SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Flux result 4a0010e1 6565 48ef a6f5 ad792476acf1
#
Data Protection
#
DR
#
Ransomware

Australian firms urged to rethink backup amid cyber risk

Fri, 27th Mar 2026
Author image
By Shannon Williams, News Editor

Cohesity is urging Australian organisations to rethink backup practices ahead of World Backup Day, while Semperis is highlighting the role of identity recovery in cyber resilience.

Both companies are using the awareness day to warn that treating backup as a standalone activity leaves organisations increasingly exposed as cyberattacks grow more frequent and sophisticated.

James Eagleton, managing director, ANZ at Cohesity, said data loss remains a widespread problem across Australian enterprises and public bodies, with ransomware, hardware failures and human error among the most common causes.

"Data loss comes in many forms, from ransomware attacks and hardware failures through to simple human error. Whatever the cause, the impact is always disruptive and costly."

He described World Backup Day as a prompt for organisations to reassess where backup sits within broader cyber strategies. In many boardrooms and IT teams, he argued, backup is still seen as an end point rather than an early step in building resilience.

"World Backup Day is a timely reminder of the role backup plays. However, it's important to recognise that backup is only the first step in a broader journey towards cyber resilience maturity."

Eagleton called on organisations to strengthen every part of the data resilience chain, from protection measures and ongoing backup assessments to the ability to restore systems to a verifiably clean state after an incident.

"True business resilience comes from strengthening every link in the chain. That means ensuring data is not only backed up, but also protected, assessed for threats, and recoverable to a clean, secure state. This includes capabilities such as immutability, threat detection, incident response, and coordinated recovery processes across IT and security teams."

Fragmented Environments

Eagleton criticised what he described as a patchwork approach to backup across many Australian organisations, saying multiple uncoordinated platforms and inconsistent workload coverage create blind spots and weaken incident response.

Cohesity's latest data shows that 42% of Australian organisations back up all workloads, indicating that many businesses and agencies still operate with only partial protection across their application and data estates.

"The challenge is that many organisations across Australia still take a fragmented, patchwork approach. Our latest data shows less than two-fifths of Australian organisations (42%) back up data across all workloads, often relying on multiple platforms that increase complexity and reduce visibility. As with any chain, a single weak link in a resilience strategy can undermine the whole."

That fragmentation has direct implications during a live cyber incident. Recovery operations, he said, are now as much about security outcomes as restoration speed.

"As a result, backup's primary role today should be to support secure recovery. In the event of a cyber incident, it's not just about restoring data quickly, but restoring it safely, free from compromise and without risking reinfection. That requires coordination, well-defined processes, and validation, not just technology."

He warned that organisations still treating backup as a narrow technical task, disconnected from broader security and incident response processes, remain exposed.

"Ultimately, organisations that treat backup as a standalone task risk falling short. Those that embed it as the first step in a structured, multi-stage approach to cyber maturity are far better positioned to withstand attacks, recover with confidence, and minimise disruption."

Beyond Data Copies

Semperis principal technologist Sean Deuby echoed the view that backup alone is no longer enough. He said attackers' growing use of artificial intelligence, along with the central role of identity systems in modern IT environments, is reshaping recovery priorities.

He described World Backup Day as a reminder of the rising likelihood of attack and said organisations need recovery plans that assume core systems, including identity infrastructure, could be compromised alongside production data and backups.

"World Backup Day is an important reminder of the ever-increasing likelihood that your organization will be the next cyberattack target. While backup remains essential, today's threat landscape means businesses need to think more broadly about recovery, resilience and what it takes to restore operations with confidence after an attack."

Deuby drew a distinction between having backups and being able to use them effectively. Recovery can fail if attackers have tampered with data, infiltrated identity systems or taken control of infrastructure needed to bring services back online.

"Backups matter not simply because they preserve data, but because they enable recovery: a backup does not help you if you cannot recover with it. As cyber threats continue to evolve, especially through the growing use of AI, organisations need to create a clean recovery environment and restore critical systems quickly, securely and outside the control of threat actors.

"That means broadening recovery strategies to account for the underlying infrastructure that enables the business to function, particularly identity systems, which are central to access, control and trust across the organisation. You cannot assume that threat actors will leave any of your critical systems alone."

Identity At The Centre

Deuby highlighted identity recovery as a growing focus for crisis planning. Identity platforms such as Active Directory and cloud-based identity services sit at the centre of authentication, authorisation and trust in most organisations.

He said loss of identity integrity can stall not only system restoration but crisis management itself. If identity systems cannot be trusted, internal communications, role-based access and decision-making all come under strain.

"World Backup Day is also an opportunity to reinforce that recovery planning should not just focus on what can be restored, but how effectively the organisation can respond when critical systems are unavailable.

"Identity recovery is becoming an increasingly important part of crisis response, particularly as organisations recognise that - unlike other workloads - restoring identity system operations is different from being able to trust those systems after they have been compromised.

"If identity is lost or cannot be verified, the resulting disruption affects not only technical recovery but also complicates communications, coordination, and decision-making even further. Organisations should consider a more integrated approach that factors in identity system (such as Active Directory, Entra ID, Okta, Ping Identity) compromise as part of recovery. This is key to helping organisations strengthen resilience, reduce disruption and recover more effectively in the event of an attack."

Related stories
Automotive microcontroller market set to hit USD $15.1bn
Vodafone & Google Cloud launch AI & security tools
ISACA launches AI risk certification amid governance gap
Turning security into a story: How managed service providers use reporting to drive retention and revenue
Barracuda spots 7 million device code phishing attacks

Top stories

AI tools widen cyber attack threat, Flashpoint warns
AI flaws & supply-chain risks top new pentesting report
Exclusive: Google Cloud on the road to autonomous SecOps
Zapier expands AI governance controls for enterprise users
Avatier launches offline card after Stryker cyberattack