With cyberthreats increasing, disaster recovery planning has shifted to focus on how to protect a business’ digital assets and get it back online as soon as possible in the event of a breach – and resellers should play an integral part in this.
With cyberthreats rising for businesses of all sizes, no business can assume that they won’t be a target. This means that, as well as effective cybersecurity options, disaster recovery (DR) plans need to be put in place for what happens if – or when – an attack occurs to ensure a company’s data is not lost and it can get back online quickly.
DR has become a critical component of business resilience for large enterprises but equally for SMBs, says Durgan Cooper, CETSAT chairman and House of Lords cyber security adviser. “The shift from physical outages towards cyber driven disruption means that recovery is no longer an infrastructure issue alone,” he adds. “It is now a core part of cyber hygiene and operational continuity planning.”
Chris Henderson, CISO at Huntress, says that the technology landscape is changing the way DR is implemented in many cases. “As companies move to a SaaS first strategy, the ability to directly control their recovery from an unavailable SaaS solution is often limited,” he says. “This has caused an increased need to focus on business continuity in addition to more traditional DR. Business continuity plans prepare your business with alternative operating procedures when a critical SaaS system is unavailable.”
Sean Tilley, senior director sales EMEA at 11:11 Systems, says the question is shifting from whether a business should invest in DR, to whether they can afford not to. “Attackers have become equal-opportunity opportunists: they target smaller companies because they tend to have weaker defences and are often more willing to pay ransoms to resume operations,” he adds.
“As a result, DR has evolved from a technical safeguard to a business survival strategy. It protects revenue, brand reputation, regulatory compliance and even employee productivity. When systems go down, whether from encryption, corruption or data destruction, the ability to recover quickly is the difference between a minor incident and a business-ending event.”
Trends
But while DR is increasingly seen as essential, customer demands about what goes into a solution are also changing. James Griffin, CEO at CyberSentriq, says customers expect faster recovery times, immutable backups, automated failover, and, critically, protection resilient against ransomware. “Businesses want assurance that even if attackers breach the perimeter, their data cannot be altered, destroyed or held hostage,” he adds. “AI-powered detection, continuous data protection and highly scalable cloud-based architectures are becoming core requirements rather than nice-to-haves.”
Tracey Hannan-Jones, information security consulting director – UBDS Digital, says that compliance with operational resilience requirements is driving the need for better investment and delivery of robust disaster recovery, especially in the finance sector. “Key regulations such as DORA, UK FCA/PRA require regular resilience testing, that includes real-world scenario-based testing and threat-led penetration testing,” she says.
“DR is being increasingly tied to cyber resilience including advanced threat detection, security audits, and employee training in the event of any disaster recovery.”
Tracey adds that organisations are moving away from traditional on-premise DR to cloud solutions, offered as Disaster Recovery-as-a-Service (DRaaS). “This is because they provide scalability, cost efficiencies, faster recovery times, and a team of dedicated professionals – it doesn’t require the heavy upfront costs, and with DRaaS delivering automated failover and recovery processes, it significantly reduces downtime and human error, especially for SMBs that do not necessarily have enough people to recover from a DR event.”
Chris Groot, GM of Cove Data Protection at N-able, says businesses now expect far more aggressive recovery objectives. “They want faster recovery time objectives, i.e. how quickly systems must be brought back online after an incident, and stricter recovery point objectives, which set acceptable levels of data loss,” he adds. “Organisations are adopting backup strategies that are far more robust and capable of restoring data at speed, helping them avoid ransomware-related downtime and eliminating the need to pay a ransom.
“AI is also accelerating the adoption of automation within DR. Automated recovery workflows reduce human error, speed up failover processes, and enable regular, non-disruptive testing. AI ensures DR plans remain current, effective and ready to respond to complex cyberthreats.”
Pete Hannah, VP Western Europe at Object First, says customers also want simplicity. “Recovery processes that are overly complex often fail when teams are under stress,” he says. “Businesses want predictable behaviour, fewer manual steps and transparent governance around who is responsible for testing and validation.
“Most importantly, customers are adopting an ‘assume breach and prepare for recovery’ mindset. They are planning for scenarios where attackers have already gained access, which means recovery must be dependable even in worst case situations.”
Return to tradition?
James adds that, with increasing cyberattacks, there is renewed interest in hybrid approaches. “While I don’t think companies need to return wholesale to the days of keeping binders of printed records, there is real value in having air-gapped, offline, or secondary copies of essential data,” he says.
“A balanced blend of cloud, local and offline redundancy gives organisations a far greater chance of surviving modern attacks intact.”
Pete notes that in response to high profile cyberattacks, the Government issued advice urging all businesses to keep a physical copy of incident response plans so they can act immediately if they can’t access systems. “It’s not a huge leap for companies to then consider going physical for all records, but physical records should only ever be one component of a broader 3-2-1-1-0 backup strategy – never as a standalone practice,” he adds.
Danny Hemminga, VP EMEA partner sales at Tanium, adds that paper isn’t a return to old operating models. “And it’s certainly not a substitute for cyber-ready recovery,” he says. “Printed materials age quickly and create storage and access challenges, so they’re only a supporting layer. The core focus still must be on meeting resilience and data obligations, maintaining multiple protect and validated backups, and regularly testing recovery – so you know you can restore safely, not just quickly.”
Reseller conversations
Resellers have an important role to play in DR plans – including emphasising the need for them. Markus Rex, head of managed services at SYNAXON, says that a lot of customers don’t realise they need a DR plan, let alone have any idea what they want from one. “Resellers can add value by helping them put one together,” her says. “Any plan is better than no plan at all. Even if it’s quite simplistic, it’s worth having a course of action that can be taken if a disaster occurs.”
Anton Shelepchuk, VP of worldwide sales, NAKIVO, says resellers should prioritise DR preparedness by emphasising the risks, along with the potential financial and operational losses that can occur without a solid plan in place. “Discussions with customers should also involve highlighting the savings achieved by preventing data breaches and avoiding compliance fines or penalties,” he says.
“Rather than merely outlining features, it’s important that resellers tailor the conversation to the customer’s unique needs, illustrating how a well-thought-out DR plan and solutions can provide uninterrupted access to critical data and systems while minimising downtime. The ultimate objective is to help customers see that investing in DR is not merely an expense but a strategic move toward ensuring long-term resilience.”
After this, resellers should consider putting various elements into a DP plan. Stuart McHugh, technical director at Redsquid, says resellers should focus on solutions that are comprehensive, reliable and easy to deploy. “Key elements include automated backups, multi-location redundancy, fast recovery times, end-to-end encryption and clear reporting,” he says. “It’s also important to offer scalable options, so businesses can adapt the solution as they grow or as threats evolve.”
Durgan says the priority should be to ensure that customers have tiered recovery options, validated backup integrity, and isolation between production, backup and disaster recovery environments. “This includes secure identity controls, clear runbooks and routine testing,” he adds. “Too many organisations assume their backups are usable until the day they are needed, which is where resellers can add real value through structured testing and governance.”
James says resellers should prioritise building DR solutions that harden customers against breach and encryption-based extortion. “That means immutable storage, automated testing, strong access controls, multi-cloud redundancy and clear, well-rehearsed recovery playbooks,” he says. “Customers are increasingly seeking partners who can deliver ongoing resilience, not just point solutions.”
Danny adds that recovery should be tightly integrated with security tooling to spot threats early, protect recovery points and validate systems and data before anything returns to production. “Automation is the other cornerstone – orchestrated, intelligence-led recovery reduces downtime, limits human error, and keeps costs under control when pressure is highest,” he says. “Alongside that, strong configuration management and day-to-day security hygiene matter because you can’t recover securely into an environment that’s already drifting out of compliance.
“Also, no amount of cyber-recovery measures or plans can truly work without practice. Resellers should build in regular testing and simulation, so restore paths, roles and runbooks are proven in advance, not improvised during a crisis. Customers want partners that can deliver resilience end-to-end.”
Future
With threats continuing to evolve, DR must continue to too – and it must be insured any plan is safe from cybercriminals too. “As businesses strengthen their DR plans, these systems themselves may become targets for cybercriminals, particularly if they hold critical data or can disrupt operations,” says Stuart. “The future of DR will likely focus on resilience, intelligence, and proactive protection, solutions that can detect threats, respond automatically, and maintain continuity even under attack. Resellers will need to continue innovating to stay ahead of increasingly sophisticated threats.”
“Cybercriminals know full well that most organisations aren’t prepared and aren’t resilient,” says Adam Seamons, head of information security at GRC Solutions. “Every successful attack reinforces that fact and encourages them to double down. They know many DR plans are designed to reassure boards and shareholders that ‘something is in place’, but they’ve never been tested under real-world pressure.
“There needs to be a fundamental shift in thinking. Resilience can’t sit solely in IT; it must be part of the discussion across logistics, supply chain, staffing, finance and technology. Modern businesses run so lean that a single failure can ripple across the whole organisation. If DR and resilience aren’t built into every layer, a local issue becomes a business-wide failure very quickly.
“Backups and replicas will continue to be targeted because removing them removes the safety net. The future of DR is moving away from assumptions and towards demonstrating that the organisation can absorb shock, continue operating and recover quickly.”
Chris says the market will continue to shift to making DR more security-centric. “This shift in mindset means anticipating criminals will look for ways to disable or undermine recovery capabilities,” he says. “For example, raising anomalous activity in backup systems to security teams via an XDR/MDR platform can help surface threats much faster. While this is not commonly practiced today, it is likely to become standard as data protection continues to evolve. The future will see more DR environments that are tightly monitored, segmented and reliable – recognising that recovery systems will be a prime target in future attacks.”
Pete says criminals are targeting DR systems because they know that disrupting backups increases their leverage. “The future of this market will focus on limiting what attackers can reach,” he says. “Organisations will place more emphasis on protecting recovery data from tampering, isolating key systems and reducing the number of paths that attackers can use to influence backup operations. Businesses will expect recovery plans to operate even when attackers have compromised multiple parts of the environment.
“A recovery strategy that cannot withstand attempts to sabotage it is not a strategy. It is a risk. The organisations that understand this will be better prepared for the next wave of attacks.”
