The industry speaks: World Backup Day 2025

And despite 52 per cent of respondents admitting that they’d be “devastated” to lose personal data, 26 per cent of Australians still fail to back up their data.

With that being the case, here’s what the industry thinks of the importance of regular data backups – hint: it’s pretty important.

Stefan Mandl
Vice president, sales and marketing for APJ region, at Western Digital

It’s fantastic to see more people recognising the importance of protecting their data. World Backup Day is an important yearly reminder [for] everyone to back up their data and to educate the people who still aren’t aware of the impact of failing to backup.

VIEW ALL

It’s also an opportunity to reinforce just how critical it is to safeguard what matters most – because all it takes is one small accident for data to be lost forever. In fact, 48 per cent of Australian respondents have already experienced data loss due to device failure, accidental deletion or cyber attacks.

Anthony Spiteri
Regional CTO APJ at Veeam

When World Backup Day was first introduced in 2011, backup was considered a passive safeguard – an insurance policy for businesses in case of accidental deletion or a natural disaster. Fast forward to today, and backups alone are no longer enough. Cyber criminals have adapted, targeting backups themselves in ransomware attacks, making traditional backup strategies insufficient unless they are part of a larger data resilience framework.

The modern cyber security landscape demands proactive data resilience, a strategy that ensures backups remain protected, accessible, and rapidly recoverable in the face of an attack.

Cyber resilience is no longer optional; it’s essential for business survival. Organisations that fail to modernise their backup and recovery strategies risk not only operational downtime but also reputational damage, regulatory penalties, and financial loss.

James Finlay
Lead director of incident response APJ at Coveware by Veeam

As World Backup Day approaches on 31 March, organisations need to rethink their backup and recovery strategies, not just as an operational necessity but as a compliance requirement.

Governments worldwide are stepping in with stricter regulations to improve cyber resilience. The Australian Cyber Security Act is a prime example, mandating businesses with an annual turnover exceeding $3 million to report any ransomware payments to the Australian Signals Directorate. Aimed at increasing transparency, this legislation also encourages businesses to take more proactive measures to avoid a ransomware payment, as disclosing payments may result in greater regulatory scrutiny and reputational damage.

Mandatory ransomware reporting is forcing businesses to rethink their entire cyber security posture. The best way to avoid both financial and legal repercussions is to ensure a robust backup and recovery strategy that eliminates the need for ransom payments in the first place.

With the changing cyber security landscape and growing legal pressures, backup and recovery are no longer ‘nice to have’; it must evolve into a comprehensive data resilience strategy. Not only will this bring together data backup, recovery, security, portability, and intelligence, [but it’s also] essential to ensure compliance and business continuity.

Stasia Hurley
Principal product marketing manager at Barracuda Networks

March 31st is World Backup Day – the annual reminder of the importance of backing up and protecting data from loss and theft. The universal messages of making regular backups, keeping offline copies and more are as important as ever – but in an increasingly digital, cloud-enabled world and with a rapidly evolving threat landscape, there are other aspects of effective backup that are worth thinking about on World Backup Day. They may not be as obvious, but they are just as important.

First, back up your identity and access management system. For example, if you use Microsoft Entra ID, imagine losing all the employee identities, rules, and policies you have set up in the cloud – not just for individuals, but functional groups, teams and more – defining the applications and resources they are each entitled to access once their identity is confirmed.

Many organisations assume there’s a default backup of Entra ID data. However, this only retains data for a rolling 30 days. Some information, such as security groups, is not retained at all.

Entra ID data can be lost, corrupted, or encrypted, either by accident or maliciously, and if it is not properly backed up – and recoverable - your employees won’t be able to get to the applications and services they need to do their jobs. And you’ll have to start all over again to recreate the directory. The impact on the business will be significant. Rebuilding Entra ID content is costly and time-intensive, and while they’re waiting for you to fix it, colleagues can’t do their work effectively.

Second, don’t restore blind. Data may sit in your backup systems for a while. You may have robust inbound security measures in place, but this longer-term stored data could be harbouring malware that was not known to security systems when the content was first backed up. If you restore without first scanning for malware, you could be inadvertently introducing the threat into your network.

Third, test your backups. The worst time to discover that there is an error in your configuration, or that a setting is not right, is right after a ransomware event or when you really need to restore something and can’t. Even with easy-to-use systems, you and your staff need to be familiar with how your backup works and should be comfortable with restores – before the pressure is on.

Sean Deuby
Principal technologist at Semperis

The celebration of the 15th anniversary of World Backup Day serves as a reminder for individuals and businesses to reflect on their data protection strategies and ensure their data is adequately safeguarded. Quality backup is the linchpin of business resilience, shielding against data loss and ransomware threats, and ensuring swift recovery in the face of unforeseen challenges.

Reflecting now on the massive ransomware attack against one of the largest healthcare providers a little more than one year ago highlights the importance of cyber resiliency. As organisations face sophisticated threats growing in speed, size and accuracy, the need for robust recovery processes with reliable backups is greater than ever before.

When ransomware gangs successfully breach organisations, in 90 per cent of attacks, the identity system, most often Active Directory, is compromised. To significantly reduce recovery time and quickly resume normal operations, even after an attack, organisations need a dedicated Active Directory (AD) backup strategy. AD is used by more than 80 per cent of businesses today as a fundamental system that both users and applications depend upon to function. But traditional backups that include AD don’t recognise AD’s special status in the enterprise and its unique recovery requirements. To quickly recover AD from a cyber disaster, you need specialised, automated AD forest recovery that will return this identity system to a malware-free, known secure and trusted state. Without AD-specific cyber attack recovery technology and processes, your business is at risk. AD-specific backups can speed up recovery and aid organisations in quickly returning to normal operations after a ransomware attack. What was once considered “nice to have” is now a “need to have” for organisations of all shapes and sizes around the globe.

James Greenwood
Regional vice president of solution engineering at Tanium

World Backup Day is a timely reminder that just because organisations are aware of what they should do, doesn’t mean they are actually following through with best practice cyber hygiene.

In 2025, as AI, machine learning, hybrid working, and more continue to add complexity to the cyber landscape, cyber hygiene should be a top priority on World Backup Day and every day throughout the year. This should include a range of initiatives, from consistent and regular backup management to proactive endpoint discovery and vulnerability management. Practising good cyber hygiene means embedding preventative processes into the day-to-day operations of the business, ensuring staff are regularly trained and upskilled on how to mitigate or address ongoing threats or risks, and the tools and technology in place throughout the business are effective in protecting against the constant and growing stream of attacks, risks and vulnerabilities organisations are experiencing.

Monica Landen
Chief information security officer at Diligent

At the board level, being intentional about data protection and resiliency has never been more crucial. All boards must prioritise and advocate for robust policies and procedures to protect their organisation’s most sensitive data, and backing up data is an integral part of this process.

Even organisations that strictly adhere to cyber security best practices cannot guarantee complete data security. Aside from being good practice, having a recent, uncorrupted backup is one of the only ways to recover from ransomware attacks without paying the ransom for data recovery. Similarly, board members who are responsible for sharing and collaborating on sensitive materials with internal stakeholders and trusted third parties need systems that are constantly backed up, have strict user permissions, and support real-time collaboration abilities.

It’s important to follow best practices for your backup strategy, especially regarding the number of copies, and backup frequency. Organisations handling large volumes of frequently changing data may need multiple backups per day, while others might only require a single backup overnight or during low-activity periods.

Frank DeBenedetto
GTM general manager at Kaseya

Virtual desktops and cloud systems power today’s remote workforce, and the cloud has facilitated seamless data backup for organisations, but this has become a key target for hackers. Cyber criminals now directly attack backup systems to disarm a company’s safety nets.

With virtual desktop use growing to 19.8 billion by 2031 and cloud adoption rising, World Backup Day highlights a critical truth: one backup isn’t enough. Companies using multiple cloud systems face even bigger risks as they have become a more enticing target for bad actors. Businesses need several backup layers kept separate from main systems. Whether you use public, private or hybrid clouds, assuming your data is safe could cost you your business.

David Rajkovic
Regional vice president at Rubrik ANZ

Today, organisations must move beyond traditional backup strategies and ensure data remains secure and available, no matter what happens. The key to protecting your business from the most advanced cyber threats is “cyber resilience”. This means having the ability to not only defend against attacks but also to quickly recover and continue essential operations during and after an incident. It’s not a matter of “when” you will be attacked, but “how often”.

A strong cyber resilience strategy goes beyond backup and recovery – it involves continuous testing, real-time threat detection, and a proactive approach to security. Data protection systems must be regularly tested and validated to ensure they are effective when needed most. This means more than just backing up data – it’s about assessing the integrity of backups and stress testing recovery procedures through continuous simulations of real-world cyber attack scenarios. By doing so, you can ensure that your organisation is truly prepared for the worst-case scenario.

Adhil Badat
Chief operating officer at Rackspace Technology

Data is a company’s lifeblood, yet too many businesses underestimate the risk of losing it to cyber attacks, system failures, or accidental deletion. World Backup Day is a timely reminder that protecting data isn’t just about storage; it’s about resilience.

Hybrid and multi-cloud environments are now the backbone of modern business, but outdated backup strategies can’t keep up. Organisations need a resilience-first approach. One that ensures instant recovery, slashes downtime, and keeps compliance watertight across global operations.
AI is rewriting the rules of backup and recovery, predicting failures before they happen, detecting anomalies in real time, and enabling instant restoration. As organisations embrace these innovations, Rackspace’s expertise in secure, multi-cloud environments ensures data sovereignty, compliance, and business continuity.

The question isn’t if a data crisis will happen, but when. Businesses must rethink their backup and recovery strategies now. With end-to-end protection and 24/7 managed services, organisations can future-proof operations, protecting not just their data but [also] their reputation, customers, and long-term success.

Anthony Daniel
Regional director – ANZ, at WatchGuard Technologies

World Backup Day is a timely reminder that regular, reliable backups are a vital part of any strong cyber security strategy. Backups support more than just recovery. They help protect your business from serious disruption. Backup-related failures cause 32 per cent of global data loss, and backups are now a common target in cyber attacks. That’s why it is no longer enough to simply have backups in place. They must also be secure, with encryption, immutability, and regular testing to ensure they can be trusted when needed.

Cyber resilience is not just about storing data. It’s about knowing your data will be there when you need it. If a backup fails in an emergency, it can be as damaging as having none at all. Making sure your data is protected and recoverable is one of the most important steps you can
take to stay resilient. Every business should ask whether their backups are secure and whether they will work when it really matters.

Greg Clark
Director of product management, data security, at OpenText Cybersecurity

As AI implementation across industries continues to grow, businesses are becoming increasingly reliant on data for AI-driven decision making and model training. This continued technological advancement means organisations are generating and storing more data than ever, requiring
them to proactively manage their data – starting with data minimisation.

Backups are essential for organisations to maintain business continuity and respond swiftly in the event of a cyber attack. However, organisations must be mindful of the data they’re backing up. Not all data is critical – 33per cent is redundant, obsolete, or trivial (ROT). By identifying and eliminating unnecessary data and retiring outdated applications, businesses can significantly reduce their attack surface and bolster their security postures. Not only does data minimisation ensure that organisations are more resilient in the face of security threats, but it [also] helps improve operational efficiency by freeing up valuable storage and resources. Additionally, as AI adoption grows and regulations evolve, minimising excess data gives businesses greater control over their sensitive information, reducing the complexity and cost of compliance and safeguarding operations across an organisation.

Paul Henaghan
Managing Director for Australia and New Zealand at Cohesity

This World Backup Day, we need to remember that data protection isn’t just about ticking a compliance box.

It’s about ensuring that your business stays strong and resilient against relentless cyber threats – one of the greatest risks organisations face right now.

Ransomware attacks, human error, and system failures are now a matter of ‘when’, underscoring the need for everyone to take a proactive approach. First, start with comprehensive data classification – to understand the types of data you have and therefore where and how it should be stored and for how long – and implement deduplication. This will help to ensure critical and sensitive data is retained appropriately.

Next, prioritise regular and automated backups. Automation is key to secure and cost-effective backup and recovery. Relying on manual backups invites risk. Reducing operational complexity through AI-powered capabilities that automate provisioning and lifecycle optimisation should be your goal.

Last but not least, regular testing of backups should be part of the overall security testing plans to identify any potential security risks. For ultimate security, make backups immutable – a “golden copy” of your most critical data, stored in an immutable, air-gapped location – so that they are protected from tampering even in the event of a ransomware attack.

An integrated ecosystem of data security, data protection and data governance is critical in achieving gap-free cyber resilience. With these measures in place, businesses can not only operate with reassurance that they are well protected, but also with the confidence that when a disruption does occur, they will be able to recover quickly.