⚠️ Business Data Backup & Recovery
Business Data Recovery: What Actually Happens When Data Disappears — And How to Make Sure It Doesn't
Most small businesses have a backup. The problem is that most of those backups don't actually work — until the moment you try to use them. A practical guide to business data loss: what really happens, what professional recovery costs, what insurance covers, and what it takes to make the question irrelevant.
Tuesday Morning: The Computer Won't Start
No drama. No warning. The hard drive that failed on Tuesday worked fine on Monday. The ransomware that encrypted all the files came through an email that looked like every other email. The technician who accidentally deleted the archive folder didn't know he'd made a mistake until he tried to undo it.
Business data loss doesn't announce itself. It just happens — and the business's response in the first few hours determines what comes next.
📋 A typical scenario: drive failure with no working backup
- Step 1 — Drive won't start. Restart attempted. Doesn't help.
- Step 2 — Technician called. Arrives. Confirms: physical failure. Data inaccessible.
- Step 3 — Backup checked. The backup hasn't run for two months — the external drive was unplugged.
- Step 4 — Professional recovery company contacted. Quote received. Wait begins.
- Step 5 — Days of downtime, uncertainty, and unexpected cost.
The question every business should ask isn't "will this happen to us?" — it's "when it does happen, what will our backup look like at that exact moment?"
Data Loss Cause #1
Hardware failure — drives and servers
Data Loss Cause #2
Accidental human deletion
Data Loss Cause #3
Ransomware attack
What Does Professional Data Recovery Cost — And What Are the Odds?
Professional data recovery is a market with highly variable pricing — depending on the type of damage, urgency, and the recovery company. There are two main damage types, each with a very different cost profile.
Logical damage — deleted files, lost partition, accidental format
This is the less severe type. The drive itself is physically intact — only the logical structure is damaged. Software-based recovery can achieve high success rates, but won't always retrieve everything. The longer you wait or continue using the drive, the more likely data is overwritten and permanently lost.
Physical damage — read head failure, mechanical damage, fire, water
This requires "clean room" work — a controlled environment to prevent dust from completing the damage. Parts are swapped from matching donor drives; the process reads sector by sector. It takes 3–10 business days, and market pricing for this level of work is significant — with no guarantee of a complete result. Partial recovery is a legitimate, billable outcome.
🔴 What's important to understand: A professional recovery company can charge the full fee even for partial recovery — even if they didn't retrieve the specific data you needed. They did the work; the problem was in the drive, not the process. Read the agreement before handing over a drive.
Ransomware — files encrypted, payment demanded
Ransomware is its own category. The files exist — they're simply encrypted with a key only the attacker holds. Options: pay the ransom (if a valid key even exists on their end), wait for the encryption key to be published (occasionally happens), or restore from a clean backup that predates the attack. The fourth option — no backup, no payment — typically means total loss.
⚠️ On paying ransom: Against: funds criminal infrastructure, doesn't guarantee a valid decryption key, may mark you as a repeat target. For: for businesses with no working backup, it may be the only practical path back to operations. There's no single right answer — there's only a direct consequence of your backup status at the moment of the incident.
What Cyber Insurance Covers — And What It Doesn't
Business cyber insurance is a product the Israeli market is still slowly adopting. Many businesses don't know it exists; some who bought it haven't read the coverage carefully. Here's what business cyber policies typically include — and typically exclude.
Usually covered
Ransom payments — subject to insurer approval and policy terms. Note: amounts are capped, and not every policy covers every ransomware type.
Forensics costs — investigating the incident, identifying the entry point, documentation for legal and regulatory purposes.
Business interruption — compensation for lost revenue during downtime, subject to a waiting period and policy terms.
Third-party liability — if client data was leaked and a client sues, the policy may cover legal defense.
Usually not covered
Basic negligence — if the insurer finds no endpoint protection, no documented backup, or default passwords were never changed — the policy may be voided.
Incidents that began before the policy — attackers sometimes sit in networks for months before activating ransomware. If the breach predates coverage, there's a problem.
Data loss without a cyber event — ordinary hardware failure, accidental deletion — typically not covered by cyber insurance, and possibly not by property insurance either.
💡 The practical conclusion: Cyber insurance is a safety net, not a substitute for backup. Even businesses with comprehensive policies whose backups aren't working will struggle with claims and recovery. Insurance covers costs; backup determines how long you're down.
OneDrive Is Not a Backup — And What Is
One of the most common mistakes businesses make: they think they have a backup because their files are in OneDrive or Google Drive. This isn't a small mistake — it's one that surfaces exactly when you need it most.
| Feature |
OneDrive / Google Drive |
Real Backup |
| What it does |
Syncs files between devices |
Stores independent historical versions |
| If a file is ransomware-encrypted |
Encrypted version is synced to cloud |
Clean version exists at prior restore point |
| If a file is accidentally deleted |
Deleted from all devices (after a window) |
Restorable from historical version |
| Ransomware protection |
Minimal — depends on settings and plan |
Immutable versions — not accessible to malware |
| Integrity verification |
Not performed systematically |
Periodic tested restores, documented |
Real backup follows the 3-2-1 rule: three copies of data, on two different media types, with one copy stored off-site. This isn't theory — it's the standard that insurers, lawyers, and regulators expect to see when examining a business after an incident.
Five Questions Every Business Must Be Able to Answer Right Now
No deep technical audit required. These are the baseline questions that determine whether you have a backup you can actually rely on — or one that only looks good on paper.
When did the backup actually last run? Not when it was configured — when did it actually execute. Check the logs. Backups scheduled to run overnight often stop due to an error nobody noticed.
How many versions back are stored? One version back is not enough. Ransomware planted three weeks ago will encrypt your backup too if there's only one copy. A sensible minimum: 30 days back.
Is the backup stored off-site? A backup on an external drive sitting next to the computer doesn't protect against fire, flood, theft, or ransomware scanning the network. An off-site or cloud copy is required.
Is the backup write-protected? A backup that can be modified can also be encrypted. An immutable (read-only) backup is the standard against ransomware.
When did you last test a restore? Not "the backup looks like it's running" — did you actually restore a real file and verify it was intact. An untested backup is a false sense of security.
💡 The simple rule: An untested backup is not a backup. A professional IT team performs monthly restore tests and documents them — not because problems happen every month, but so that when they do, there's proof of where to return to.
Common Questions About Business Data Backup and Recovery
1. What's the difference between backup and OneDrive/Google Drive?
﹢
OneDrive and Google Drive are sync services — they mirror your files to the cloud, but if a file is deleted, corrupted, or encrypted by ransomware, the sync copies the damage to the cloud too. Real backup stores independent historical versions that aren't accessible to malware, with multiple restore points and automated integrity checks. The two are not interchangeable — they're different layers of protection.
2. How long does data recovery take after an incident?
﹢
It depends entirely on the damage type and backup state. Restoration from a working cloud backup can take a few hours — an RTO measured in hours, not days. Professional recovery from a physically failed drive takes 3–10 business days with no guaranteed outcome. Recovery from ransomware without a working backup can take weeks — or be impossible altogether.
3. Should you pay a ransom?
﹢
It's a complex decision with no universal answer. Against paying: funds criminal infrastructure, doesn't guarantee a valid decryption key, may mark you as a repeat target. For paying: for businesses without a working backup, it may be the only practical path to resuming operations. Cyber insurance sometimes covers ransom payments — depends on the policy. The right answer is to never arrive at that decision point in the first place.
4. What's the minimum every business should know about their backup?
﹢
Three questions every business owner must be able to answer: (1) When did the backup actually last run — not when was it configured? (2) How many versions back are stored? (3) When did you last actually test that a restore works? If you can't answer any one of those — there's work to do, and better to do it before you need it.
5. What does business cyber insurance actually cover?
﹢
Business cyber policies in Israel typically cover: ransom payments (subject to terms), forensics costs, business interruption (lost revenue during downtime), and third-party liability if client data was leaked. What's typically not covered: damage from negligence, absence of basic security controls, and incidents that began before the policy took effect. Cyber insurance doesn't replace backup — it covers costs; backup determines how long you're down.
Check Your Business Backup Status
VARNOXX provides managed IT and data security services for small and mid-sized businesses in the Shephelah region, Rishon LeZion, and Rehovot. Start with a short consultation call — we'll give you a clear picture of your backup posture, risks, and what needs attention.
Backup Status Check
Security Gap Analysis
IT Infrastructure Mapping
Custom Quote
Schedule a Consultation →
📞 058-634-0063 | info@varnoxx.com
Businesses with sensitive data — also read:
← Back to Home