The Situation
A professional services firm purchased cyber insurance, attesting to:
- Daily automated backups
- Offsite/cloud backup storage
- Regular backup testing and verification
- Documented recovery procedures
They did have a backup solution — on paper. What they didn't know was that backup jobs had been failing silently for months. No monitoring. No alerts. No testing.
The Discovery
When ransomware hit and they attempted to restore:
- Last successful backup was 4 months old
- Backup agent stopped running after a server update
- No alerts were configured for failures
- No restore tests had been performed in over a year
Claim Denied
Insurance investigation revealed the attestation didn't match reality. The company absorbed the full cost.
What "Proper Backups" Actually Means
When insurers ask about backups, they expect:
- Automated daily backups — Not manual, not weekly
- Offsite/air-gapped storage — Can't be encrypted by network ransomware
- Immutable retention — Can't be modified or deleted for a set period
- Monitoring and alerting — Someone gets notified when backups fail
- Regular restore testing — Quarterly verification you can actually restore
- Documented RTO/RPO — Written recovery objectives
The lesson: "Having backups" isn't the same as "having working, tested, verified backups." Your attestations need to be accurate — and provable.
Source: Corsica Technologies 2025 Insurance Readiness Report