Back up today. Bounce back tomorrow.
On 31 March every year, since 2011, World Backup Day has been providing an important annual reminder to backup and protect your data. Backing up is critically important for every business. Backups are your failsafe against system crashes and hardware failures, and against all types of cyber attacks, including ransomware.
Do backups really still matter?
Yes! Insurer QBE recently warned that the number of publicly announced ransomware attacks is set to rise by 40% in 2026 [1]. So it couldn’t be clearer that backups are as relevant as they’ve ever been. And, if you were affected by a cyber attack, they could make the difference between a controlled recovery and prolonged disruption.
Backups help to:
- Ensure continuity - by reducing business interruption
- Avoid paying ransoms - paying up can introduce legal and compliance complications
- Avoid losing critical data - by backing up regularly, you can minimise data loss when restoring from a backup
- Reduce financial and operational impact - organisations that maintain offline backups reduce recovery costs on average compared to those that pay ransom demands. [2]
But I already have backups
That’s great. But when you really need them, are you confident you’ll be able to use them?
Let’s talk about some principles that underpin good backups that maximise your chances of recovery.
Scoping your backups
First, you need to identify your business critical data. This is the information your organisation couldn’t function without, and it will be different for every organisation.
You should also evaluate how frequently this important data changes across your organisation. Understanding your data turnover will help you define an appropriate backup schedule. If you’re processing or storing high volumes of critical data every day, consider whether more frequent backups are required.
Location, location, location
You may have heard of the oft-quoted 3-2-1 rule for backing up. It states that you should have at least 3 copies of your data, on at least 2 devices, and keep at least one of these offsite. This approach scales effectively, but needs to be combined with using offline backups for peace of mind.
An offline backup, also known as a cold backup, will almost certainly remain unaffected if any incident impacts your environment. It should only connect to live systems when you absolutely need it to. And you should never have all your backups connected at any one time. This helps ensure that at least one backup will be offline and protected from compromise. It also ensures physical separation from the live environment.
Guaranteeing success
Many ransomware actors will actively seek out and delete your backups, preventing or slowing your recovery. So make sure your backups are resilient to destructive actions. Many backup solutions now offer immutability or write once, read many (WORM) storage, so backups cannot be modified, deleted, or encrypted for a specified period of time. Previous versions should also be kept, in case your latest backup version becomes corrupted.
Additional authorisation such as multifactor authentication (MFA) should be required for access to the backups and for any significant changes to backup configuration, with logging enabled wherever possible.
Finally, we recommend limiting access to backups to only the few that need it. The principle of least privilege (POLP) should apply to every resource in your organisation, but especially backups!
Testing the plan
A backup is not truly a backup unless it’s been tested. It might prove to be inaccessible, corrupted, outdated, or just difficult to restore from when you need it most.
Incident response scenarios can also be highly stressful. Testing your backups on a regular basis can save you a lot of time and hassle. So, if you haven’t already, create an incident response plan that includes a process for backup restoration, and processes for any ‘what if’ scenarios, for example: what happens if your backups proves to be unusable. Discuss this plan with your key stakeholders to make sure it includes all relevant information and everyone understands what they need to do now and in the event of an incident.
References
https://www.totalassure.com/blog/average-cost-ransomware-attack-2025
https://www.ncsc.gov.uk/blog-post/offline-backups-in-an-online-world
