Why Backups Aren’t Enough: Case Studies and Key Takeaways

By /

Backups Aren’t a Plan: The False Comfort of Saved Files

Introduction: The Illusion of Safety

Many organizations operate under the assumption that having backups equates to being prepared for any disaster. However, recent high-profile incidents have demonstrated that backups alone are insufficient without a comprehensive business continuity strategy.

Case Studies Highlighting the Risks

1. Marks & Spencer (M&S) Ransomware Attack

In April 2025, British retailer Marks & Spencer faced a severe ransomware attack that disrupted its online ordering system and internal communications. Employees resorted to using personal devices and WhatsApp due to compromised systems. The company experienced significant operational chaos, highlighting the lack of a robust business continuity plan.
Source: The Times UK

2. Change Healthcare Cyberattack

In February 2024, Change Healthcare, a subsidiary of UnitedHealth Group, suffered a cyberattack that halted electronic payments and medical claims processing. The disruption forced patients to pay out-of-pocket for medications and threatened the financial stability of healthcare providers, with losses estimated up to $100 million per day.
Source: Wikipedia / News Reports

3. Kaseya VSA Ransomware Incident

In July 2021, a ransomware attack on Kaseya’s VSA software affected over 1,000 companies worldwide. The attack exploited a vulnerability, leading to widespread downtime. Despite having backups, many businesses struggled to restore operations promptly, emphasizing the need for a comprehensive continuity plan.
Source: Wikipedia

Key Takeaways

  • Backups ≠ Business Continuity: Having data backups doesn’t guarantee quick recovery or minimal downtime.
  • Regular Testing is Crucial: Without routine testing of backup restoration processes, organizations can’t be sure of their effectiveness during a crisis.
  • Comprehensive Planning: A true business continuity strategy encompasses more than data; it includes processes, people, and communication plans.

Business Continuity Planning Starter Template

To assist organizations in developing a robust continuity strategy, we’ve created a comprehensive starter template. This resource includes:

  • Risk Assessment Tools: Identify potential threats to your operations.
  • RTO and RPO Worksheets: Determine acceptable downtime and data loss thresholds.
  • Communication Plans: Outline protocols for internal and external communications during disruptions.
  • Testing Schedules: Establish regular intervals for testing backup and recovery procedures.

    • Next in the Series

    Stay tuned for our next post: “Ransomware and Downtime: What’s Your Recovery Really Worth?” We’ll delve into the financial implications of operational disruptions and how to quantify the true cost of downtime.

Download the Business Continuity Planning Starter Template to begin fortifying your organization’s resilience.

Related Posts

Leave a Comment

Scroll to Top