Euro Security logo white
Many companies overestimate their ability to recover from a cyberattack

March 16, 2026

Cyber Security

A study highlights risks in corporate backup and recovery strategies.

Cyberattacks are increasingly targeting not only production IT systems, but also specifically backup and recovery infrastructures. A recent investigation by DATA REVERSE® Data Recovery shows that many companies assess their actual recovery capabilities far more optimistically than their organisational and technical structures would suggest.

In practice, it is becoming increasingly apparent that an existing backup does not automatically guarantee a successful recovery. Manipulated snapshot structures, damaged backup metadata or encrypted storage systems can result in backups existing but no longer being usable in an emergency.

Particularly in the context of modern ransomware attacks, attackers are increasingly attempting to first compromise an organisation’s recovery capability before encrypting operational systems. If the backup infrastructure is compromised, companies lose precisely those security mechanisms on which they rely in a crisis.

Backup infrastructures are increasingly becoming a target for attackers

In practice, recurring attack patterns can be observed:

* targeted deletion or manipulation of backup repositories

* alterations or removal of snapshots in virtual infrastructures

* Encryption of NAS or storage systems containing stored backups

* Compromise of backup management systems

Particularly in complex IT landscapes with virtualised systems, distributed storage architectures or hybrid backup concepts, this can lead to a situation where backups are present but are no longer technically consistent or recoverable.

NIS-2 places greater emphasis on recoverability

With the implementation of the European NIS-2 Directive, the actual recoverability of IT systems is becoming even more important. In future, organisations must not only establish preventive security measures, but also ensure that their systems can be reliably restored following a cyber incident.

The requirements of the directive relate in particular to business continuity, disaster recovery and crisis management – areas that are still insufficiently structured in many organisations.

Study reveals significant gaps in contingency planning

A study published by DATA REVERSE at the end of 2025 on the NIS 2 maturity level (https://www.datareverse-datenrettung.de/nis-2-studie-2025/) of German companies shows that there is often a significant discrepancy between self-assessment and actual preparedness.

For the study, 245 IT decision-makers and managing directors were surveyed at IT-SA in Nuremberg regarding their preparedness for the regulatory requirements.

Key findings include:

* 53% of companies have not yet assessed their NIS 2 exposure

* 71% already consider themselves NIS 2-ready

* only 33% test their backup and recovery regularly

* 45% carry out such tests rarely or not at all

* 96% do not have an external data recovery partner in their contingency plan

The results show that significant structural gaps remain, particularly in relation to recovery testing, contingency planning and escalation strategies.

When recovery processes fail

Whether backup strategies actually work often only becomes apparent in an emergency. Damaged snapshot chains, inconsistent backup structures or tampered storage systems can result in traditional restore processes no longer working.

In such situations, the only option is often an in-depth analysis of the underlying storage structures to reconstruct data directly from data carriers or storage systems.

Data recovery as a technical escalation step

Such scenarios frequently affect complex infrastructures, such as:

* damaged RAID systems or NAS storage

* manipulated snapshot structures of virtual machines

* encrypted or inconsistent backup repositories

* damaged file systems or storage metadata

In these cases, recovery is no longer carried out using traditional backup software, but through a technical analysis of file systems, RAID configurations and storage structures.

Resilience is key to recovery

The increasing sophistication of cyberattacks shows that data security does not depend solely on existing backups. What is far more crucial is whether recovery processes function even under realistic attack conditions.

Companies should therefore regularly check:

* whether their backup infrastructures themselves are sufficiently protected

* whether full recovery tests are being carried out

* which processes are triggered if backup structures are compromised

In an emergency, it is not the number of existing backups that determines a company’s resilience, but the ability to reliably recover data.

Related Articles

AI will soon be able to pinpoint the source of noise with precision

Mar 16, 2026

Research project between SINTEF and Norsonic – Construction sites reported as being too noisy will be relieved Acoustics experts led by Femke B. Gelderblom from the Norwegian research centre SINTEF https://www.sintef.no have developed “NoiseTag”, an AI-based...

North Rhine-Westphalia launches modern fire and disaster management

Mar 13, 2026

Home Secretary Herbert Reul: “We have learnt from the experiences of recent years” Photo: State of North Rhine-Westphalia / Martin Götz The state government has approved a draft bill to amend the Act on Fire Protection, Assistance and Disaster Management (BHKG). The...

Herrmann Presents the Introduction of the New Entry/Exit System (EES)

Mar 13, 2026

A Milestone in Protecting Bavaria’s EU External Borders: Bavaria’s Interior Minister Joachim Herrmann presents the introduction of the EU’s new Entry/Exit System (EES) at Nuremberg Airport – A Significant Boost to Security and a Key Component of the Asylum Policy...

Share This