Elevating data protection to cyber resilience

June 22nd, 2026
Guest IDC blogger - Johnny Yu
Backup & Recovery, Cybersecurity

Sponsored by: Kaseya

This is a guest blog post by International Data Corporation (IDC), the global market intelligence leader, sharing independent insights on the state of cyber resilience for IT teams.

Data protection has always been the bedrock of IT resilience. However, in the era of increasingly frequent and sophisticated ransomware and data exfiltration attacks, backup alone no longer keeps organizations protected.

Businesses today face all manners of threats to their data. Cybercriminals will encrypt data and withhold the decryption key until a ransom is paid. They will copy sensitive data and threaten to sell or publicly release it, creating pressure to pay even when recovery is possible. In addition to the data itself, they will target backup systems, user identities, applications, and anything that can cause a disruption or make recovery more difficult or impossible.

In order to confront today’s cyberthreats, data protection must evolve into cyber resilience. IT, security, and business leaders must understand the difference between the two and what it takes to bridge the gap.

Where traditional data protection falls short

Traditional data protection focuses on a narrow but important set of questions: Do you have a copy of your data? Are backups running when they’re supposed to? Are you hitting your recovery time and recovery point objectives (RTOs/RPOs)?

For everyday incidents such as accidental deletions or hardware failures, and even large-scale natural disasters, data protection is sufficient. However, it was never designed for malicious attacks, where backup admin credentials or the backup data itself may be compromised. When you factor in that malware has already been copied into backup and your most recent restore point may already be unusable, this fundamentally changes how recovery must be done.

The three pillars of cyber resilience

Moving from data protection to cyber resilience requires building on three interconnected capabilities:

  • Early detection: Detecting indicators of compromise before an attack fully detonates is the first line of defense. This means deploying malware scanners capable of finding ransomware hidden inside backup files combined with anomaly detection that flags unusual data change rates, unexpected administrator logins, and abnormal activity patterns. Finding an intrusion early helps identify the last known good copy of data, before any corruption took place.
  • Clean backups. Every cyber resilience strategy must guarantee data survival and integrity. Backup data should be stored in immutable storage with limited access to prevent tampering or destruction. Also, since ransomware can silently infiltrate backup systems and remain dormant for weeks or months before triggering, backup strategies must span multiple restore points.
  • Rapid, safe recovery. When it is time to recover, restoring to an isolated clean-room environment first instead of directly to production ensures re-infection doesn’t occur. From there, recovery orchestration and automation compress the time to restoration, reduce reliance on manual processes, and support validation before systems go live.

Bridging the gap

Traditional data protection capabilities such as operational backup and disaster recovery (DR) form a solid foundation for addressing the three pillars of cyber resilience. Organizations can bridge the gap by layering security capabilities on top of what they already have.

Implementing role-based access control (RBAC), multi-factor authentication (MFA), and multi-person authentication (MPA) on backup systems go a long way in preventing infiltration. Integrations between data protection tools and Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) tools can help organizations coordinate a response when suspicious activity is detected.

Data survival is already the core function of data protection, but additional measures such as immutable storage and the security features mentioned previously bolster defenses against targeted, malicious attempts at deleting or modifying data. The cyber resilience approach to data survival accepts that attacks are inevitable and multiple restore points, malware scan checkpoints, and layers of defense are necessary to guarantee data survival and integrity.

Finally, traditional DR can be tuned to recover from cyberattacks. DR scenarios take for granted the facts that disasters have a clear ending point, a defined blast radius, and the last good data recovery point is known. In a cyberattack scenario, none of these are guaranteed. Therefore, the recovery component of cyber resilience builds upon DR by implementing tools to identify affected systems, scan both live data and backup copies for malware, and create isolated recovery environments. Only after confirming the recovered data is free of malware can recovery to production occur.

The cyber resilience mindset

The organizations best positioned to survive a ransomware attack share a common mindset: they treat cyber incidents as inevitable, not exceptional. They build systems that assume failure at every layer, practice recovery before they need it, and extend their protection to cover every workload, including SaaS applications. Finally, they understand that cyber resilience requires IT and security teams to work together to mount a coordinated response against attacks.

Data protection remains essential to cyber resilience, but in isolation, it is not enough. Elevating it to cyber resilience means adding early detection, clean and verifiable restore points, isolated recovery environments, and a zero-trust posture. This has become the standard that the current threat landscape demands.

Message from the Sponsor

The shift from data protection to cyber resilience reflects the reality that organizations must prepare for increasingly sophisticated cyberattacks and protect business continuity in addition to data itself. Capabilities such as immutable backups, threat detection, recovery automation, and protection across on-premises, cloud, and SaaS environments have become important components of a resilient IT strategy. Kaseya’s solutions support these objectives as part of a broader approach to business continuity and cyber resilience. See Kaseya cyber resilience in action.

One Complete Platform for IT & Security Management

Kaseya 365 is the all-in-one solution for managing, securing, and automating IT. With seamless integrations across critical IT functions, it simplifies operations, strengthens security, and boosts efficiency.

Get a demo Explore Kaseya 365

One platform. Everything IT.

Kaseya 365 customers experience the benefits of the best IT Management and Security tools in a single solution.

Explore Kaseya 365

Your success is our #1 priority

Partner First is a commitment to flexible terms, shared risk and dedicated support for your business.

Explore Partner First Pledge

2026 Kaseya State of the MSP Report

Kaseya - 2026 State of the MSP Report - Web Graphic - 1200x800-UPDATED

Get 2026 MSP insights from 1,000 plus providers and learn how to grow revenue, adapt to market pressure, and stay competitive.

Download Now

Explore Categories

What is bare metal recovery? Definition, process and when to use it

Hardware fails without warning. A system that was running fine at the end of the day can be completely inoperable

Read blog post

What is SecOps? Security operations explained

Most organizations have two teams that should be working hand in hand but often operate in separate worlds: IT operations,

Read blog post

Is your business suffering from cloud complacency? Hidden Microsoft 365 and Azure risks in Europe

Discover the hidden risks of cloud complacency in Microsoft 365 and Azure. Learn why backup, recovery, and business continuity planning are essential for protecting business data.

Read blog post