Five days offline and £50,000 gone because one application missed a patch. Painful, but very common. Many companies only rethink their resilience after the first incident. The real question now is not simply “should we buy backups?” but what level of resilience gives the best return for the money. The good news is that modern backup and recovery strategies are far more flexible than they used to be. Off-site backups are still important, but there are ways to combine them with other controls so the overall cost is manageable. Why backups matter for business resilience Recovery speed is the real financial factor When companies discuss backups they often focus on storage cost, but the real business issue is downtime. Your example illustrates it perfectly: £50,000 revenue lost in five days about £10,000 lost per day Even relatively expensive backup systems often cost far less than one serious outage. The UK’s National Cyber Security Centre consistently advises that organisations must assume breaches will happen and focus on rapid recovery capability. Backups are one of the most effective tools for doing that. The traditional option: off-site backups Why they are recommended Off-site backups are copies of your systems stored: in another physical location in a secure cloud environment or in an isolated data centre They protect against: ransomware server failure fire or flood accidental deletion Security frameworks commonly recommend the “3-2-1 rule”: 3 copies of data 2 different storage types 1 copy off-site This dramatically reduces the risk of total data loss. The real problem: cost and complexity Why many SMEs hesitate Small and medium businesses often find traditional backup systems expensive because they involve: storage infrastructure software licensing monitoring ongoing management However, modern approaches have reduced these costs significantly. The key is choosing the right level of resilience, not the most complex system available. A more cost-effective modern approach Cloud backup services Cloud backup platforms allow companies to store encrypted backups in external infrastructure. Advantages include: lower upfront cost pay-as-you-go pricing automated backups quick recovery tools Because storage is shared across many customers, cloud providers can offer resilience much cheaper than building your own infrastructure. For many UK businesses this has become the most cost-effective backup option. Even cheaper improvements: operational resilience Backups alone are not the full solution. The attack you described began with an unpatched application, which is a common entry point. Before spending heavily on backup systems, companies should strengthen preventative controls. Critical low-cost security improvements 1. Automated patch management Outdated software is one of the most common causes of cyber breaches. Automated patching tools can: detect vulnerable applications install updates automatically reduce the risk of forgotten systems This is usually inexpensive compared with incident recovery. 2. Network segmentation Separating systems into different network zones limits how far attackers can move once they enter the network. If the compromised application had been isolated, attackers might not have accessed the rest of the company systems. 3. Endpoint detection and monitoring Security monitoring tools can detect unusual activity early, allowing the company to respond before systems are fully compromised. Early detection often prevents extended downtime. Faster recovery alternatives Snapshot-based recovery Instead of traditional backups alone, many businesses use system snapshots. Snapshots capture the entire state of a server or virtual machine. Advantages: extremely fast restoration minimal downtime automated scheduling If a system becomes compromised, it can often be restored within minutes rather than days. This can dramatically reduce revenue losses. A realistic resilience model for most UK businesses The balanced approach For most companies, the most practical setup combines several layers: Automated patch management Cloud-based encrypted backups Local snapshot recovery for critical systems Regular security monitoring This combination gives strong protection without excessive cost. Advertisement Bestseller #1 Apple 2025 MacBook Air 15-inch Laptop with M4 chip: Built for Apple Intelligence, 15.3-inch Liquid Retina Display, 16GB Unified Memory, 256GB SSD Storage, 12MP Center Stage Camera, Touch ID; Midnight SPEED OF LIGHTNESS — MacBook Air with the M4 chip lets you blaze through work and play. With Apple Intelligence,* up to … SUPERCHARGED BY M4 — The Apple M4 chip brings even more speed and fluidity to everything you do, like working between mu… BUILT FOR APPLE INTELLIGENCE — Apple Intelligence is the personal intelligence system that helps you write, express your… £1,099.00 Buy on Amazon Bestseller #2 Apple 2025 MacBook Air 13-inch Laptop with M4 chip: Built for Apple Intelligence, 13.6-inch Liquid Retina Display, 16GB Unified Memory, 256GB SSD Storage, 12MP Center Stage Camera, Touch ID; Midnight SPEED OF LIGHTNESS — MacBook Air with the M4 chip lets you blaze through work and play. With Apple Intelligence,* up to … SUPERCHARGED BY M4 — The Apple M4 chip brings even more speed and fluidity to everything you do, like working between mu… BUILT FOR APPLE INTELLIGENCE — Apple Intelligence is the personal intelligence system that helps you write, express your… £889.00 Buy on Amazon Cost comparison perspective Let’s compare the economics of your recent incident. Your company lost: £50,000 in five days Typical SME backup solutions often cost: a few hundred pounds per month That means the entire annual backup cost might still be less than a single outage. This is why most security professionals view backup systems as business continuity investments rather than IT expenses. Expert guidance from UK cybersecurity authorities The National Cyber Security Centre strongly recommends: maintaining reliable backups storing backups separately from main systems testing recovery procedures regularly Testing recovery is particularly important because many organisations discover during an incident that their backups do not actually restore correctly. Final advice for the company director You do not necessarily need the most expensive backup infrastructure. But doing nothing after a £50,000 incident would be the riskiest decision of all. The most practical solution is usually: automated patching cloud backup snapshot-based recovery regular security monitoring This combination significantly reduces both the likelihood of another breach and the time required to recover if one occurs. In business terms, that means the next attack may still happen—but instead of losing five days and £50,000, you may be back online within hours. Post navigation My English Company Was Compromised Because My Employee Clicked A Link: Now What? The DDOS Attack is Over But You Still Have That Itch You Need To Scratch