Technology

Disaster Recovery-As-A-Service: A New Front In Cybersecurity War

Tom Burroughes Group Editor London 28 November 2024

Disaster Recovery-As-A-Service: A New Front In Cybersecurity War

Ransomware is a major threat to institutions such as banks – they are where the money and data are. We talk to a firm that helps affected organisations to recover and avoid problems. 

Ransomware continues to be the most prevalent form of cyber attack, affecting three out of four organisations – and that includes banks and wealth managers.

Firms that specialise in recovering from a breach and data loss are, understandably, making much of what they bring to the table. One such firm is 11:11, a UK-based business, which also operates in continental Europe, North America, Singapore and Australia.

11:11 has recovery processes in place that firms can use. Part of the firm's offering is educating and training of clients, and developing ideas on how organisations can act in particular situations. It encourages firms to simulate a problem to see what has to be done, Sean Tilley, senior director of sales, EMEA at 11:11 Systems, told this news service in a recent call.

The business’s model can be described as “infrastructure-as-service,” including disaster recovery-as-a-service, Tilley said. 

The stakes are high. According to the Veeam Data Protection Trends Report 2024, 75 per cent of organisations suffered at least one ransomware attack last year. Focusing just on the UK, a 2024 report from the Department for Science, Innovation & Technology found that half of businesses and around a third of charities (32 per cent) reported having experienced some form of cyber security breach or attack in the last 12 months. This is much higher for medium businesses (70 per cent), large businesses (74 per cent) and high-income charities with £500,000 ($626,670) or more in annual income (66 per cent).

By far the most common type of breach or attack is phishing (84 per cent of businesses and 83 per cent of charities).

Besides 11:11, other businesses which help firms deal with attacks from ransomware include the likes of K2 Integrity (see an article from that business). Gotham Security, an Abacus Group company, spoke to this publication about lessons to be learned from an attack in 2023 on UK-based Succession Wealth. 

A report in March 2024 from Broadridge Financial Solutions showed that over the next two years, financial institutions plan to boost their investments in cybersecurity by 28 per cent on average; impacting their internal security protocols, and the way in which they engage with third-party technology vendors. According to the study, cybersecurity is the top capability executives say they expect from their technology vendors, outpacing their ability to deliver projects on time and on budget, and building next-generation technologies into their solutions. Cybersecurity remains an important concern for the world’s wealth management industry. In the US, new Securities and Exchange Commission rules came into force in 2023 forcing listed companies to report their cyberattacks to core stakeholders, such as investors, customers, and regulators. 

Vulnerabilities
An issue for firms such as 11:11 to watch is the pressure on outsourced, third-party firms and their own security processes.

The focus on third-party risks is a “huge topic,” Tilley said. 

Vulnerabilities at providers of outsourced services has been flagged as an issue by the UK’s Financial Conduct Authority. The late-July Microsoft/CrowdStrike outage was a wake-up call, for example. In an article published here in September, US-based ACA Group said: “For those on the buy-side, for every provider you take on, you must consider the risk to your side of the business…this is about asking the right questions and making sure that your due diligence is up to date.”

European Union regulators wanting to make systems more robust, is one example of what is taking place. 

In a recent article which he authored, Tilley noted that the European Union has introduced new rules such as the Digital Operational Resilience Act (DORA) and the NIS2 Directive.

Getting into better shape to handle cyber attacks is not just about spending money, it can also give firms that have strong safeguards a competitive edge over rivals, Tilley wrote. 

“Regulatory compliance is not just a defensive move – it can be a strategic advantage,” he wrote. “Financial firms that effectively implement these standards can enhance their operational efficiency, customer trust, and ability to enter new markets.”

Register for WealthBriefing today

Gain access to regular and exclusive research on the global wealth management sector along with the opportunity to attend industry events such as exclusive invites to Breakfast Briefings and Summits in the major wealth management centres and industry leading awards programmes