Why IT Leaders Must Rethink Backup in the Age of Ransomware

Why IT Leaders Must Rethink Backup in the Age of Ransomware

With IT outages and disruptions escalating, IT teams are shifting their focus beyond simply backing up data to maintaining operations during an incident. One of the key drivers behind this shift is the growing threat of ransomware, which continues to evolve in both frequency and complexity. Ransomware-as-a-Service (RaaS) platforms have made it possible for even inexperienced threat actors with less or no technical expertise to launch large-scale, damaging attacks. And these attacks don’t just encrypt data now. They exfiltrate sensitive information for double and triple extortion, alter or delete backups, and disable recovery infrastructure to block restoration efforts.

This is especially critical for small and midsize businesses (SMBs), which are increasingly targeted due to their leaner defenses. For an SMB generating $10 million in annual revenue, even a single day of downtime can cost $55,076, without factoring in the long-term impact on customer trust and brand reputation. While also considering the mounting pressure to meet compliance mandates, tightening regulations in sectors like finance and healthcare, and the evolving standards set by cyber insurance providers, it’s no longer enough to simply back up critical data. Organizations need a cyber resilience strategy that enables them to maintain operations even during major disruptions.

Let’s examine where traditional backup strategies fall short and how SMBs can build true cyber resilience to keep their businesses running when it matters most.

Why traditional backups are necessary but no longer sufficient

For years, backup strategies have followed a familiar playbook: periodic snapshots of critical systems, defined recovery time objectives (RTO) and recovery point objectives (RPO), off-site replication and an occasional test restore. It’s a setup that’s served many IT teams well — after all, if restoring a lost file worked the last time, why wouldn’t it work again?

However, here’s the problem: that thinking is rooted in a time when failures were usually accidental — caused by hardware faults, human error or software issues. It doesn’t account for today’s reality: targeted, persistent cyberattacks that are designed specifically to destroy your ability to recover.

Attackers now routinely wipe or corrupt local backups, compromise admin credentials to gain control of backup systems and disable recovery infrastructure entirely. Many use double and triple extortion tactics, encrypting data, exfiltrating it and threatening to leak it publicly. Worse, the risk doesn’t stop within your own perimeter.

Many ransomware campaigns now target supply chains to disrupt multiple organizations at once. As an IT leader, it’s essential to recognize the operational risks introduced by third-party vendors in your supply chain. Consider asking:

  • How you plan to extend cyber resilience expectations to vendors and partners
  • What contractual clauses (such as HITRUST in healthcare) actually give you confidence in their backup and disaster recovery readiness

Frame the situation in terms of risk appetite.

  • Would your board tolerate a scenario where your backups were encrypted by ransomware? Ask the hard questions:
  • Are we willing to accept a three-day infrastructure rebuild just to restore from legacy backups?
  • Are we comfortable with a recovery that could take weeks, risking data loss due to untested systems?
  • Can we prove to auditors — and cyber insurers — that we can restore operations within the documented window?

If the answer is “no” to any of these, then it’s time to rethink your approach to business continuity and resilience.

What is cyber resilience & why it’s a strategic shift

Backup focuses on copying data and restoring it later. However, cyber resilience goes one step further and keeps your business running even during an attack.

A resilient cyber posture integrates:

  • Immutable backups that are stored off-site in the cloud. These backups can’t be modified or deleted by ransomware, unlike local systems that may be compromised if admin credentials are breached.
  • Automated, verified recovery testing to ensure your systems can actually restore under pressure. An untested backup is only a theory, not a plan.
  • Orchestrated recovery playbooks that rebuild entire services and applications, not just files. Solutions like Disaster Recovery-as-a-Service (DRaaS) help streamline this, enabling faster, more reliable business service restoration.
Why IT Leaders Must Rethink Backup in the Age of Ransomware
Fig 1: Why cyber resilience is important for IT

Before taking a decision, also consider the budget vs. risk conversation: What costs your organization more — a week-long outage that stalls production, delays payroll or halts customer transactions, or investing in tooling that prevents it entirely?

Cyber resilience reduces both the likelihood of severe disruption and the impact when it occurs. Insurance may cover losses after the fact, but resilience ensures the business can still operate while the threat unfolds.

How to build a resilience-first strategy that protects your business operations

Achieving cyber resilience demands a framework that connects IT readiness with business continuity. Here’s how IT leaders can start building a resilience-first posture that aligns with operational priorities and board-level expectations:

1. Start with a business impact lens

Begin with a business impact analysis (BIA) to map IT systems to the functions they support. Not every system carries the same weight, but your enterprise resource planning (ERP), customer relationship management (CRM), e-commerce platforms and scheduling systems might be mission-critical. Identify:

  • Which systems are essential to revenue and service delivery?
  • What is the financial and reputational cost of each hour of downtime?

This isn’t just about RTO and RPO; it’s about knowing which business services must stay online to prevent cascading disruptions.

2. Layer defenses around critical recovery infrastructure

Your backup and recovery systems must be protected like production workloads — or better.

  • Enforce multifactor authentication (MFA) and use separate admin credentials for backup consoles.
  • Choose solutions that can detect ransomware activity early within backup environments.
  • Implement immutable backups and store them off-site, in the cloud, to reduce risk from both ransomware and physical threats.
  • Monitor logs and alerts for abnormal behavior. Early visibility buys valuable time during a breach.

3. Automate backup verification and testing

A backup that hasn’t been tested is unreliable. Confidence in your recovery plan should come from proof, not assumptions. Automate verification to ensure the recoverability of not just files but also full application-level services.

Incorporate:

  • Automated backup testing to validate integrity.
  • Orchestrated DR runbook testing to simulate full recovery workflows.

4. Develop and document recovery playbooks

Your recovery strategy should be step-by-step, clear and role-specific.

  • Define who restores what, in what order and where.
  • Include guidance for reconnecting staff to systems and resuming operations.
  • Train non-technical teams to respond appropriately.

For example, if your retail POS goes down, how do store teams inform customers and process orders without eroding trust? Don’t overlook crisis communications. Prepare your PR and leadership teams with clear internal and external messaging protocols. Silence and confusion create lasting damage.

Pro tip: Prepare a board-level resilience scorecard

IT leaders should be ready to brief executives with metrics that matter. Create a one-page resilience scorecard that includes:

  • Recovery time estimates for key systems.
  • Dates of last successful recovery tests.
  • Evidence of test results and improvements.

This becomes your conversation starter with board members, compliance auditors and cyber insurers — turning technical readiness into strategic credibility.

Insurance and audit readiness: Turning resilience into ROI

Cyber resilience is a key lever in managing financial risk. Today’s insurers and auditors demand clear evidence of preparedness before offering coverage or approving claims.

Expect questions like:

  • Do you have immutable backups?
  • How often are restores tested — with proof?
  • Is backup infrastructure segmented from production?
  • Are cloud systems backed up independently?
  • What are your actual RTOs and RPOs?
Why IT Leaders Must Rethink Backup in the Age of Ransomware
Fig 2: Example of a questionnaire in a cyber insurance application form

Being able to show documented proof — like logs, test reports, coverage maps or screenshots — can help reduce premiums and ensure claims align with your policy terms.

This is also a strategic conversation with your CFO: “Investments in resilience don’t just mitigate risk; they protect our ability to recover financially and unlock insurance value.”

How modern platforms like Datto power the resilience stack

Building a resilience-first posture doesn’t have to mean stitching together multiple tools. Datto offers a unified platform that simplifies the complexity of resilience while strengthening your overall cybersecurity posture.

With Datto, IT teams gain:

  • A single platform for managing local, cloud and immutable backups, reducing tool sprawl and improving operational efficiency.
  • Automated backup verification and orchestrated recovery playbooks, ensuring every critical system is tested and recoverable, not just assumed to be.
  • Clear, audit-ready reporting that proves compliance to boards, regulators and insurers — without manual effort or scrambling during an incident.

For IT, this translates into fewer vendors to manage, greater confidence in recovery readiness and full transparency when it’s time to report resilience posture to executive stakeholders.

Rethink backup as a core layer of your resilience

Cyber resilience is no longer just a technical initiative. It is a business-critical strategy that ensures your organization can function even while under attack. Now is the time to assess your resilience posture — identify gaps in immutability, testing and documented recovery. Know where you stand before disruption tests it for you.

If you’re unsure where to begin, Datto can help. With Datto, cyber resilience isn’t just within reach; it’s simplified, scalable and built to deliver clear operational and financial value.

Get pricing details for your environment and take the first step toward a resilient future.

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.





Source link