Only one out of 10 organizations are considered ‘ahead of the curve’ in data maturity, according to a recent Vanson Bourne Global Data Protection Index, sponsored by EMC. These organizations use offsite archiving applications or retention policies, in addition to backing up data with de-duplication, offsite replication or disaster-tolerant replication.

Researchers interviewed 2,200 IT decision makers.

The U.S. is ranked 14 out of 18 countries when it comes to data maturity, with only 8 percent of its businesses ‘ahead of the curve,’ the study found. One of the biggest trouble areas? More than 56 percent of organizations keep the IT environment on premise, and only 29 percent use a public cloud.

The best way to protect data is to keep it off site, said Dave Dimond, chief technology officer at EMC's global healthcare business. But only about 27 percent of respondents indicated they would use backups for data protection, and only 20 percent indicated it would be easier to achieve backup and service-level agreements for disaster recovery.

Another issue hindering data maturity is funding, Dimond added.. “Security has been a lower line on the budget.”

“We believe that a detailed plan is where you start,” Dimond explained. “It doesn’t have to be just one vendor, but the solution starts with establishing new key metrics and recognizing the cyber threats.”

“It’s also about an awareness that you need an objective,” he added. “To understand cyberattacks, organizations must start to look at the ways it’s currently protected and consider what it takes to create your vault. It starts as a project from the top down.”

With cybercriminals targeting healthcare, organizations need to get smart about their data policies and protection methods.

On average, the respondents lost a total of 2.36 TB of data last year; the loss increased when using multiple data protection vendors. In fact, those respondents with four or more vendors lost 5.47 TB of data last year, costing the organizations more than $900,000 on average. The cost of a system downtime is $555,000 on average, with a downtime of 22 hours each incident.

Ransomware is also increasing the need for organizations to modernize their  stance on security.

“Hackers and ransomware criminals are trying to hunt down healthcare information because it’s so much more valuable now than even financial data,” said Roberta Katz, director of EMC Healthcare-Life Sciences Solutions. “You need a total recovery strategy.”

Organizations need to consider three-layered protection, Dimond explained. “You need to assume the threat is in the system and has been evolving.”

One of the biggest steps to data maturity is the creation of a data vault, which is protected by what Dimond called an ‘air gap,’ or a space between the main system and backup that opens to synchronize the data and closes immediately, resulting in an isolated environment.

Healthcare organizations need to continually evolve traditional data protection, Dimond said. They must “harden the first layer” of protection with a separate security team in place and a “lock and key” to recover data.