the 20's super simple guide to cyber insurance: cyber insurance and data backup

The 20’s Super Simple Guide to Cyber Insurance

Part 7: Cyber Insurance and Data Backup

You just spilled sauce all over your recipe book on the night of your dinner party – uh oh. Luckily, you have a digital copy saved on your recipe app. It’s the exact same recipe, including all of your personal touches. So, you toss the ruined recipe and carry on with your dinner plans. Good thing you had a backup!

This analogy helps us understand why data backup is so important for business operations and IT. When something causes your IT systems to fail and data to be lost, damaged or compromised – like a natural disaster, a cyberattack, or simple human error – having backups (i.e., copies of it) allows you to resume operations quickly and seamlessly. The data that you lost, just like with the ruined recipe, isn’t really lost, because you have an exact copy of it, waiting in the wings.

In this final part of our Super Simple Guide, we’re delving into the nuances of data backup – including its relationship to cyber insurance – so that you can back up your organization’s data with confidence and know-how.

Data Backup and Disaster Recovery

You often hear “data backup” and “disaster recovery” mentioned in the same breath, often bundled in the acronym ‘BDR’ (backup and disaster recovery). But, it’s important to remember that backup is not the same thing as disaster recovery, though the concepts are fundamentally linked.

Specifically, backup is one part of disaster recovery – albeit a very important part. Disaster recovery is the plan an organization has in place to restore critical IT systems and resume normal operations after a major disaster event – you can check out our full blog on disaster recovery here. More simply, it’s how an organization gets its critical technology up and running again. A disaster recovery plan relies heavily on backups, because it’s a lot harder to resume normal operations if you’ve lost a bunch of data that isn’t backed up.

That said, having backups doesn’t guarantee a smooth recovery following a disaster. You need a clearcut disaster recovery strategy to restore those backups as quickly as possible and minimize disruption to your employees and customers.

This brings us to our next topic – what makes for a good data backup strategy…

Not All Backups Are Created Equal

When it comes to backing up your data, the devil’s in the details. Different businesses have different backup needs, and figuring out those needs requires sitting down and really crunching the numbers. Working with trusted IT professionals or a managed service provider (MSP) can make this process much easier and less overwhelming. But here are some general things to consider…

The Cloud Is Nothing to Fear

Yes, data backups cost money, but there are cost-effective ways to maintain and manage backups, especially with the rise of cloud-based storage. The cloud offers cost-effective backup solutions that are, generally speaking, secure and efficient, as well as geographically distant (more on why geographic distance matters in a moment).

3-2-1 Rule

The 3-2-1 rule is a general framework of guidelines for data backup. It states that an organization should have…

  • At least 3 copies of data
  • Stored on at least 2 different types of media
  • With at least one storage solution located offsite

The third criterion is especially important. If all of your backups are on-premises, and there’s a power outage, you’re not only going to lose your original data, but your backups too, leaving you unable to run your business. This is bad news, as downtime is expensive. According to recent research, the average cost of IT downtime has increased from its previous $5,600 per minute to a whopping $9,000 per minute!

So, make sure you have backups that are located offsite, and ideally, somewhere really far away, so that your backups can survive local disasters.

Determine Your Organization’s RPO and RTO

RPO and RTO are critical concepts you’ve probably never heard of – and if you have, kudos! Here’s a simple explanation:

  • Recovery Time Objectives (RTO) indicates the maximum time your business can be down before any significant consequences.
  • Recovery Point Objectives (RPO) is the maximum amount of data loss your business can suffer. Here is where you will implement data back-up software indicating your preferred back-up frequencies and recovery preferences.

Figuring out your SMB’s RPO and RTO is essential to crafting a suitable backup strategy and overall disaster recovery plan. This can get complicated, so again, seek outside help from a trusted IT provider like us or from any in-house DBR experts on staff.

Data Backup and Cyber Insurance

There are two important points about the relationship between data backup and cyber insurance:

  1. Cyber insurance carriers expect your SMB to back up data regularly. Why? Because it’s a basic cybersecurity measure, and without it, they may deny you coverage.
  2. Backing up your data isn’t just for impressing cyber insurance carriers – it’s something you do because it helps keep your business safe! A cyber insurance carrier might help absorb some of the costs that stem from a business interruption due to a data breach, but one thing your cyber policy won’t do for you is get your data back. Backing up your data is solely your responsibility.

In short, even if you have coverage, losing data that isn’t backed up can be devastating to your business.

Final Thoughts

Too many SMBs swing to one of two extremes:

  1. They ignore data backup altogether, and then, when they experience a disaster that results in massive data loss, they’re up a creek.
  2. They fall for every fancy data backup solution and spend way more money on backing up data than is necessary.

You can’t do without backup – it’s that simple. With the prevalence of cyberattacks as well as the ever-increasing demands of compliance regulations, not backing up your data is just as foolish as leaving your office’s doors unlocked at night. But not any old backup solution will do; your responsibility is to develop an approach to data backup that is both cost-effective and conducive to business resilience. That’s where the real work starts. So, what are you waiting for?