World Backup Day 2025: Prioritising data protection

With the 15th annual World Backup Day being this year, it serves as a reminder that data backups and disaster recovery strategies are more critical than ever. The last 15 years have seenthe scale and complexity of data grow, and both the number and sophistication of cyberthreats have grown with it. The UK Gov Cyber security breaches survey revealed that 50% of UK businesses reported a cyber-attack last year – a statistic that becomes even more disconcerting given the fact that 21% of people have never made a backup.

In today’s digital world, where downtime can result in significant financial and reputational damage, reliable backup processes have become the key to business continuity. These systems not only ensure that businesses can efficiently recover from disruptions (whether that be cyberattacks, natural disasters, or human error) but also help to minimise the impact of any lost data. As technology continues to evolve, it’s essential that organisations continue to refine their backup strategies and invest in resilient, secure solutions that can protect their most valuable asset: their data.

One reason that organisations may shy from backups is due to the rising challenge of managing data. Glenn Akester, Technology & Innovation Director at Node4, highlights that data is now dispersed across multiple platforms including cloud environments, SaaS solutions, and even physical on-site servers. This makes it increasingly difficult for businesses to stay on top of and manage their backups effectively. “With so much data generated, knowing what to back up, how often, and for how long is vital for both cost control and compliance”, he says.

Akester adds that: “This challenge is only set to grow as more organisations embrace AI and in doing so, create and process even more data. Intensifying data requirements and necessitating efficient organisation, classification, and storage, businesses will need to refine their backup strategies, deciding which data to store, how often, and in which mediums.” To stay ahead, companies must rely on automation and orchestration to handle the growing scale of their backup and restore operations while ensuring their strategies remain aligned with future business needs.

Despite many organisations choosing to implement this automated approach, there is still an ongoing debate for agent-based versus agentless backup methods. In recent years, agentless backup has become the preferred option, as it eliminates the need to install software on each virtual server. “It’s become the norm”, says Bruce Kornfeld, Chief Product Officer at StorMagic, explaining that “with more complex environments than ever before, having agents on each virtual machine (VM) can add administrative overhead to an IT department.”

However, recent changes in the virtualisation landscape are actually shifting this trend. Many organisations are re-evaluating their reliance on major hypervisor providers (such as VMware) and are looking for more cost-effective alternatives. In doing so, they often turn back to agent-based backup. “They simply shift to an agent-based approach,” explaisn Kornfeld. “This is how backup has been done for decades and, crucially, will work with any hypervisor.” With all major backup providers offering agent-based solutions that deliver the same results as agentless at the same cost, businesses may find this a more viable and flexible alternative.

Ultimately, the importance of backups cannot and must not be overlooked. Businesses now rely so heavily on data, that it has become impossible to operate without it, and it therefore needs to be stored securely. In the event of a crisis (such as a cyberattack or natural disaster), having a backup of these data stores in a secure, safe and recoverable location is essential to ensure business continuity. Bob Fine, Quantum Senior Analyst Relations Manager, at the LTO Program, explains that “the longer it takes to restore the backup, the greater the consequences, including both financial and reputational losses.”

Fine argues that: “The best protection that businesses can give their backups is to keep at least two copies, one offline and the other offsite. By keeping one offline, an airgap is created between the backup and the rest of the IT environment. Should a business be the victim of a cyberattack, the threat physically cannot spread into the backup as there’s no connection to enable this daisy-chain effect. By keeping another copy offsite, businesses can prevent the backup suffering due to the same disaster (such as flooding or wildfires) as the main office.”

Darren Thomson, Field CTO EMEAI at Commvault goes further, explaining that best practise goes beyond storing the backups. “The challenge facing backups in 2025 is how to stop bad actors from infiltrating them,” he outlines. “Having realised the benefits of planting malware into backup copies, cybercriminals trick organisations into a vicious cycle of restoring the virus, making it nearly impossible to recover after an attack.” He adds: “In today’s always-on, digital world, organisations can’t afford the downtime that it takes to get out of the traps that cybercriminals lure them into. As such, the concept of having a minimum viable company is gaining popularity – the ability to maintain essential operations and services even in the aftermath of a cyberattack. Traditional reliance on backups is not enough to maintain a minimum viable company. The focus should now be on ensuring clean recovery.”

“Threat scanning technology gives organisations the confidence that, should the worst happenand their backups are needed, that they are clean and reliable. In addition to clean backups, organisations must have the ability to recover critical systems into a secure, malware-free environment. Cloud-based cleanrooms make this possible, providing a secure environment that can be spun up and down as needed for testing and recovery, at a minimal cost. This involves traditional data recovery but also the rebuilding of cloud applications – often the most time-consuming task when it comes to recovering from an attack.”

It’s clear that it’s no longer enough to have a backup – businesses need the right backup strategy if they are to build resilience. LTO Program’s Fine notes that “with research finding that a company falls victim to a ransomware attack every 14 seconds, and the UN Framework Convention on Climate Change reporting that the number of disasters has increased by a factor of five over a 50-year period, ensuring that your company has the right backup measures in place is a fundamental requirement of a successful business in 2025.”

Finally, Darren Thomson concludes that: “Backups remain crucial for a quick recovery, but they are no longer as effective on their own as they once were. But, paired with advanced technology to ensure their integrity and a secure environment to recover into, organisations have all the ingredients to achieve true cyber resilience.”