Jon Fielding, Managing Director, EMEA at Apricorn, warns that without decentralised, offline backups organisations risk both compliance failures and crippling downtime.
Backups have long been a part of cybersecurity strategies, but with the rise in ransomware and an onslaught of data breaches, secure backup strategies have found their way back to the top of the security agenda. When implemented properly, they are a fundamental and effective pillar of cyber resilience in a world where potential breaches and attacks can never be ruled out.
This is particularly important as organisations continue to adapt to the realities of hybrid and remote work, with data management becoming more complex and fraught with risk. Regulatory pressures, data sovereignty concerns and the ongoing threat of cyber attacks are forcing businesses to rethink how they protect sensitive information. Central to this shift is the growing importance of decentralised backup strategies that align with both operational resilience and data residency requirements.
Traditionally, many organisations have leaned heavily on cloud providers to manage their data backup needs. While cloud solutions offer convenience and scalability, this over-reliance introduces significant vulnerabilities. The Government’s Cyber Security Breaches Survey 2024 revealed that 71% of businesses still rely solely on their cloud service providers for backup. This dependency is risky if administrative access is compromised or if cloud infrastructure itself is breached – the consequences can be devastating.
Decentralised backup strategies that combine cloud storage with secure, offline local backups are increasingly being recognised as best practice. This hybrid model provides an additional layer of protection, particularly for sensitive data held on portable or remote endpoints. Crucially, offline backups ensure that critical data remains safe and accessible even if the primary systems are encrypted or taken offline during an attack.
Recent Apricorn research reveals how inconsistencies in backup processes continue to expose organisations to avoidable risk. While 50% of organisations that suffered a breach were able to fully recover their data, a quarter could only partially recover, and 8% were unable to recover any data at all. This underscores the need for robust and reliable backup procedures that are regularly tested to ensure they will work as required when needed, to provide a frontline defence against both operational disruption and regulatory non-compliance.
With global regulations and various regional data sovereignty laws such as General Data Protection Regulation (GDPR) and NIS2 continuing to evolve, businesses must also be conscious of where data resides and how it is stored and retrieved. Decentralised backup systems help organisations remain compliant by allowing them to retain control over the geographic location of their data and ensure that it can be recovered following local legislative requirements.
One of the most effective strategies in this space is the 3-2-1 rule. This principle advises that organisations should keep at least three copies of their data, stored on at least two different types of media, with at least one copy stored offsite and offline. By implementing this rule, businesses significantly reduce the likelihood of a single point of failure. A removable encrypted hard drive, for example, offers an ideal offline backup solution, isolated from networks and safe from remote attacks.
Encouragingly, more businesses are beginning to automate their backup processes. Apricorn’s survey also found that 30% of IT leaders now use automated systems to store data in both central and personal repositories, up from 19% in the previous year. This trend reflects growing awareness of the risks associated with manual backups, which are prone to human error and can be easily overlooked in busy or decentralised environments.
Similarly, automation is being applied more broadly. 27% of organisations now automate backup to central repositories, and 16% to personal repositories, both significant increases on last year’s figures. This diversification of backup methods, including the use of both local and cloud storage, represents a significant step forward in securing organisational data across increasingly distributed workforces.
There are also broader business considerations. As insurance providers raise the bar for cyber insurance compliance, robust backup policies are becoming a non-negotiable requirement. According to Apricorn’s research, 46% of IT decision makers now see their backup strategy as a critical element of insurance eligibility, up from 28% the previous year. Insurers increasingly demand demonstrable backup and recovery protocols before offering cover, and any gaps in these systems may result in the denial of claims or even the refusal of coverage altogether.
It is essential that organisations implement and regularly test a decentralised backup strategy that includes not only automating processes but also ensuring diversity in storage types and locations. By embracing a decentralised backup approach, organisations can improve their resilience, ensure regulatory compliance, and recover swiftly from the unexpected, whether it be a cyber attack, system failure, or human error. The goal is to protect sensitive data, wherever it resides, and maintain business continuity.
