DataCentreNews UK - Specialist news for cloud & data centre decision-makers
United Kingdom
Flux result 36a44f70 faca 434d 90f6 14c8f844fd54
#
Data Protection
#
DR
#
Ransomware

Backup plans still leave gaps in recovery readiness

Tue, 31st Mar 2026
Author image
By Mark Tarre, News Chief

Backup has long been treated as a routine safeguard. That view no longer holds in environments shaped by cloud services, AI workloads, hybrid infrastructure and dispersed endpoint data. The harder question for organisations now is not whether copies of data exist, but whether critical systems and information can be restored in a way that protects operations, customers and revenue.

Two themes keep surfacing in current discussions around resilience. One is that data governance now sits close to the centre of digital performance. The other is that backup without recovery discipline offers limited protection when systems fail or are attacked. Together, those points show why resilience has shifted from a technical support task to an operational requirement.

Data risks

As organisations expand digital services and introduce more AI tools into everyday operations, dependence on accessible and reliable data keeps rising. Data loss, poor data quality and inaccessibility can all disrupt service delivery and stall decision-making. That creates a direct link between governance standards and business resilience.

Bernadette Wightman argues that weak backup practices still persist even as environments become more complex. Her view is that many businesses continue to rely on outdated habits, where backup settings are put in place and then left largely unchecked until an incident exposes the weakness. That approach becomes harder to defend when data is spread across cloud platforms, endpoint devices and hybrid systems.

"Effective data governance underpins digital resilience. As UK organisations expand digital services and integrate AI into day-to-day operations, the risks tied to data loss, inaccessibility and poor data quality increase. Without reliable access to trusted data, organisations cannot scale innovation or maintain competitive performance," said Bernadette Wightman, UK & Ireland CEO, Iron Mountain.

That argument points to a wider issue. AI deployment raises the value of timely and accurate data, though it also raises the cost of failure. Systems built on incomplete, inaccessible or corrupted information do not only slow down. They can produce poor outputs, affect compliance processes and weaken confidence in digital programmes that depend on them.

Legacy habits

A common weakness in many organisations is the assumption that backup completion equals resilience. That assumption can survive for years until a ransomware event, storage failure or accidental deletion turns recovery into an urgent test. At that point, a business learns whether backup processes were built for restoration or only for routine administration.

"World Backup Day is a reminder that data resilience is only as strong as an organisation's ability to recover. A recent UK report noted that nearly one-third of security leaders admit to insufficiently robust backup processes, yet many UK organisations are still operating with a legacy mindset. Backup processes are configured, scheduled and largely ignored until something goes wrong. This 'set-and-forget' approach creates a false sense of security, leaving businesses exposed at the point they are most vulnerable. The challenge is heightened by the complexity of modern data environments. Data now sits across cloud platforms, endpoint devices and hybrid infrastructures, making it harder to protect consistently," said Wightman.

Iron Mountain's broader position is that stronger resilience depends on three practical steps. The first is data classification, so organisations can distinguish critical information from lower-value material and match protection levels to business importance. The second is automation supported by routine validation, including recovery drills and integrity checks that confirm whether data can be restored within acceptable timeframes. The third is direct alignment between backup strategy and business continuity goals, so recovery priorities reflect operational needs rather than only technical preferences.

That framing matters because backup volume alone says little about readiness. A large archive of protected data may still prove difficult to restore quickly if dependencies are unclear, ownership is diffuse or recovery targets have not been tested against live business requirements.

Recovery gap

Jon Fielding places the focus more squarely on the difference between backup and recovery. His position is that many organisations still confuse the existence of duplicate data with a workable recovery capability. In practice, those are separate questions.

"World Backup Day is a useful reminder to have a backup plan, but backups alone aren't enough. For that plan to be effective, organisations also need a recovery plan, and that's where many strategies fall short. Too often, having multiple copies of data is treated as the end goal, without considering how those copies are accessed, stored, and ultimately restored. The reality is that backups are now part of the attack surface. If they're always connected, poorly segmented, or inconsistently managed across endpoints, they can be compromised just as easily as primary systems, leaving organisations with data they can't reliably recover," said Jon Fielding, Managing Director, EMEA Apricorn.

That reading reflects how the threat landscape has changed. Backup repositories can now be targeted alongside production systems. If connected storage, endpoint copies or portable media sit inside the same poorly controlled environment, the fallback position may fail at the same time as the main system. A backup asset that cannot be isolated, trusted or restored at speed offers little operational comfort.

Distributed data

Fielding also points to the growth of data outside central oversight. Remote devices, portable storage and dispersed work environments can create uncertainty about where data resides and who is responsible for protecting it. In those conditions, a backup policy can exist on paper while actual recovery capability remains fragmented.

"Data is no longer centralised but spread across remote devices, work environments, and portable storage that often sits outside of formal IT oversight, creating gaps not just in protection, but in recoverability. Without clear policies around how data moves, where it's stored, and who is responsible for securing it at each stage, organisations may believe they have a backup plan in place, but lack a recovery plan that will actually work when needed. Organisations that pair backup planning with disciplined, tested recovery planning will be the ones that can restore operations with confidence when something goes wrong," said Fielding.

Related stories
Hitachi Vantara flags AI data centre energy squeeze
Exclusive: Google Cloud accelerates shift to agentic data
Datadog launches GPU Monitoring to cut AI compute costs
Google unveils Virgo Network for next-gen AI workloads
Google Cloud expands AI infrastructure with new chips

Top stories

Coalition launches standards for greener AI data centres
Tata Steel expands Google Cloud AI across global operations
CrowdStrike expands Google Cloud security & wins award
Western Digital details sustainability gains amid AI demand
Google updates Media CDN for live streaming at scale