Backups without testing? That's not a plan, but hope
Software
back-ups-zonder-test-dat-is-geen-plan-maar-hoop
Published by
WINMAG Pro Editorial Team
Tue, 31 March 2026, 06:32
Share
Many organizations think their data is well protected, but appearances can be deceiving. The biggest problem is not the lack of backups, but the fact that they are rarely tested. And the numbers do not lie: more than 60% of organizations believe they can recover within a few hours after a failure. In reality, only 35% succeed. We are not talking about a gap here, but a chasm. Text Rich Greene, SANS Senior Solutions Engineer

Backups without testing are not a strategy

Organizations simply check the 'backup box' and do not ask themselves the crucial question: does the recovery process actually work? A backup that has never been restored is not a plan. It is hope, and hope is not a strategy. The data tells the story: 76% of organizations take more than 100 days to fully recover from a data breach (source: IBM/Ponemon 2025), 60% of backups are incomplete, and recovery attempts fail in 50% of cases (source: Avast) and 87% of IT professionals experienced a SaaS data loss in the past year, with human errors being the main cause. On top of that: 72% of data loss in the cloud is caused by misconfigurations or user errors, not by external attacks.

The difference between surviving and disappearing

For SMEs, the consequences are often disastrous. According to the Ponemon Institute, 60% of companies close their doors within six months after a serious data loss due to an incident or cyberattack. In contrast, there is a strikingly positive picture: 96% of organizations with a backup AND a tested recovery plan survive cyberattacks. The difference lies not only in having backups, but in having and testing an effective recovery plan.

Many companies rely on cloud platforms like Microsoft 365 and Google Workspace, but underestimate their own role in it. The default retention policy settings are designed for service continuity, not for complete data protection. Governance, Risk, and Compliance (GRC) teams must actively assess these settings against laws and regulations and internal risks. Without deliberate configuration, organizations rely on default settings that were never intended as a complete backup strategy.

New threats target backups

The threat is also evolving rapidly. According to the M-Trends 2026 report from Mandiant, ransomware attackers are increasingly targeting backup systems first, making recovery impossible. The Data Breach Investigations Report 2025 from Verizon confirms this: 64% of victims refused to pay ransom precisely because their backup and recovery strategy was in order.

On World Backup Day today, I have a tip: not only make backups, but also restore them. Do it today and test if it really works. Know your actual recovery time and not the theoretical one on paper. And if your GRC team hasn't checked your cloud settings in a while, make that your priority today. Backups may not be 'sexy', but they make the difference between surviving and disappearing.

Rich Greene, SANS Senior Solutions Engineer.

 

ict-zzper-profiteert-van-explosieve-vraag-naar-ai-skills
Career
Software

ICT freelancer benefits from explosive demand for AI skills

Tuesday 31 March 2026 - 11:00
de-ultieme-gids-voor-een-slimme-tuin-top-innovaties
Hardware
Software

The ultimate guide to a smart garden: top innovations

Tuesday 31 March 2026 - 09:10
tot-leven-gebracht-meesterwerk-wint-ai-kunst-competitie-google
News
Software

Masterpiece brought to life wins Google AI art competition

Tuesday 31 March 2026 - 01:05
wat-blijft-over-als-ai-alles-overneemt
Software
Practice

What remains when AI takes over everything?

Monday 30 March 2026 - 12:50