We spend a lot of time talking about the “shield” in cybersecurity. We invest in the latest AI-driven firewalls, we mandate complex passwords and we even celebrate when our monitoring tools catch a stray piece of malware before it can do any damage. There is a specific kind of comfort that comes with seeing a dashboard full of green checkmarks. It creates a sense of security that feels absolute. Then we tell ourselves that because we have invested in the right stack, we have effectively bought our way out of risk.
But this brings us to the most dangerous assumption in the modern office: the illusion of being “ready.” Most leadership teams would just look at their backup schedule, see that a successful sync happened at 2:00 AM and consider the box checked. They believe that because the data is stored somewhere else, the business is safe.
But as the Marks & Spencer ransomware event of 2025 showed us, even a giant can be brought to its knees. Despite their scale, the attack forced a total shutdown of online services and automated ordering. When the “green dashboard” failed, they were forced to revert to pen and paper to track stock, leading to an estimated £300 million loss in profit. Recovery took nearly four months, and it wasn’t because they didn’t have backups. Their recovery was dragged because the complexity of restoring those systems in a live environment was an operational nightmare.
The chaos of the first hour
When a major attack actually hits, the “green dashboard” disappears instantly. In its place is a high-pressure environment where every minute of downtime is burning capital. This is the moment where your strategy starts to fray at the edges. In your calm boardroom, a recovery plan looks like a series of logical steps. But in a live crisis? Those steps feel like trying to solve a puzzle while the room is on fire.
The pressure of a shutdown changes how people think. Decisions that seemed clear-eyed during a quarterly review become clouded by urgency. Without true recovery readiness, the first few hours are usually spent in a state of reactive chaos. Your IT team is trying to find the source of the infection, your legal team is arguing about disclosure and your executive team is demanding a timeline that no one can actually provide.
Let ‘s take a closer look at Jaguar Land Rover in late 2025. When they were hit, the “digital siege” was so severe they had to halt production at their UK factories for five weeks. The estimated economic impact reached a staggering £1.9 billion, making it UK’s costliest cyber attack in history. This wasn’t just a technical glitch; it was a large-scale operational disruption that sent ripples through their entire supply chain. When production lines stop, the chaos isn’t just in the server room, it’s on the factory floor and in the bank account, costing roughly £50 million for every day the systems stay dark.
Where the strategy actually breaks
The breakdown usually happens in the transition from “we are under attack” to “we are moving back to normal.” This is where the lack of recovery readiness becomes painfully visible. Even if your backups are physically there and unencrypted, the road to restoration is often blocked by major hurdles that technology alone cannot solve.
The problem of the clean recovery point
It is one thing to have a backup from four hours ago, but it is another thing entirely to know if that backup is actually safe to use. Modern attackers often sit inside a network for weeks before they strike. This means your “latest” backup might already contain the very backdoor the hackers used to get in. If you restore a compromised backup, you are effectively letting the intruder back in through the front door.
The timeline is almost always a shock
Most businesses assume that “restoring from backup” is like dragging a file from a USB drive to a desktop. In reality, moving terabytes of data over a network takes time, usually days to weeks. For Asahi Group, a ransomware attack in late 2025 forced them to use pen and paper to process orders and shipments as their systems became entirely unavailable. With nearly 1.9 million records potentially exposed and operations significantly slowed, the recovery efforts have extended well into 2026. So yes, you are not just “fixing” a computer; you are rebuilding a global supply chain while the world watches.
Complete misalignment of teams
Recovery is a full-company effort, yet it is often treated as a back-office IT task. Even critical national systems aren’t immune to this struggle. The SingHealth data breach in February 2026, which saw 450GB of data leaked, reminds us that even with the highest levels of security oversight, the investigation and restoration phase can be an ongoing, multi-month ordeal. These internal frictions act like sand in the gears of your recovery engine, stretching out the downtime and multiplying the costs.
The gap isn’t a feature, it’s a choice
We have to be honest about why this gap exists, and it isn’t because the technology is failing us. In fact, modern backup and recovery tools are more powerful than they have ever been. The biggest gap in the industry is the lack of untested recovery readiness.
Companies spend millions on prevention because it feels proactive. It’s active work. Testing a recovery plan, on the other hand, feels like prep work. It is often pushed to next quarter or relegated to a tabletop exercise that doesn’t actually touch the hardware. But a recovery plan that hasn’t been tested in a simulated environment isn’t a plan. It’s a list of wishes.
True recovery readiness requires a shift in priorities. It means moving away from the “set it and forget it” mentality of backups. It requires you to intentionally break things in a controlled environment so you can find out exactly where the friction is. You need to know exactly how long it takes to spin up your most critical application from scratch. You need to know exactly who needs to be in the room to authorise a total system wipe. If you are discovering these answers for the first time during a ransomware attack, you have already lost the battle.
Recognising the gaps before the attack
Most teams only discover these structural failures when it is far too late to do anything about them. They spend years building a digital fortress, only to realize during the first storm that the foundation was made of sand. The goal of a modern cybersecurity strategy shouldn’t just be to stay “safe”. It should be to stay functional.
And the question isn’t whether you have the tools to survive, but whether you have the recovery readiness to recognise your own weaknesses before the recovery process actually begins. Are you willing to look past the green checkmarks on your dashboard and ask the hard questions about what happens when the lights go out?
If you aren’t sure where your chaos moments might hide, it’s time to stop guessing and start measuring. The distance between a minor setback and a company-ending disaster is often just a few hours of preparation.
Don’t discover your gaps during a crisis
Is your team operating under the illusion of readiness? You might have the tools, but do you have the muscle memory to use them when the pressure is on? If you want to move from “hoping” you’re ready to “knowing” you’re resilient, we can help.
👉 Make sure your strategy doesn’t break when you need it most. Book your 15-Minute Cybersecurity Time-Out Clinic today and get a real-world look at your recovery readiness.
https://event.netpluz.asia/netpluz-time-out-clinic/
![[BLOG]Legacy Backup Is No Longer Enough](https://www.netpluz.asia/wp-content/uploads/2026/03/BLOGLegacy-Backup-Is-No-Longer-Enough.png)