Redazione RHC : 21 September 2025 11:37
Hackers are increasingly targeting backups – not systems or servers, but the data that companies retain for a limited period of time so they can recover from attacks.
A new study from Apricorn reveals alarming statistics: one in five data breaches in the UK is directly linked to compromised backups .
This indicates that attackers have learned to penetrate deeper and more precisely, precisely where companies hope to find safety in the event of a cyberattack.
In the past, backup data was considered a kind of insurance , a reliable and secure copy of critical information that could be restored in the event of a disaster. However, the dynamic is changing. While companies previously focused on protecting active IT infrastructure (workstations, clouds, routers), passive storage is now also under attack . And this isn’t just a side effect: in some cases, attacks target backups exclusively, compromising the very possibility of recovery.
According to Apricorn, 18% of companies cited backup breaches as the primary cause of an incident. This not only causes direct damage, but also a strategic disruption to business continuity : the inability to return to work without a complete reinstallation and negotiation with blackmailers.
It is particularly noteworthy that 13% of respondents admitted that their recovery infrastructure was not robust enough to quickly restore data.
Nearly a third of companies that experienced effective backup recovery were unable to restore everything: some information was lost or the process was ineffective due to poorly designed procedures .
The example of the Danish cloud company CloudNordic, which was attacked in 2023, is revealing. The attackers not only disabled the main servers but also encrypted all backups. As a result, the entire customer base was irretrievably lost and the company’s operations were effectively paralyzed . CloudNordic had antivirus software, a firewall, and a multi-layered backup strategy in place. Nevertheless, the previously compromised, vulnerable servers became the entry point.
This highlights an important point: backup is only effective when it not only exists, but is also regularly tested, physically isolated, and designed to be “invisible” to the main network.
However, Apricorn’s report also highlights some positive trends. The number of companies successfully restoring their entire infrastructure from backups has grown to 58%, up from 50% the previous year .
More and more organizations are using automated backup mechanisms: 44% are sending data to both central and private storage, compared to just 30% last year . Overall, 85% of companies have already implemented at least one element of automation.
According to John Fielding, Managing Director EMEA at Apricorn, incident management should include not only attack preparation but also preparation for complete recovery. Fielding believes that only regularly tested, complete, and securely protected backups can become a true defense tool , not just an illusion of security.
As attacks become more sophisticated, it’s becoming clear that simply having a backup isn’t enough. It must be beyond the attacker’s control, duplicated, debugged, and easily deployed in isolation . Otherwise, companies risk not only losing data but also permanently losing the ability to recover it.
Redazione