Print this article

Disaster Recovery-As-A-Service: A New Front In Cybersecurity War

Tom Burroughes

28 November 2024

Ransomware continues to be the most prevalent form of cyber attack, affecting three out of four organisations – and that includes banks and wealth managers.

Firms that specialise in recovering from a breach and data loss are, understandably, making much of what they bring to the table. One such firm is , a UK-based business, which also operates in continental Europe, North America, Singapore and Australia.

11:11 has recovery processes in place that firms can use. Part of the firm's offering is educating and training of clients, and developing ideas on how organisations can act in particular situations. It encourages firms to simulate a problem to see what has to be done, Sean Tilley, senior director of sales, EMEA at 11:11 Systems, told this news service in a recent call.

The business’s model can be described as “infrastructure-as-service,” including disaster recovery-as-a-service, Tilley said. 

The stakes are high. According to the Veeam Data Protection Trends Report 2024, 75 per cent of organisations suffered at least one ransomware attack last year. Focusing just on the UK, a 2024 report from the Department for Science, Innovation & Technology found that half of businesses and around a third of charities (32 per cent) reported having experienced some form of cyber security breach or attack in the last 12 months. This is much higher for medium businesses (70 per cent), large businesses (74 per cent) and high-income charities with £500,000 ($626,670) or more in annual income (66 per cent).

By far the most common type of breach or attack is phishing (84 per cent of businesses and 83 per cent of charities).

Besides 11:11, other businesses which help firms deal with attacks from ransomware include the likes of K2 Integrity (see an article from that business). Gotham Security, an Abacus Group company, spoke to this publication about lessons to be learned from an attack in 2023 on UK-based Succession Wealth. 

A report in March 2024 from  rules came into force in 2023 forcing listed companies to report their cyberattacks to core stakeholders, such as investors, customers, and regulators. 

Vulnerabilities
An issue for firms such as 11:11 to watch is the pressure on outsourced, third-party firms and their own security processes.

The focus on third-party risks is a “huge topic,” Tilley said. 

Vulnerabilities at providers of outsourced services has been flagged as an issue by the UK’s Financial Conduct Authority. The late-July Microsoft/CrowdStrike outage was a wake-up call, for example. In an article published here in September, US-based ACA Group said: “For those on the buy-side, for every provider you take on, you must consider the risk to your side of the business…this is about asking the right questions and making sure that your due diligence is up to date.”

European Union regulators wanting to make systems more robust, is one example of what is taking place. 

In a recent article which he authored, Tilley noted that the European Union has introduced new rules such as the Digital Operational Resilience Act (DORA) and the NIS2 Directive.

Getting into better shape to handle cyber attacks is not just about spending money, it can also give firms that have strong safeguards a competitive edge over rivals, Tilley wrote. 

“Regulatory compliance is not just a defensive move – it can be a strategic advantage,” he wrote. “Financial firms that effectively implement these standards can enhance their operational efficiency, customer trust, and ability to enter new markets.”