Despite cyber security breaches hitting headlines and the subsequent financial and reputational damage they can do, companies are still not doing enough to protect their data finds a new study from Beaming.

It discovered that almost a million UK businesses do not back up their company data and a further 2.8 million firms risk losing valuable information by storing electronic copies in the same location as the original data.

Beaming's survey of business leaders, undertaken by the research company Opinium, shows that while most (83 per cent) of UK firms back up their data, half save it to servers or storage devices in the same premises.

44 per cent of small businesses, 42 per cent of medium-sized firms and 34 per cent of large organisations currently store backup information in the same location as it is generated, leaving them vulnerable to data loss through theft, fire or malware attack.

17 per cent of businesses keep no data back-ups whatsoever and store information only on individual computers and employee devices.

Sole traders and micro companies employing less than 10 people are most likely to be guilty of not backing up their data.

Only a third (35 per cent) of UK businesses currently store their back-up data outside of the office with 24 per cent of small and 18 per cent of medium-sized businesses getting employees to physically take back-ups of data home on portable storage devices.  

Less than a fifth (18 per cent) of businesses currently back up their data to facilities located at least 30 miles from their own premises, the minimum distance recommended by business continuity experts to limit the IT impact of natural disasters.

Most of the companies adhering to the '30 mile rule' are using cloud-based storage services and do not know precisely where their data is held.

"Our research shows that almost four million UK businesses are vulnerable to data loss from single events and could potentially become unable to operate,” said Beaming managing director Sonia Blizzard.

“Most businesses, particularly at the smaller end, don't do enough to safeguard their information.

"The introduction of GDPR has highlighted the need for secure and resilient data storage in order to mitigate the risk of significant data loss.

“We'd encourage businesses to think seriously about private cloud or co-location services when it comes to storing highly sensitive data or mission-critical applications. These should only be accessed through the most secure forms of connectivity."