Cybercriminals are increasingly targeting the one place many organizations assumed would be sacrosanct: backups. New survey data and high-profile incidents show attackers are no longer content to ransack production systems — they want the backups too, because destroying or encrypting those copies turns an outage into a catastrophe.
Survey Reveals Backup Attacks are Rising
A recent Apricorn survey of UK IT security decision-makers found that roughly one in five organizations (about 18%) say attacks on backups were the principal cause of a data breach at their firm. That figure underlines a worrying trend: adversaries are shifting from opportunistic theft to strategic disruption, deliberately undermining recovery capabilities so businesses cannot simply revert to clean copies.
The finding arrives against a broader backdrop of poor cyber hygiene globally. The Business Digital Index recently flagged that 63% of firms worldwide earned a D or worse for digital preparedness, with 40% scoring an outright failing F and only 11% achieving an A. Those weak foundations make backup systems attractive targets: if attackers can affect backups, they can amplify the damage far beyond the initial intrusion.
Data Recovery Stats Reflect Process Gaps
The Apricorn data also exposes painful recovery shortfalls. Only 58% of organizations reported they were able to fully restore from backups — a modest improvement from 50% the prior year. Conversely, roughly 31% of companies that have attempted recovery said they could not complete a full restoration, either recovering only partial datasets or failing entirely because recovery processes were inadequate. Thirteen percent admitted they lack robust systems for rapid recovery.
“Breaches are almost inevitable, so being able to recover from a breach should be as high on the boardroom agenda as preparing for one,” said Jon Fielding, Managing Director, EMEA, Apricorn. “Full recovery is only possible when backups are both comprehensive and regularly tested.” In plain language: if you never practice recovery, your backups are pretty paperweights.
Real-World Example: CloudNordic Ransomware Incident
The danger is not theoretical. In 2023, Danish cloud provider CloudNordic experienced a devastating attack in which threat actors encrypted all disks — primary storage and secondary backups alike. Despite firewalls, antivirus software, and multiple backup layers, the company lost most customer data and halted operations. Investigators concluded that previously compromised servers and inadequate isolation allowed attackers to reach backup resources, proving that layered defenses must be combined with strong segregation and immutable backup strategies.
Encouraging Signs and Automation Gains
Not all news is bleak. The Apricorn survey shows progress: 44% of organizations now use automated backups to both a central repository and personal or local stores, up from 30% the year before, and 85% of respondents reported using some form of automation overall. Automation reduces human error and shrinks backup windows, but automation without verification can give teams a false sense of security. The real win is automated backups plus routine restore testing and immutable snapshots.
Practical Steps to Harden Backups
Security leaders should assume compromise will happen and design backups to survive it. Recommended controls include immutable backup storage, air-gapped or offline backups, strong access controls and separate credentials for backup systems, encryption of backup data at rest and in transit, least-privilege access for backup admins, and regular, documented recovery drills that involve realistic scenarios and stakeholders.
Why Boards Should Pay Attention
Backups are no longer a passive insurance policy — they are an active battleground. When attackers strike backups, they convert an incident into a crisis that threatens continuity, customer trust, and revenue. Boards and senior executives need to move recovery readiness from IT checklists to strategic priorities: invest in robust backup architecture, mandate cadence for restore testing, and require clear recovery-time objectives. In the evolving game of cyber offense and defense, the company that treats backups as an afterthought will be the one left rebuilding from the ashes.
