10 December 2025

According to new research from Cohesity, nearly one-third (31%) of organisations in the UK do not back up all their critical data, leaving them vulnerable to operational disruption in the event of a cyberattack.

While UK companies are increasingly aware of the importance of threat detection and response, data protection and recovery efforts remain fragmented, creating significant challenges. For instance, 38% of organisations do not apply consistent backup controls and policies across all locations, which creates gaps in protection.

Furthermore, nearly half (45%) of organisations do not back up all workloads uniformly, including virtual machines, applications, and unstructured data. This inconsistency makes it difficult to recover data efficiently when needed. Additionally, only 45% follow the fundamental ‘3-2-1’ backup rule — maintaining three copies of data on two different media types, with one stored off-site — leaving many vulnerable to data loss.

The report also highlights that less than half (45%) utilise immutability features across all backup data to prevent cybercriminals from altering or deleting backups, risking the integrity of their recovery points.