Only 15% of HK firms back up data on public cloud

(L-R) Professor John Bacon-Shone of The University of Hong Kong and Tarun SawneyMore than 50% of Hong Kong companies are worried about their data being at risk in case of a ransomware attack, but only a small number of them are currently using public cloud data backup services that could help mitigate the impact of malware infections.

“Only 15% of enterprise respondents said they are using data backup on public cloud although there is a high level of awareness for this type of service,” said Professor John Bacon-Shone (pictured, left), associate dean of the Faculty of Social Sciences and Director of the Social Sciences Research Centre at the University of Hong Kong (HKUSSRC).

He was citing a key finding in the Ransomware and Cloud Readiness survey presented yesterday by HKUSSRC and BSA The Software Alliance.

The survey was conducted in two phases – a baseline survey from March 28 and April 24 before the WannaCry ransomware outbreak and a follow-up survey from June 29 and July 12 in the aftermath of WannaCry. Corporate respondents came from major vertical industries, such as manufacturing, construction, real estate; import/export trade; retail; accommodation and food services; information and communication; and finance and insurance to name a few.

Security issues dampen adoption

Bacon-Shone said over 50% of respondents have cited security issues as the primary reason for not using data backup services powered by public cloud.

“The top three security issues cited were confidentiality considerations, safety concerns and no confidence in security,” he added.

According to the survey, over a third of Hong Kong companies are backing up data more than three times a week. However, more than 75% of them have adopted a non-cloud option for their primary data backup, despite widespread awareness of the availability data backup services on public cloud. What’s more, nearly 80% have said they are unlikely to consider data backup on the public cloud in the future.

“Recognition of the importance of having data backup is critical, but taking concrete steps to perform offsite secure backup which may include public cloud backup is a different story,” said Bacon-Shone.

He noted that local regulation has long required data users to safeguard personal data from unauthorized or accidental access, processing, erasure, loss or use.

“The new EU law on data protection – the General Data Protection Regulation – is due to become enforceable in May 2018. This will include much stronger sanctions (of up to 4% of global annual turnover or 20 million euros, whichever is greater) and requires a risk-based accountability.

“This is why there is an essential need for companies to implement offsite secure backup, which may include public cloud backup, but will require careful choice of trustworthy providers of backup services,” he added.