December 4, 2014 By Douglas Bonderud 3 min read

Companies are worried about data loss, but many are behind the curve when it comes to safeguarding their assets, according to EMC’s Global Data Protection Index. While these results aren’t exactly surprising, digging deeper into the report uncovers a shocking statistic: The more data protection vendors a company has, the greater the risk. What gives?

Dealing With Loss

According to a Dark Reading article about the new report, companies have a lot to lose. Every year, unintended downtime costs more than $950 billion, while data loss accounts for over $750 billion. That’s a $1.7 trillion price tag just for doing business. Companies are well aware of the risks, with 62 percent saying at least one of their new technology initiatives — such as big data, hybrid cloud and mobile devices — is “difficult” or “very difficult” to protect. Despite this, EMC found that 87 percent of businesses are behind the curve for data protection, and 71 percent aren’t completely confident that their data could be restored after a loss.

So what’s causing all this downtime and loss? Hardware failure tops the list at 53 percent, followed by power loss (39 percent), software failure (38 percent), data corruption (29 percent) and user error (26 percent). In a recent InfoStor article, Guy Churchward, president of EMC Core Technologies, notes that while simple, scheduled backups are no longer enough; companies “lack confidence that data protection will be able to meet future business challenges.” Business response to this issue isn’t unexpected. Most organizations bank on multiple protection strategies to minimize the possibility of loss; after all, if one vendor is good, more must be better, right? As it turns out, however, the math isn’t so simple.

All By Myself

EMC found that without a protection vendor, companies lost 1.75 terabytes of information per year and $420,000 in downtime. Adding one vendor lowered both numbers to 1.16 terabytes and $340,000 lost. Adding a second vendor actually made things worse, bringing the number up to 1.73 terabytes and $400,000 lost over the course of a year.

Here’s where things get weird. The report found that using three or more vendors was worse than using none at all, with data loss more than doubling to 3.54 terabytes and downtime quadrupling to $1.6 million. And it gets worse, because using more vendors means spending a bigger chunk of the information technology (IT) budget. Those with one vendor spend just over 7 percent, while those with three or more vendors spend nearly 9 percent.

Data Protection

So what’s the problem? Why don’t more vendors provide greater protection? The EMC report doesn’t have the answers, but it’s possible to make educated guesses. First is the fact that multiple vendors means fractured spending. Sure, using three vendors eats up 9 percent of the IT budget, but that equates to 3 percent per vendor. In a single-provider scenario, all 7 percent is spent in one place.

Another important factor is the creation of coverage gaps. When companies use multiple vendors, it doesn’t make sense to have them all doing exactly the same thing. Instead, it’s tempting to treat these vendors like cloud services and purchase them on a need-by-need basis rather than as a complete package. The problem? Data protection isn’t a discrete issue: Hardware issues bleed into power problems, and accidental user error can cause data corruption. Assigning specific tasks to multiple vendors means something always gets missed — and it’s costly.

The takeaway when it comes to data protection vendors is that having none is bad, having two isn’t great and having three or more is even worse. According to EMC, one is the safest number.

More from

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today