initial measures in case of an emergency? These aspects should be explored in order to be as well prepared as possible for new types of threats. Veeam’s enriched 3-2-1-1-0 backup rule can be the savior in this case, because it enhances any plan enormously: 3 backup copies on 2 different media, 1 copy stored externally, 1 of the copies must also be immutable or read-only, and in the last step, 0 recovery errors should guarantee a scheduled recovery through regular testing. If IT managers take this simple rule to heart, their companies are well prepared.