Data Protection Tool

16 Dangerous Myths about Corporate Data Backup

Picture of Tracy Rock

Tracy Rock

Director of Marketing @ Invenio IT


Corporate Data

A few years ago, we stumbled across a great article by ZDNet titled, “Ransomware is now so awful it’s actually making us take security seriously.” The upshot was this: ransomware’s destruction comes with a silver lining. It’s so bad that it’s finally forcing organizations to invest more in their corporate data backup systems.

But then WannaCry happened, and thousands of companies were caught with their patches down. (Their O/Ses weren’t up to date, and their data recovery systems weren’t so good either, assuming they had these systems implemented at all.)

Then Petya happened, and thousands more were hit again.

Apparently, for many organizations, ransomware just wasn’t awful enough yet. And based on the latest cybersecurity statistics, it’s clear that many companies still aren’t taking it seriously, even now.

Why aren’t businesses more concerned about data protection?

The reasons are complex.

Many companies are facing shrinking IT budgets at a time when their systems are more vulnerable than ever. Other companies may believe their existing backup systems are adequate, when in fact they’re horribly outdated.

And for other companies, the reason essentially boils down to this: the stakeholders don’t believe a major disaster will happen to them. Even those that do understand the risks may not be willing to make the infrastructure upgrades recommended by their IT managers – at least “not this year” – because they believe they’ll always have other, last-resort options for recovering their data after a loss.

That’s simply not true. If you’re not properly backing up your data, and you experience a major data loss, then that data is probably gone for good.

This is just one of the many common myths that some decision-makers have about corporate data backup. Today, we look at several more of these myths, which are stopping companies from making the infrastructure upgrades they desperately need.

The myths range in seriousness from “understandable” to “WHAT ARE YOU THINKING?!” but there’s one thing they all have in common: they’re falsehoods that leave many companies vulnerable.

What are the Most Common Myths about Corporate Data Backup?

Myth #1: We can survive a data disaster.

Actually, probably not—especially if you don’t have an adequate disaster recovery plan or backup solution.

The data-protection experts at Datto say that a whopping 94% of businesses fail after a disaster when they don’t have a business continuity plan (BCP).

Even among those that do have a BCP, the numbers don’t look so good. A 2010 report by Gartner showed that 43 percent of companies that experienced a major data loss were immediately put out of business. Roughly half of the companies that initially survived also failed within the next two years.

Myth #2: Anti-malware will protect our data.

Really? Even if your servers are flooded? Even if your whole building burns down? What if files—or whole directories—get accidentally deleted?

Your anti-malware/virus software is absolutely a critical first line of defense against certain types of cyberattacks. But it certainly won’t save you in all disaster situations. Even ransomware can quietly infect your systems and lock up your data without ever being detected by your anti-malware software. A wide range of other threats makes it essential to back up your data, regardless of your other cybersecurity measures.

For the strongest protection against today’s emerging threats, businesses should strongly consider a managed detection and response solution like Field Effect Covalence. But no matter what cybersecurity solution is deployed, backup is still necessary.

Myth #3: Humans don’t make mistakes.

Tell that to the IT person who’s constantly recovering files for the employee who keeps deleting important spreadsheets, customer records and Word docs. Tell it to the hospital that just lost all its patient data in a ransomware attack because someone in Payroll clicked on a phishing email.

The point is: even the best of us makes costly mistakes. Accidents happen. According to Datto, the majority of downtime incidents are caused by human error.

So the question becomes: how much time and resources are you willing to give up when those accidents inevitably happen to you? If you’re using an outdated BCDR system, each of those seemingly small mistakes is probably costing the company a ton of money. And it’s only a matter of time before a giant mistake causes destruction you can’t recover from.

Myth #4: We’ve got backups. We can always recover.

Backups are only the first half of the BCDR process. Just because you have them doesn’t mean the files will be recoverable or available within a reasonable time. How do you know the recovery won’t fail? Traditional backup methods, like tape, are notorious for high failure rates.

Even if you can recover everything, how long will it take? Have you evaluated your RTO recently, or tested it to make sure it’s accurate? A full recovery could take a lot longer than you anticipated if you’re not using the right technologies. And since research shows that each hour of system downtime costs the average small business $8,581 per hour, underestimating your recovery time is a recipe for disaster.

Myth #5: It’s in the cloud, it’s fine.

Cloud backups may indeed be a smart measure, but it all depends on the systems and services you’re using. How do you know your cloud backups haven’t been infected with the same malware that took down your on-site servers? How often are files being sent to the cloud? How long will recovery take? What happens if your cloud provider went offline?

These are all questions you need to ask when backing up to the cloud. Not all cloud storage options are the same. On the contrary, some are far better than others. Consider leveraging a hybrid backup approach that lets you backup both locally and in the cloud for greater protection, and be able to virtualize the backups from anywhere.

Myth #6: All of our corporate data is safely stored on our server.

There are actually a few myths baked into this one.

For one, data isn’t inherently safe just because it’s saved on the network. Your servers are still vulnerable to cyberattack, tampering, accidental deletion and other data-loss incidents, just like any other device. This is why backup is critical.

But the second misconception here is the assumption that all your corporate data is on the server. It’s not.

Employees will often save important company files on their PCs rather than the network. Often, this is out of convenience or due to a lack of awareness. But regardless of the reason, these files have a higher risk of being lost or destroyed if they are not being backed up or protected with the company’s cybersecurity solutions.

Educating users on how to properly use company file systems is an important first step. But for greater security and continuity, businesses should invest in endpoint backup and endpoint protection. This will ensure that files are adequately protected even when they are stored on the user’s device.

Myth #7: Our server room is impenetrable.

Believe it or not, some folks actually believe this. Perhaps they’ve installed special fire-suppressing systems or put some extra padlocks on the server-room door—who knows? But whatever the reasoning, this mindset is incredibly shortsighted!

First of all, the physical safeguards around your infrastructure will do nothing in a cyberattack or when an employee accidentally crashes your business-critical applications.

Second, all devices fail eventually. They all have a lifespan. This is why you need to back up to multiple sources—so that when one file storage device goes down, you can still access the data somewhere else.

Third, how do you really know the server room is so safe? Consider for a moment that the U.S. has experienced an average of 336 natural disasters per year since 2010, and research shows that these occurrences are increasing and intensifying due to climate change. Just because you haven’t experienced devastation already doesn’t mean you won’t.

Myth #8: Corporate data backup is too expensive.

BCDR is an investment, like any other technology implementation. And when you run the numbers, it becomes clear that safeguarding your data with today’s best business continuity solutions costs far less than not having a solution at all.

All it takes is one disruptive event to cripple a business. When you factor in forfeited revenue, lost data, disrupted processes, damaged equipment, legal/compliance liabilities, damaged client relationships, damaged company reputation, wasted resources—the costs skyrocket in all directions.

As we mentioned above, a single hour of downtime caused by ransomware can cost upwards of $8,500 for small businesses. For larger companies, an attack can easily cost millions of dollars.

By preventing even just one such event, your corporate data backup system virtually pays for itself.

Myth #9: The business is too small to need it.

Okay, if you catch fish for a living and sell it at a market stand, maybe you don’t need BCDR. But if your business involves data at all—any files that have value or importance and would create a disruption if you suddenly lost them—then you need to be taking data backup seriously.

Sure, if you’re a small business, there’s no need to invest in a sprawling enterprise BCDR solution. However, with the right implementation, you can get enterprise-grade protection at a price that’s affordable for small businesses.

Whatever you do, don’t assume you’re too small to feel the impact of a major data loss.

Myth #10: The business is too big to fail.

This is the flipside to myth #8. Medium to large corporations—especially those that are experiencing fast growth—often fail to address their data risks simply because nobody has time to think about them. They’re too busy dealing with the “day to day,” not the potential risks of “tomorrow.” And when a company is growing rapidly in all directions, everyone assumes that dependable data backups are already happening, when in fact they’re not.

This illustrates the importance of not only implementing the backup technology itself, but also thinking proactively about business continuity as part of an ongoing continuity strategy. In other words, you can’t just install a backup appliance and call it a day. You need a plan.

To truly prevent and mitigate the destruction of an unanticipated disaster, you need to work on your continuity planning on a regular basis. That means designating a recovery team, reevaluating your business continuity plan, defining your continuity objectives, performing risk/impact assessments, finding system weaknesses and continually identifying the best backup technologies for your business’s needs.

Myth #11: We use Microsoft 365. We don’t need data backup.

Wrong again.

Files stored in M365 are still vulnerable to a number of data-loss events. They can be accidentally deleted. They can be infected with ransomware or other malware. They can be permanently erased if licenses are allowed to expire inadvertently. They can be overwritten during botched migrations. They can be corrupted by bad integrations with third-party apps.

The list goes on and on.

As we touched on in myth #5, it’s dangerous to assume that data stored in the cloud can’t be lost. Just because this data is stored on Microsoft’s servers doesn’t mean it can be destroyed! In fact, statistics show that it happens all the time. In a survey by Backupify, 37% of small to medium-sized businesses reported they have lost data stored in SaaS applications like Microsoft 365 and Google Workspace.

This underscores the importance of using a dedicated SaaS backup service, in addition to a BCDR solution for your local servers and endpoints.

Myth #12: Our backups can be recovered instantly.

This one depends on what kind of corporate data backup you’re using. Because chances are, if you’re relying on older technology, your backups could take hours or even days to restore – especially if you need to rebuild the backup from a chain of incrementals.

However, newer BDCR solutions can indeed restore the files and systems you need in a matter of seconds. With Datto, for example, individual files and folders can be restored with just a few clicks. Plus, backups can be booted as virtual machines in a matter of seconds, allowing near-instant access to protected systems, applications and files. Even in widespread ransomware attacks, encrypted files can be quickly restored back to normal using the Rapid Rollback feature – without the need to reimage the entire machine.

Don’t assume your existing backup systems can instantly restore lost data. As we covered in Myth #4, it’s a good idea to periodically evaluate your deployments to make sure they align with your recovery objectives.

Myth #13: Ransomware is on its way out.

This is simply not true.

The rate of ransomware attacks does indeed fluctuate from year to year. But despite the occasional slowdown, there are no signs that it is going away anytime soon. Quite the opposite, in fact. Figures highlighted by Statista reveal that 2023 was the worst year for ransomware yet, affecting more than 72% of organizations globally.

Additionally, ransomware payments surpassed $1 billion – an all-time high.

This is another reason why it’s essential for all organizations to continually review their backup systems to ensure they provide adequate protection against these data-destroying attacks.

Myth #14: We can pay a ransom to get our corporate data back.

Unfortunately this isn’t always true, either.

In a ransomware attack, attackers will demand that you send them money to restore your corporate data. Simply transfer some cryptocurrency to an anonymous account, they tell you, and you’ll be provided with the decryption keys to unlock your data.

It’s a compelling proposition for businesses that are desperate to restore their operations as quickly as possible. That’s why organizations gave more than $1 billion in ransom payments to their attackers last year.

But the problem is that the cybercriminals don’t always keep up their end of the bargain. (Not surprisingly, because they’re criminals.)

A recent report from Sophos revealed that only 8% of businesses that pay a ransom get all of their data back. On average, businesses only get about 65% of their data back after paying their attackers. That leaves a ton of corporate data that needs to be recovered by other means or will be permanently destroyed.

So even if you’re faced with the last-resort option of paying the ransom, don’t assume you’ll get your data back.

Myth #15: Our backups are protected against ransomware.

Are you sure about that?

No backup system is completely immune from a ransomware attack. And, simply having a backup doesn’t guarantee you’ll be able to quickly recover your destroyed data.

Files infected with ransomware will typically be backed up along with all your other files. This doesn’t necessarily mean your entire backup will then be infected. But if you don’t have previous recovery points to choose from, then you won’t be able to restore those files without a decryption key.

Next, consider that newer strains of ransomware are increasingly designed to go specifically after the backups themselves. So, if you’re storing those backups on the network or in a way that they can be accessed by the ransomware, then those backups are at high risk of being destroyed.

Proper storage and security of your backups is essential for preventing them from being compromised. But also, even though no system is immune from an attack, some BCDR solutions offer far greater protection than others.

We mentioned above that Datto’s Rapid Rollback feature can help you quickly “undo” any widespread unwanted changes to your files, such as in a ransomware attack. But another great benefit of Datto’s backup systems is the built-in ransomware protection. Each new backup is scanned for signs of an infection. This enables administrators to take action much faster and eliminate any threats before they spread.

Myth #16: Malicious attacks only happen externally.

We saved this myth for last because it’s the one that no one likes to think about (particularly small businesses).

We all want to believe that our own employees would never do anything to harm the business. But the shocking reality is that roughly 17% of malicious activity is perpetrated by internal users, according to Verizon’s Data Breach Investigations Report.

Sometimes referred to as “insider threats,” these attacks can be even more costly than external threats. That’s partly because businesses are typically blindsided by the actions, but it’s also due to the sheer nature of the attacks: internal users can typically do a lot more damage, a lot faster, because they have access to company systems. They can delete large swaths of files, tamper with applications or lay the seeds for a future attack.

No business can completely prevent these internal incidents from occurring. But they can significantly minimize their risk and potential damage by enacting stronger file-access controls and deploying a robust BCDR solution that safeguards all corporate data.

Frequently Asked Questions about Corporate Data Backup

1. What is corporate data backup?

Corporate data backup is the process of creating backup copies of a business’s files that can be restored if the original files are destroyed, deleted or lost. Corporate data backup helps to ensure that businesses can maintain operational continuity through a disaster, such as server failure or a ransomware attack.

2. How should you back up your corporate data?

Corporate data should be backed up with designated backup software and storage devices, commonly referred to as business continuity and disaster recovery solutions. For greatest protection, backups should not be directly connected to the network and should be stored in multiple locations, such as locally and in the cloud.

3. Do businesses have to back up data?

Some types of businesses are required by law to back up data, including those in healthcare and financial services. While most organizations are not required to have backups, they are strongly recommended. A sudden loss of data can significantly disrupt operations and put some businesses at risk of permanent closure.

4. Where should you store your critical corporate data?

Critical corporate data should be stored on a designated storage device, located on the premises, off-site or a combination of both. For greater protection, any backups stored locally should be replicated to the cloud in case on-site infrastructure is destroyed.


There are numerous myths about corporate data that prevent businesses from properly safeguarding their systems. Even with the rise of ransomware over the past few years, many organizations are still relying on outdated backup systems that leave their entire business at risk. Companies in every industry should regularly evaluate their cybersecurity and backup systems to ensure they are using dependable technologies that protect their data and ensure swift recovery after a disaster.

Don’t risk losing everything! Explore your corporate data backup options

Which technologies offer the best protection for your company? Let our business continuity experts help you evaluate your options. Schedule a meeting with one of our specialists or contact us today: call (646) 395-1170 or email

Get the Ultimate Cybersecurity Handbook for Employees
Invenio it logo

Join 23,000+ readers in the Data Protection Forum

Related Articles