World Backup Day: a call for strengthening resilience in the era of AI

Concept artwork generated with a
data theme by Bing Image Creator
(Dall E 3).

March 31 is World Backup Day, a reminder to back up and better protect data. Industry observers agreed that backup is essential, but many also pointed out that businesses need more than backup alone.

"In today's digital landscape, safeguarding data is paramount for business continuity and resilience. Given the rise of AI, a robust data backup and protection strategy is essential to shield organisations from threats like cyberattacks," commented Mohamed Marjook Hussain, Regional Technical Head for ANZ and APAC at ManageEngine. 

"Data loss can happen at any time for any reason: hardware failure, software failure, or human error. No matter the reason for data loss, the only way organisations can reliably get back on their feet is through a robust backup and recovery solution. 

"Furthermore, a backup solution costs much less than the cost of recovering data without one while also providing organisations with a way to recover from the effects of ransomware attacks. On World Backup and Data Protection Day, organisations need to ensure business resiliency and security by securing their data without any compromises."  

Anthony Spiteri, Regional CTO APJ, Veeam, said the focus should be on data resilience. He said: "When World Backup Day was first introduced in 2011, backup was considered a passive safeguard – an insurance policy for businesses in case of accidental deletion or a natural disaster. Fast forward to today, and backups alone are no longer enough. Cybercriminals have adapted, targeting backups themselves in ransomware attacks, making traditional backup strategies insufficient unless they are part of a larger data resilience framework."

"Singapore businesses are performing well in terms of data backup preparedness. Buoyed by the government’s strong data security regulations like including the Personal Data Protection Act and the Cybersecurity Act, many businesses, particularly in regulated sectors like banking and government, are well-prepared with robust data protection measures," Spiteri explained. 

"However, data backup is no longer enough – businesses need data resilience. Furthermore, many small and medium-sized businesses are lagging behind their larger counterparts - they often rely on outdated backup methods, such as external drives, or misunderstand their SaaS vendors' responsibilities regarding data protection."

Spiteri illustrated his point with ransomware. "The growing sophistication of ransomware attacks has exposed the limits of traditional backup strategies. While backup software is commonly deployed, many organisations fail to implement
a comprehensive data resilience strategy. Even the trusty 3-2-1 framework – which ensures robust data protection by maintaining three copies of data, stored on two different media types, with one copy offsite – now needs to be extended to 3-2-1-1-0. 

"The additional 1-0 includes one immutable or offline copy, and importantly, the entire system is verified to have zero errors. This is crucial to recover from ransomware." 

Verizon Business also linked ransomware with backups. The company said the increasing likelihood of ransomware attacks has made backups a necessity, citing Verizon Data Breach Investigations Report data that within the past three years, between 59% and 66% of incidents involved ransomware or extortion.

According to the company, it is not only information that is at stake, but also the corporate business itself. "A ransomware attack could potentially halt production activity and negatively impact a brand's reputation. Consequently, many organisations choose to pay the ransom to quickly resolve the issue and regain access to their data, although this is not always an effective solution," Verizon Business said.

"Beyond simply having a backup, data resilience means ensuring regular testing, hardening, and conducting disaster recovery drills. Without these measures, businesses remain vulnerable to attack, with recovery efforts potentially leading to reinfection or extended downtime," Spiteri summarised. 

"In today’s threat landscape, data resilience isn’t just a technology issue; it’s a business-critical necessity to ensure continuity, security, and fast recovery when disaster strikes. Cyber resilience is no longer optional; it’s essential for business survival. Organisations that fail to modernise their backup and recovery strategies risk not only operational downtime but also reputational damage, regulatory penalties, and financial loss."

Sean Deuby, Principal Technologist, Semperis called quality backup "the linchpin of business resilience, shielding against data loss and ransomware threats, and ensuring swift recovery in the face of unforeseen challenges". "As organisations face sophisticated threats growing in speed, size and accuracy, the need for robust recovery processes with reliable backups is greater than ever before," Deuby said.

"Organisations should adopt an 'assume breach' mindset and encourage them to prepare now for the inevitable. When organisations are prepared to be resilient against cyberattacks, and understand which systems are most critical to their business, they can take steps to reduce their most glaring vulnerabilities, make their infrastructure sufficiently difficult to compromise and recover much faster from a compromise." 

Nathan Hall, VP and GM, Asia Pacific & Japan at Pure Storage, shared that with innovation, comes risk. "Kroll’s 2025 Financial Crime Report reveals that 82% of senior management in the region anticipate a rise in financial crime this year — the highest globally. Data loss is not just an inconvenience — it can severely damage trust, cripple productivity, and compromise compliance," he warned.

"Traditional backups are no longer enough. In the AI era, where real-time insights drive decisions, businesses must rethink data protection: restore is the new backup. Legacy systems struggle with slow, complex recovery, leaving organisations vulnerable to prolonged downtime. The ability to rapidly restore data after cyberattacks, system failures, or accidental deletion is now a competitive advantage."

Industry observers listed a number of considerations around enhancing backup strategies. 

Cybersecurity

Lim Hsin Yin, VP of Sales for ASEAN, Cohesity said: “As we mark this World Backup Day, it is critical to remember that data protection isn’t just about ticking a compliance box or disaster recovery. It’s about ensuring that your business stays strong and resilient against relentless cyberthreats – one of the greatest risks organisations face right now."

"Ransomware attacks, human error, and system failures are now a matter of ‘when’, underscoring the need for everyone to take a proactive approach," Lim added. 

Han-tiong Law, Regional CTO Asean and Greater China, Rimini Street said: "World Backup Day is a vital reminder that data protection requires more than just backups. As cyberthreats continue to evolve, businesses must also evolve their security posture, implementing proactive measures that go beyond patching. Continuous monitoring, zero-day defense, and the ability to protect systems within seconds after a vulnerability is detected – all without disruption to the business - these are just a few ways organisations can help ensure their data and systems are in good health all year round."

Nigel Ng, Senior VP for Asia Pacific at Tenable, also said businesses must go beyond backups to strengthen their overall cybersecurity posture. “World Backup Day is a timely reminder of the vital role that robust, reliable data backup plays in any well-rounded cybersecurity programme, especially when combined with a comprehensive exposure management strategy," he said. 

"In an era defined by increasingly sophisticated ransomware and a rapidly expanding digital footprint, backups cannot be an afterthought. They must be rigorously tested, encrypted, and stored in secure environments that guard against unauthorised access." 

HPE's Justin Chiah, VP and GM, APAC Storage and Data Services, observed that data backup has become more crucial for organisations in APAC due to rising cyberthreats, the corresponding economic and operational impact, regulatory compliance, and rising multicloud adoption.

"According to the 2024 PwC Digital Trust Insights (DTI) survey, more than half (54%) of organisations highlighted the threat of losing customer, employee and transaction data as their top concern. Cyberattackers gain unauthorised access to data, disrupt businesses, and exploit companies for financial gains, making data backup crucial to mitigate economic losses," he said.

"Furthermore, as more APAC organisations are rapidly adopting multicloud storage for backups, it can create silos and add complexities, increasing the risk of misconfigurations that can lead to data exposure. According to the PwC Digital Trust Insights survey, cloud-related threats are among the top three cyber concerns for 51% of Asia Pacific organisations, further highlighting the importance of robust data backup measures to mitigate these threats and protect data."

"World Backup Day hasn't just a reminder to create backups — it’s a call to ensure they remain secure. In today’s evolving threat landscape, storing data is no longer enough; businesses must protect access to backup environments. Cybercriminals increasingly target backups to cripple recovery efforts, making strong access controls and PAM essential to a resilient security strategy," said Darren Guccione, CEO and Co-founder, Keeper Security. PAM stands for privileged access management.

"Organisations should take proactive steps to secure their backups by enforcing least-privilege access, implementing MFA, continuously monitoring activity and integrating PAM into their disaster recovery plans. By doing so, businesses protect their critical data, ensuring that backups remain a reliable lifeline against cyberthreats, Guccione added.

"Commit to not just backing up — but locking down access to the most valuable digital assets."

Active Directory

According to Deuby, Active Directory should play a significant part in backup strategies as traditional backups that include it fail to recognise its special status in the enterprise and its unique recovery requirements. "When ransomware gangs successfully breach organisations, in 90% of attacks the identity system, most often Active Directory, is compromised. To significantly reduce recovery time and quickly resume normal operations, even after an attack, organisations need a dedicated Active Directory backup strategy...Without Active Directory-specific cyberattack recovery technology and processes, your business is at risk," he said. 

"Companies should also monitor for unauthorised changes occurring in their Active Directory environment, which threat actors use in most attacks, and have real time visibility to changes to elevated network accounts and groups."

AI

Remus Lim, Senior VP, Asia Pacific & Japan, Cloudera said: "With data increasingly flowing across complex AI ecosystems, World Backup Day serves as timely reminders for businesses to review how they secure and govern their data. IT leaders need to understand that managing and securing data requires a holistic data protection approach, whether through a modern data lakehouse architecture or a multicloud data management strategy. 

"As AI continues to integrate deeper into business processes, traditional methods of data governance are no longer sufficient. Businesses should strive for continuous visibility, control, and resilience—or risk losing their grip as AI-driven environments become increasingly complex."

Lim from Cloudera elaborated: "As AI adoption grows, more teams across the organisation begin relying on AI-driven insights, causing data to move across multiple systems in ways that are difficult to track and control. Without clear oversight, sensitive information, such as customers’ personal data or an organisation's proprietary information, embedded in AI models or reports can be unknowingly exposed, misused, or shared with unauthorised users. Without the right safeguards, businesses aren’t just risking security breaches—they are exposing themselves to regulatory penalties, operational disruptions, and a loss of customer trust.

"To secure AI data effectively, businesses need to shift from reactive security to proactive governance. Instead of scrambling to fix issues after a breach, they must embed security measures into AI workflows from day one. This is crucial for industries such as finance and healthcare, where large volumes of sensitive data are stored. As AI adoption continues to grow, businesses have two choices: rely on outdated security approaches and react to threats as they arise or take control by implementing strong AI data governance from the start. The future of AI security isn’t about waiting for problems to emerge—it’s about preventing them before they happen."

Matthew Hardman, CTO, APAC, Hitachi Vantara, said that AI has brought new types of data-related attacks. "Cybercriminals are now actively targeting AI training datasets and backup repositories, injecting manipulated data to degrade decision-making. Ransomware attacks have become more sophisticated, focusing not just on encrypting files but also wiping out backup copies entirely, leaving organisations with no path to recovery. Meanwhile, the growing complexity of hybrid and multicloud environments makes cohesive and scalable recovery strategies more essential than ever," he said. 

"This World Backup Day, enterprises need to rethink their approach to data resilience. AI-powered backup integrity will become crucial in detecting anomalies before they spread, while immutable storage and zero-trust security models will help safeguard data from tampering. Resiliency planning must also account for the unpredictable whether it’s a cyberattack, system misconfiguration, or simple human error. 

"Data observability, which uses AI-driven monitoring to ensure data remains compliant, secure, and instantly recoverable, must also be prioritised. With businesses increasingly operating across hybrid and multi-cloud ecosystems, seamless failover strategies will be essential to minimise downtime and maintain business continuity." 

Ng also highlighted the increasing complexity of backups with AI in the picture. "As digital infrastructures grow more complex with the accelerated adoption of artificial intelligence in the cloud, backups alone are no longer enough. According to Tenable’s Cloud AI Risk Report 2025, 70% of cloud AI workloads contain unremediated vulnerabilities, with many also exposed to dangerous misconfigurations and overly permissive access," he noted. 

"In these scenarios, even backups risk being compromised or rendered unusable if organisations fail to manage their cloud and AI exposures effectively."  

Chiah additionally noted that AI is "significantly amplifying the sophistication, scale, and success rates of cyberattacks and data breaches by enabling threat actors to automate, personalise, and evade detection more effectively than ever before". 

"With the rapidly evolving technology landscape, it is not a matter of if but when a cyberattack happens. Organisations should invest in a precise and clear pre-planned ‘playbook’ that can provide immediate reassurance in the event of a data breach by offering continuous data protection, fully automated and orchestrated recovery, frequent testing, patch management and enhanced encryption detection, achieving near-zero recovery point objectives (RPOs) and low recovery time objectives (RTOs)," Chiah said. 

"Speed is of the essence when it comes to data recovery especially when crisis strikes, hence companies need to invest in high performance all flash recovery solutions, modern disaster recovery, application-centric recovery and data protection solutions for businesses of all sizes which is critical to minimise reputational or financial loss.

"A cyber resilience vault is also key to a comprehensive protection strategy - an offline, locked-down, air-gapped solution that combines immutable storage with an isolated recovery environment, ensuring data remains unalterable providing a secure space for recovery."

Lim from Cohesity added that backups can offer insights now. "Beyond data protection and security, backup can even be in the limelight now by providing data insights to business as we are now able to build a vector database – what’s called a retrieval-augmented generation (RAG) on top of backup data! This gives you the capability to use natural language to query your backup data," she said.

Her recipe for resilience has four parts:

"First, we can start with comprehensive data classification – to understand the types of data you have and, therefore, where and how it should be stored and for how long – and implement deduplication," she outlined.

"Next, prioritise regular and automated backups. Automation is key to secure and cost-effective backup and recovery. It is no longer sufficient to rely on manual backups. Reducing operational complexity through AI-powered capabilities that automate provisioning and lifecycle optimisation should be your goal.

"Regular testing of backups should also be practised to ensure your backups are always recoverable. For ultimate security, make backups immutable – a 'golden copy' of your most critical data, stored in an immutable, air-gapped location – so that they are protected from tampering even in the event of a ransomware attack. 

"Prepare, practise and recover from incidents, just like how DR drill has been practised for ages. An integrated ecosystem of data security, data protection and data governance is critical in achieving gap-free cyber resilience – where data is always protected, accessible and available. With these measures in place, businesses can make informed decisions quickly, stay ahead of the curve and operate with the confidence that when a disruption does occur, they will be able to recover quickly."

The big picture

"Asia’s rapid AI adoption is reshaping industries, but without trustworthy, high-quality, and resilient data, its full potential will remain unrealised. World Backup Day 2025 is not just about having a backup; it is about ensuring data remains secure, accessible, and instantly recoverable. AI and digital transformation demand a smarter approach to backup and recovery. The businesses that move beyond traditional backups to a true resilience strategy will be best positioned for the future," Hardman concluded.

Chiah, on the other hand, recommended that organisations migrate from legacy backup solutions that lack immutability or encryption, as these vulnerabilities can make backup data susceptible to ransomware or cyberattacks. "To mitigate the significant financial and reputational repercussions of vulnerabilities in data backup, organisations should turn to modern, comprehensive solutions, and work with the right technology partners who have the expertise to implement effective disaster recovery solutions and safeguard your data," he said.   

Spiteri outlined the components of proactive data resilience, "a strategy that ensures backups remain protected, accessible, and rapidly recoverable in the face of an attack":

- Immutable backups: Cybercriminals are now targeting both data availability and confidentiality - two critical pillars of the CIA triad (confidentiality, integrity and availability). With 87% of ransomware attacks in Q424 involving data exfiltration, companies must ensure they have immutable backups that cannot be altered or deleted

- Automated threat detection: Backups should not be passive archives. Continuous scanning for anomalous activity allows businesses to identify and mitigate threats before they escalate

- Rapid recovery capabilities: A backup is only useful if it can be restored quickly. Organisations must regularly test recovery processes and implement orchestration to streamline business restoration