backup storage and data recovery

Why Backups Are Your Last Line of Defence After a Cyber Attack

Backup & Disaster Recovery · Irish SME Guide

Why a working, tested backup is the single factor that decides whether your business survives a ransomware attack, and the gaps that catch most Irish organisations out.

In our previous post, Your Business Just Got Hit by a Cyber Attack. Here’s Exactly What to Do, we walked through the immediate steps to take when an incident strikes. This post picks up where that one left off. Because while knowing how to respond matters enormously, what ultimately determines whether your business survives a cyber attack is simpler than most organisations realise: did you have a working backup that ransomware could not reach?

Every cyber incident response plan eventually arrives at the same question. Can we restore from backup? And for too many Irish businesses, the honest answer is: we’re not sure.

That uncertainty is not a minor operational detail. It is the difference between recovering in hours and rebuilding from nothing over weeks, or not recovering at all.

The Numbers That Should Concern Every Irish Business Owner

Ransomware is the dominant threat driving the conversation about backups, and the most recent primary research leaves no room for ambiguity about its scale.

44%
of all breaches involved ransomware in 2025, up from 32% the year before
88%
of SMB breaches involved ransomware, vs 39% for large organisations
54%
of ransomware victims recovered via backups, the lowest rate in six years
<50%
of Irish firms automatically back up their data

Sources: Verizon DBIR 2025; Sophos State of Ransomware 2025; Irish Times / Datapac-TechCentral survey, September 2025.

Important nuance

The decline in backup-based recovery does not mean backups have become less important. It reflects a shift in attacker behaviour. In 2025, attackers increasingly exfiltrated data before encrypting it, then threatened to publish it even if a victim restored from backup. This is called double extortion. Backups solve the encryption problem. They do not undo data theft. That is why strong backups must run alongside other controls, not replace them.

What Tested, Air-Gapped or Immutable Actually Means

NCSC Ireland’s backup resilience guidance identifies three properties that make a backup genuinely useful after a ransomware attack.

Critical

Air-gapped

Physically and logically separated from the live network. Attackers cannot reach it over the internet or a compromised internal network. Ransomware cannot encrypt what it cannot access.

Critical

Immutable

Written once and then locked. Cannot be altered, overwritten, or deleted, even by an administrator or automated process. Even if ransomware reaches the destination, it cannot encrypt the stored copies.

High

Regularly tested

Restoration is actively rehearsed, not assumed, with results documented. 38% of organisations that paid more than the initial ransom cited backup failure as a contributing factor (Sophos 2025).

NCSC Ireland recommends maintaining at least three copies of data on two different storage media, with one copy kept offline and offsite, the 3-2-1 rule, which remains the baseline standard for resilient backup architecture.

NIS2 compliance note

Under the NIS2 Directive, transposed into Irish law, organisations in scope must implement backup policies as part of their business continuity and incident recovery obligations. Inadequate backup controls are a measurable compliance gap, not simply an operational risk. If your organisation operates in a sector covered by NIS2 and cannot demonstrate tested backup and recovery procedures, that is an exposure on both operational and regulatory grounds.

The Assumption That Has Cost Irish Businesses Dearly: Cloud Is Not a Backup

One of the most consistent patterns Newtec Services encounters is what we call the cloud assumption: the belief that because data lives in the cloud, it is automatically protected. It is not.

Case from the helpdesk

As we documented in our September 2025 post, Backups Aren’t Optional: Tales from the Frontline at Newtec Services, the Newtec Helpdesk regularly receives calls from businesses in this exact situation. One firm of solicitors contacted us after a PC crash, believing their practice management software was cloud-hosted. It was not. It lived on the local hard drive. No backup existed. Critical client data was unrecoverable without specialist intervention.

Microsoft 365 and Google Workspace

Both platforms operate on a shared responsibility model. Microsoft and Google are responsible for infrastructure uptime. You are responsible for your data. Default retention policies in Microsoft 365 typically hold deleted items for 30 to 93 days depending on configuration, after which data is permanently purged. A ransomware attack or malicious deletion that is not caught within that window leaves no recovery path without a separate third-party backup.

CRM, ERP and SaaS Platforms

Businesses increasingly run core operations on cloud-based CRM, ERP, and project management tools. Whether these platforms maintain your data long-term, provide restorable backups, or can recover from a deletion event depends entirely on each vendor’s terms. Most do not provide granular data recovery as a standard feature. You need to read the contract and verify what “backup” means in practice for every cloud platform your business relies on.

Cloud Sync Is Not a Backup

OneDrive, SharePoint sync, and Google Drive file streaming synchronise changes in near real-time. If ransomware encrypts files on a synced device, those encrypted versions propagate to the cloud almost immediately. Version history provides a limited rollback window, but it is not a substitute for a properly configured, tested backup solution.

A Backup Resilience Checklist for Irish Businesses

Use this checklist to assess your current backup posture against the gaps most commonly exploited in ransomware attacks.

  • On-premises servers are backed up automatically and on a defined schedule
  • Individual workstations and laptops are included in the backup scope, not just servers
  • At least one backup copy is stored offline or air-gapped, unreachable from the live network
  • At least one backup copy uses immutable storage that cannot be overwritten or deleted
  • Cloud platforms (Microsoft 365, Google Workspace, CRM, ERP) are covered by a separate third-party backup solution
  • Backup restoration has been tested within the last six months and results are documented
  • Recovery Time Objective (RTO) and Recovery Point Objective (RPO) have been defined for critical systems
  • The backup solution is monitored, failures and gaps trigger alerts, not just silent logs
  • Backup access credentials are stored separately from production systems and protected with MFA
  • You know where all business-critical data lives, on-premises, cloud, or both

If more than two items on this list are currently unclear or unconfirmed, your backup posture has measurable gaps. That is a starting point, not a verdict.

How Newtec Services Can Help

Newtec Services provides Backup and Disaster Recovery services to businesses across Ireland. Our approach covers the full scope of backup risk, not just on-premises infrastructure, but the cloud systems, SaaS platforms, and individual devices that traditional backup strategies frequently miss.

  • Audit your current backup coverage. Identify exactly what is protected, what is not, and what the exposure looks like if an attack occurred today.
  • Design and implement a resilient backup architecture. Using air-gapped and immutable storage that ransomware cannot reach or encrypt.
  • Extend backup coverage to cloud platforms. Including Microsoft 365, Google Workspace, and other SaaS tools that do not provide adequate data protection as a default.
  • Test your recovery. So that if the moment comes, you already know it works. An untested backup is an assumption. A tested one is an asset.
  • Align your backup posture with NIS2 and NCSC Ireland requirements. Ensuring your business continuity and incident recovery controls meet the regulatory expectations that apply to your sector.

We work with businesses of all sizes across Shannon, Dublin, and Limerick. Whether you need a full backup audit, a new disaster recovery solution, or simply a second opinion on your current setup, our team can help you understand your position clearly and move forward with confidence.

References

NEWTEC SERVICES · BACKUP & DISASTER RECOVERY

Talk to Newtec About Your Backup and Recovery Strategy

If you are not certain your backups would survive a ransomware attack today, now is the right time to find out. We are available across our three Irish offices.

Talk to our team →
Shannon: (061) 708-820 · Dublin: (01) 531-3777 · Limerick: (061) 708-821