British businesses are being urged to rethink their approach to data resilience as cybercriminals increasingly weaponise artificial intelligence to destroy backup systems, leaving victims in what one tech firm describes as a 'dark, dead' state. Commvault, a global leader in data management, has warned that traditional backup strategies are no longer sufficient in an era where attackers use AI to identify and corrupt recovery copies before deploying their ransomware.
Speaking at a recent industry briefing, Commvault's senior vice president for Europe stressed that many organisations still assume that simply having backups is enough. 'The reality is that AI-driven attacks now target the backup environment itself. If you don't test your ability to restore, you may discover too late that your safety net is gone,' he said. The firm recommends that UK companies perform regular, full-scale recovery drills — not just automated checks — to verify that data can be restored within business-critical timeframes.
For UK consumers and businesses, the implications are significant. A successful attack that wipes both primary data and backups can halt operations for days or weeks, leading to lost revenue, reputational damage, and potential regulatory fines. The Information Commissioner's Office (ICO) already expects organisations to have robust data security measures in place, and the incoming EU AI Act — which may affect UK firms with European customers — could require demonstrable resilience against AI-powered threats. Failure to comply might result in penalties of up to 7% of global turnover under the AI Act.
Dr. Helen Marlow, a cybersecurity researcher at the University of Cambridge, commented: 'The threat landscape has shifted. AI allows attackers to automate reconnaissance, identify weak points, and strike with precision. For the UK economy, which relies heavily on digital services, the cost of inaction could run into billions. Small and medium-sized enterprises are especially vulnerable because they often lack the resources for rigorous backup testing.' She added that the UK's National Cyber Security Centre has also highlighted the growing risk of AI-enabled ransomware.
Commvault's call to action comes as ransomware attacks in the UK have risen by over 40% year-on-year, with sectors such as healthcare, finance, and local government frequently targeted. The company argues that resilience must be redefined: not just having a backup, but being able to recover quickly and completely. For UK readers, this means that the apps, banking services, and public services they rely on are only as resilient as the backup testing behind them.
Source: Commvault