Data breaches are an unavoidable reality, growing in both sophistication and impact. For organisations, the ability to recover quickly from a breach is critical to maintaining operations and avoiding significant financial and reputational damage. Yet, new research reveals troubling gaps in backup strategies that undermine this capability. As businesses face rising threats, they must rethink their approach to backups, ensuring a more resilient and comprehensive strategy that can withstand even the most severe cyberattacks.
The backup conundrum
Recent findings from Apricorn’s annual survey indicate that while many organisations recognise the importance of backups, their practices leave much to be desired. Among IT decision-makers who experienced a breach and needed to recover data, only 50% were able to fully restore their information. A concerning 25% managed only partial recovery, and 8% failed entirely due to inadequate backup systems.
These shortcomings highlight a widespread overconfidence in existing measures. While only 9% of respondents admitted their backup systems were not robust enough for rapid recovery, this confidence is clearly misplaced given the prevalence of incomplete recoveries. This disconnect points to a critical need for businesses to reassess their backup strategies and address vulnerabilities.
Overreliance on cloud solutions
The UK Government’s Cyber Security Breaches Survey 2024 revealed that 71% of businesses rely solely on cloud service providers (CSPs) for their backups. While the cloud offers scalability and convenience, it is not immune to risks. Cloud breaches, misconfigurations, and ransomware attacks targeting CSP infrastructure can compromise vast amounts of data.
The Microsoft Azure breach, for instance, exposed vulnerabilities in cloud architecture, highlighting the potential for significant disruption when cloud services are compromised. Businesses that place all their data in one digital basket risk devastating consequences.
Organisations must diversify their backup approaches by supplementing cloud storage with offline, encrypted backups on removable devices. A portable encrypted hard drive stored securely offline provides an additional layer of defence against ransomware and other cyber threats.
The power of diversification
A robust backup strategy must avoid single points of failure. The widely endorsed “3-2-1 rule” provides a blueprint for resilience: organisations should maintain at least three copies of their data, stored on at least two different types of media, with at least one copy kept offsite. This multi-layered approach ensures that even if one backup fails, others remain accessible.
Encouragingly, Apricorn’s survey revealed progress in diversification, with 30% of respondents automating backups to both central and personal repositories, up from 19% in 2023. Automated backups reduce reliance on manual processes, ensuring critical data is saved regularly and consistently without human error.
Backup failures and cyber insurance
The importance of robust backups extends beyond recovery; they are now a key factor in cyber insurance compliance. Insurers increasingly require demonstrable backup policies as a condition for coverage. According to Apricorn, 46% of IT decision-makers recognise the link between backup strategies and cyber insurance requirements, up from 28% the previous year.
Failing to meet these requirements can leave businesses uninsured and financially exposed after a breach. Conversely, organisations with strong backup systems are better positioned to recover quickly and demonstrate to insurers their commitment to minimising risk.
A culture of preparedness
Backup strategies are only part of the equation. A broader culture of cybersecurity preparedness is essential. This includes employee training, robust access controls, and aligning backup practices with established frameworks such as the UK’s National Cyber Security Centre’s (NCSC) “10 Steps to Cyber Security.” Testing recovery processes in simulated breach scenarios can also reveal hidden vulnerabilities and enhance response readiness.
In a world of escalating cyber threats, a robust backup strategy is non-negotiable. Businesses that rely solely on the cloud or fail to test their recovery systems are gambling with their future. As breaches become more sophisticated and the stakes grow higher, organisations must invest in resilient, multi-layered backup systems to protect their data and operations.
By adopting best practices and embracing a diversified approach to backups, businesses can mitigate risks, ensure compliance with insurance requirements, and safeguard their reputation in an increasingly hostile digital landscape. Cyber resilience starts with reliable backups because when a breach happens, recovery is everything.
About the Author
Jon Fielding is the Managing Director of Apricorn in EMEA and has extensive experience in growing companies in the EMEA market. Jon is responsible for the sales & operations strategy, driving revenue growth and establishing the channel network in the region.
Jon is CISSP certified and has been focused on Information Security for the past 18 years, working with a variety of organisations from IBM to security start-ups such as Valicert and Tumbleweed.
Jon joined Apricorn from IronKey where he worked exclusively in the secure USB market having established the Ironkey office in EMEA 8 years ago as the first in the region. During his tenure, Ironkey was acquired by Imation and then by Kingston.
Jon can be reached online at linkedin.com/in/jon-fielding-290662 and at our company website www.apricorn.com
