Five days offline and £50,000 gone because one application missed a patch. Painful, but very common. Many companies only rethink their resilience after the first incident. The real question now is not simply “should we buy backups?” but what level of resilience gives the best return for the money.
The good news is that modern backup and recovery strategies are far more flexible than they used to be. Off-site backups are still important, but there are ways to combine them with other controls so the overall cost is manageable.
Why backups matter for business resilience
Recovery speed is the real financial factor
When companies discuss backups they often focus on storage cost, but the real business issue is downtime.
Your example illustrates it perfectly:
- £50,000 revenue lost in five days
- about £10,000 lost per day
Even relatively expensive backup systems often cost far less than one serious outage.
The UK’s National Cyber Security Centre consistently advises that organisations must assume breaches will happen and focus on rapid recovery capability.
Backups are one of the most effective tools for doing that.
The traditional option: off-site backups
Why they are recommended
Off-site backups are copies of your systems stored:
- in another physical location
- in a secure cloud environment
- or in an isolated data centre
They protect against:
- ransomware
- server failure
- fire or flood
- accidental deletion
Security frameworks commonly recommend the “3-2-1 rule”:
- 3 copies of data
- 2 different storage types
- 1 copy off-site
This dramatically reduces the risk of total data loss.
The real problem: cost and complexity
Why many SMEs hesitate
Small and medium businesses often find traditional backup systems expensive because they involve:
- storage infrastructure
- software licensing
- monitoring
- ongoing management
However, modern approaches have reduced these costs significantly.
The key is choosing the right level of resilience, not the most complex system available.
A more cost-effective modern approach
Cloud backup services
Cloud backup platforms allow companies to store encrypted backups in external infrastructure.
Advantages include:
- lower upfront cost
- pay-as-you-go pricing
- automated backups
- quick recovery tools
Because storage is shared across many customers, cloud providers can offer resilience much cheaper than building your own infrastructure.
For many UK businesses this has become the most cost-effective backup option.
Even cheaper improvements: operational resilience
Backups alone are not the full solution. The attack you described began with an unpatched application, which is a common entry point.
Before spending heavily on backup systems, companies should strengthen preventative controls.
Critical low-cost security improvements
1. Automated patch management
Outdated software is one of the most common causes of cyber breaches.
Automated patching tools can:
- detect vulnerable applications
- install updates automatically
- reduce the risk of forgotten systems
This is usually inexpensive compared with incident recovery.
2. Network segmentation
Separating systems into different network zones limits how far attackers can move once they enter the network.
If the compromised application had been isolated, attackers might not have accessed the rest of the company systems.
3. Endpoint detection and monitoring
Security monitoring tools can detect unusual activity early, allowing the company to respond before systems are fully compromised.
Early detection often prevents extended downtime.
Faster recovery alternatives
Snapshot-based recovery
Instead of traditional backups alone, many businesses use system snapshots.
Snapshots capture the entire state of a server or virtual machine.
Advantages:
- extremely fast restoration
- minimal downtime
- automated scheduling
If a system becomes compromised, it can often be restored within minutes rather than days.
This can dramatically reduce revenue losses.
A realistic resilience model for most UK businesses
The balanced approach
For most companies, the most practical setup combines several layers:
- Automated patch management
- Cloud-based encrypted backups
- Local snapshot recovery for critical systems
- Regular security monitoring
This combination gives strong protection without excessive cost.
Cost comparison perspective
Let’s compare the economics of your recent incident.
Your company lost:
- £50,000 in five days
Typical SME backup solutions often cost:
- a few hundred pounds per month
That means the entire annual backup cost might still be less than a single outage.
This is why most security professionals view backup systems as business continuity investments rather than IT expenses.
Expert guidance from UK cybersecurity authorities
The National Cyber Security Centre strongly recommends:
- maintaining reliable backups
- storing backups separately from main systems
- testing recovery procedures regularly
Testing recovery is particularly important because many organisations discover during an incident that their backups do not actually restore correctly.
Final advice for the company director
You do not necessarily need the most expensive backup infrastructure.
But doing nothing after a £50,000 incident would be the riskiest decision of all.
The most practical solution is usually:
- automated patching
- cloud backup
- snapshot-based recovery
- regular security monitoring
This combination significantly reduces both the likelihood of another breach and the time required to recover if one occurs.
In business terms, that means the next attack may still happen—but instead of losing five days and £50,000, you may be back online within hours.
We have created Professional High Quality Downloadable PDF’s at great prices specifically for Small and Medium UK Businesses our main website. Which include various helpful Cyber related documents and real world scenarios your business might experience, showing what to do and how to protect your business. Find them here.
