Security leaders are warning about gaps in backup, recovery, and cyber resilience as World Backup Day approaches. Their comments reflect growing concern that modern IT environments are outpacing traditional data protection strategies.
Senior security and technology executives from CrashPlan, Catalogic Software, and NetSPI said organisations face rising pressure as they modernise infrastructure and confront faster-moving cyber threats. Traditional backup approaches, they argued, are struggling to keep up with cloud-native architectures and AI-driven attacks.
The shift to containers and Kubernetes features prominently in those concerns. Organisations are moving core workloads from legacy infrastructure into distributed environments that change quickly and scale horizontally. As a result, security teams are reassessing whether long-standing backup processes still protect data effectively.
Paweł Staniec, Chief Technology Officer at Catalogic Software, said modernisation has outpaced protection strategies in many enterprises.
“Over the last year we’ve been witnessing how enterprise infrastructure is shifting fast. Organisations are moving workloads to next-gen infrastructure, adopting Kubernetes at scale, and rebuilding applications around containers and microservices. It’s a meaningful step forward in how we run and scale software. But it introduces a protection gap that most teams haven’t caught up with yet.
Staniec drew a clear distinction between platform resilience and data protection in Kubernetes environments.
“Most organizations running Kubernetes assume the platform takes care of resilience. It handles availability, not backup. Persistent volumes and application data need explicit protection, and in most environments we see that protection is either missing or untested,” he said.
He argued that many teams still measure readiness by whether backup jobs exist, rather than by proven recovery outcomes.
“That last word matters. A backup you’ve never restored from is nothing but a false sense of security. The question to ask on March 31st is ‘when did we last actually recover from one, and how long did it take?'” he said.
He also urged organisations to treat the awareness day as a practical testing milestone rather than a symbolic reminder.
“Maybe March 31st shouldn’t just be a reminder. It should be a fixed point in every organization’s calendar to actually run a recovery test, walk through the DR plan, and find out where the gaps are before an incident does it for you. The teams that treat it as an action item rather than an awareness day are the ones that won’t be scrambling when something goes wrong,” he said.
Data protection specialists also pointed to the changing nature of cyber threats. Ransomware groups now focus on data theft, extortion, and sabotaging recovery processes themselves. That shift has raised the bar for what counts as an adequate backup and recovery posture.
Todd Thorsen, Chief Information Security Officer at CrashPlan, said backups alone are no longer enough.
“Backups alone no longer stop ransomware – modern attacks focus on data theft and disruption, so resilience must include the ability to operate through incidents, not just recover from them. AI-driven threats have dramatically shortened the attack timeline, making it critical to assume compromise and protect backups with immutability and strong isolation. The biggest failure point today isn’t whether backups exist, but whether organizations can actually restore quickly and reliably under pressure. Hybrid, distributed, and immutable backup architectures are now baseline expectations, with success defined by how well recovery is orchestrated across environments. In 2026, resilience is measured by time-to-recover, and organizations that can restore critical operations within hours – not days – are the ones that will withstand modern cyber events.”
His comments reflect a wider reassessment of how organisations define business resilience. Security teams face pressure from boards and regulators to provide metrics that quantify recovery speed and reliability. Concepts such as immutable storage, air-gapped replicas, and orchestrated recovery workflows have become standard parts of planning.
The growth of AI systems has added another layer of complexity. Systems that automate data processing and decision-making can both depend on and alter critical datasets at scale and at speed. That has sharpened concerns about backup integrity and the risk of silent corruption.
Nabil Hannan, Field Chief Information Security Officer at NetSPI, said traditional views of backup risk do not account for how AI-driven systems interact with data.
“World Backup Day has traditionally highlighted recovery preparation, ensuring that organizations can restore data after cyberattacks, IT outages, or plain human error. While this still matters, in today’s AI era, simple backups are not enough to achieve business resilience. In relation to AI, what modern organizations face today is less of a new attack surface, but more of a new cocktail of familiar risks in different combinations and permutations, where exposed API keys, weak authentication and authorization, and overly permissive permissions are now embedded in autonomous systems that move faster and expand the blast radius significantly. The risk is that these systems can modify, move, or corrupt data without clear visibility, meaning organizations may not realize last-defense backups have been altered until it’s too late. To be resilient today, organizations must go beyond recovery and prove not only that backups exist, but that they remain trustworthy, and that systems cannot be manipulated to misbehave or cascade failures before security teams notice.”
Together, the three executives point to a single concern: many enterprises still treat backup as an infrastructure hygiene task rather than a strategic resilience function spanning cloud services, AI platforms, and distributed workloads.
As data volumes grow and attack timelines shrink, testing, validation, and recovery orchestration are becoming central to backup strategy. Security leaders are under continued pressure to show not only that data can be restored, but that it can be restored quickly enough to keep operations running during major incidents.
