A third of organisations in the UK (31%) aren’t backing up all their sensitive data, risking operational disruption in the event of a cyberattack, according to research from AI-powered data security leader Cohesity. Failure to back up mission-critical data seriously inhibits organisations’ ability to restore operations and ensure service efficiency continuity following a breach, warns Cohesity.
Whilst UK organisations are increasingly aware of the importance of threat detection and remediation, data protection and recovery remain fragmented.
-
Patchwork approach compromises visibility – 38% of organisations aren’t applying consistent backup controls and policies globally.
-
Inconsistency complicates response and recovery efforts – Almost half of organisations (45%) don’t back up all workloads consistently, including virtual machines, applications and unstructured data.
-
Lack of rigour puts full data recovery at risk – Just 45% of organisations consistently follow the ‘3-2-1’ backup rule (three copies of data, stored on two different media types, with one copy kept off-site).
-
Absence of tamper-proof copies a danger – Less than half (45%) use immutability across all their organisational backup data to ensure resilience against cyberattacks.
Fraser Hutchison, VP Northen Europe at Cohesity, commented:
‘Most organisations now recognise the need to identify phishing scams or social engineering tactics; however, we can’t lose sight of what to do when disaster does strike. While complete prevention is near impossible, assurance of rapid recovery is fully within organisational control.
‘Our research shows that UK organisations still aren’t taking adequate precautions when it comes to data backups. By storing data on immutable platforms, they can ensure business-critical information remains beyond the reach of adversaries and that operations stay up and running, even when systems are compromised.’
Artificial Intelligence (AI): A risk and a remedy
The report further highlights the risks presented by the rapid adoption of GenAI technologies; over a third of UK businesses (33%) believe GenAI adoption is progressing at a pace that significantly exceeds risk tolerance.
Despite GenAI creating a new host of security risks for businesses, it is also making a significant impact on processes for threat detection and response:
-
Almost half of organisations (54%) agree AI capabilities are highly effective for anomaly detection and analysis.
-
53% agree that AI is effective for behaviour monitoring and analysis.
-
50% find AI tools useful for accelerated threat hunting and investigation.
-
Only 34% agree that AI will be central to data security operations by the end of next year.
Hutchison continued: ‘UK organisations are understandably concerned about the risks of AI technologies, with GenAI adoption still outpacing risk tolerance. However, our research reveals some silver linings: AI is already augmenting previously time-consuming, manual security processes. By the end of next year, AI will play an increasingly central role in data security operations, enabling businesses to identify and respond faster to threats.’
Methodology
*Findings are based on a survey of 400 IT security decision makers and IT/data decision makers in the UK commissioned by Cohesity and conducted by Vanson Bourne in September 2025. The organisations had 1,000 or more employees and came from a range of public and private sectors.
Visit cohesity.com to learn more.
