A third of UK firms unable to fully recover data from backups
A new survey has found that almost a third of organisations in the UK are unable to fully recover their data following a backup, raising concerns about the resilience of current recovery strategies.
The survey, conducted among 200 IT security decision makers, revealed that 31 per cent of organisations that have relied on backups for data retrieval were unable to recover all of their data and documents, or failed entirely due to inadequate processes. While 58 per cent reported being able to recover everything - a slight rise from 50 per cent in 2024 - the frequency with which organisations have had to turn to backups highlights the persistent challenges facing recovery systems.
The report also outlined the broader threat environment, with 61 per cent of those surveyed saying their organisation expects remote or mobile workers to increase the risk of data breaches. Additionally, 46 per cent reported that employees had knowingly put corporate data at risk within the past year.
"It is concerning that nearly a third of organisations cannot fully recover from a backup," said Jon Fielding, Managing Director, EMEA, Apricorn. "Backups are the safety net, but if the net is full of holes, you are still going to hit the ground hard. Recovery is critical in a breach scenario. We all know that breaches are almost inevitable, so being able to recover from a breach should be as high on the boardroom agenda as being able to prepare for one. Full recovery is only possible when backups are both comprehensive and regularly tested."
The survey found that 13 per cent of respondents did not have robust enough backup systems to enable rapid recovery from an incident, leaving them vulnerable in the event of a breach or loss. The threat to backups themselves is also growing, with 18 per cent citing attacks on their backup systems as the main cause of a data breach - a risk measured for the first time in this year's survey. The results underscore the need to secure backup repositories just as rigorously as primary data stores.
"These findings are a wake-up call," Fielding added. "Businesses are recognising the need for multiple, secure, and automated backups, but the sophistication of attacks means backup resilience must be treated as a core element of cyber defence. A backup that cannot withstand attack or deliver complete restoration is not fit for purpose."
The research highlighted encouraging trends in backup automation. Forty-four per cent of organisations now use automated backups to both a central and a personal repository, compared with 30 per cent last year. This shift indicates a broader uptake of the 3-2-1 backup rule, which calls for at least three copies of data on two different types of media, with one copy stored offsite. According to the report, an offline, encrypted backup is considered the most secure option for data protection. In total, 85 per cent of respondents are now utilising some form of automated backup process, whether in a central location, personal storage, or a combination of both.
"Implementing automation removes the need for human intervention, reducing risk and ensuring secure backup of data," added Fielding. "Our own research and that of others consistently shows that forgetting to back up, or doing it incorrectly, is one of the most common causes of failed recovery. Automated processes enforce discipline and consistency, which is vital when the stakes are this high."
The survey was carried out by Censuswide and covered UK-based IT security decision makers in late May 2025. The organisation abides by the Market Research Society code of conduct and is a member of the British Polling Council.
