OpenText and Proofpoint executives are urging organisations to make backup testing and human-centred security core parts of resilience planning around World Backup Day.
Their comments highlight how untested backups and people-focused cyber attacks continue to expose gaps in incident recovery across Asia Pacific and beyond.
Steve Stavridis, Regional Vice President, Cybersecurity and Business Resilience APAC at OpenText, said organisations still overlook a basic weakness in their resilience strategies: backup processes that exist on paper but fail under pressure during outages, ransomware attacks or system failures.
Untested backups, he warned, often reveal problems only at the worst possible moment. Corrupted data, configuration errors and incompatible software versions can remain hidden for months if organisations do not run regular restore drills.
“Untested backups remain a critical weak link for many organisations, often leading directly to recovery failures that are only uncovered when an outage or cyber incident requires restoration. This World Backup Day is a reminder to regularly test backups to ensure they are free from corruption, misconfigurations, incompatible versions, or incorrect retention settings,” said Steve Stavridis, Regional Vice President, Cybersecurity and Business Resilience APAC, OpenText.
Recovery risks
Delays or failures during restoration directly extend downtime and increase financial and operational harm. Prolonged outages can also erode customer trust and damage brand reputation.
“When restorations fail or take too long, they translate directly into extended outages, lost revenue, operational disruption, and reputational damage to an organisation. True organisational resilience requires backups that are proven recoverable under real-world conditions,” said Stavridis.
Hybrid shift
Backup strategies are evolving as more data moves into hybrid and multi-cloud environments. Security teams must now account for a wider range of applications, data stores and third-party platforms when designing recovery plans.
Structured testing, Stavridis said, is essential across different layers of the environment, including individual files, full systems and specific business applications.
“To strengthen backup reliability and build recovery readiness, organisations should: Conduct routine restore tests at the file, system, and application levels. Test across different restore scenarios – ransomware, accidental deletion, full VM builds, and more. Automated integrity checks help detect corruption early and always document results, creating a continuous improvement cycle,” said Stavridis.
He also warned that convenience-led practices create fresh risks. Many firms now rely heavily on online backup services that sit close to production systems.
“Although online backups are convenient, they can be vulnerable. If attackers can access production systems, they can often reach online backups as well. Maintain at least one offline copy or store backups in an online, restricted, isolated security zone with strict access controls,” said Stavridis.
Layered approach
In his view, resilience requires diversity as well as testing. Single-method backup strategies can fail if the underlying system is compromised or unavailable.
“Don’t rely on a single backup method; if the system is compromised, unavailable or corrupted, recovery can be impossible. Instead, adopt a multi-layered strategy, for example, snapshots, cloud backups and offline copies, to protect organisations against accidental deletion, corruption, configuration mistakes, site-wide outages, hardware failures, local disasters, ransomware, and insider threats,” said Stavridis.
Data priorities
Stavridis also emphasised data classification and alignment with business priorities. Not all data warrants the same recovery time or recovery point targets.
“Organisations should also classify data into critical, important, operational and archival tiers. Then prioritise low Recovery Time Objective (RTO) and Recovery Point Objective (RPO) for systems that align with business needs and are mission-critical, such as payment platforms, ERP systems, and customer-facing services. Regular restore testing ensures these targets remain achievable,” said Stavridis.
Well-rehearsed drills and processes, he added, often make the difference between a controlled recovery and disorder during a crisis.
“Business continuity depends on reliable, proven restoration. Investing in simulations and well-drilled recovery procedures reduces downtime, costs, and chaos when incidents occur,” said Stavridis.
Human factor
Alongside the backup discussion, Proofpoint is highlighting the human side of data loss. Steve Moros, Senior Director, Advanced Technology Group, Asia Pacific and Japan at Proofpoint, said many people still treat data loss as a rare event despite evidence to the contrary.
He cited statistics showing that significant numbers of users never back up their information and that basic mistakes continue to drive a large share of incidents.
“World Backup Day is a timely reminder that data loss is not a distant, unlikely threat but everyday reality for individuals and organisations alike. However, despite this 21% of people have never made a backup, and 29% of data loss cases are the result of simple human error,” said Steve Moros, Senior Director, Advanced Technology Group, Asia Pacific and Japan, Proofpoint.
Attack trends
Moros also referenced research showing that attackers increasingly target people as the first point of compromise, with state-linked operations developing long-running social engineering campaigns.
“Proofpoint’s 2025 Human Factor Report illustrates just how aggressively cybercriminals are targeting people as the primary vector for data loss. About 25% of all state-sponsored phishing campaigns now begin with “benign” emails to build trust, a striking shift toward psychological manipulation over technical exploits,” said Moros.
Many organisations, he said, fall short on both backup discipline and front-line security, leaving data exposed to both accidents and deliberate attacks.
“The uncomfortable truth is that many individuals and organisations are failing on both fronts simultaneously: they are not backing up their data, and they are not adequately protected against the threats most likely to cause data loss in the first place,” said Moros.
Backup rule
Moros pointed to the long-standing 3-2-1 backup rule as a simple baseline for resilience, adding that technical safeguards must sit alongside user awareness and monitoring.
“World Backup Day is an opportunity to address both sides of the equation. The 3-2-1 rule remains best practice: keep three copies of your data, on two types of media, with one copy off-site or in the cloud. But backups alone are not sufficient,” said Moros.
He said organisations should look across email, collaboration platforms, cloud applications and endpoints when building their defences.
“Organisations must pair robust data protection strategies with layered, people-centric security, continuous employee education, multilayered threat detection, and a clear understanding of how and where data is stored and accessed across every channel,” said Moros.
