Data loss can occur unexpectedly and in many different forms, whether due to a technical defect, a cyberattack or an accident. However, if you have backed up your data in advance, you can easily transfer the stored data, such as documents, contacts and photos, to a new device. To mark World Backup Day on March 31, 2025, the BSI is reminding consumers of the importance of regular data backups.

There are various options available to consumers for a backup. These include

• External, physical storage media: This can be an external hard disk or a USB stick, for example. They offer the advantage that data can also be transferred without an internet connection. However, there is a risk of loss, theft or a defect in the storage medium. It is therefore also worth keeping the external hard disk or USB stick separate from the device whose data is stored on it.
• Cloud storage: Many cloud storage providers offer the convenience of regular and automatic synchronization even across multiple devices. Users should find out about the provider's security functions and data protection guidelines.

A backup can be made both in the cloud and on a physical storage medium, such as an external hard disk. A simple search engine search is often enough to check the reliability of the cloud provider. If you opt for a physical storage medium, it should be stored in a different location to the computer whose data is to be backed up, for example. This way you are prepared for emergencies such as burglary or fire.

The BSI summarizes further information in instructions for creating a backup copy for various devices and operating systems.

Statements on World Backup Day 2026

Marie Menke, consumer protection expert at the BSI: Backups in private environments too

"Whether family photos, contacts or documents - countless important data is stored on our computers, smartphones and tablets. However, if the device suffers a technical defect, this data is lost. The same can happen in the event of a cyberattack or due to human error on the part of the user. It is therefore worth backing up the data."

Corey Nachreiner, Chief Security Officer at WatchGuard Technologies: Backups protect data availability

Corey Nachreiner, WatchGuard Technologies © WatchGuard Technologies

"World Backup Day on March 31 is a reminder that data backup has long been more than just an IT task: it is a crucial building block for corporate and cyber resilience. Data is still one of the most valuable and at the same time most vulnerable resources of any company, regardless of the industry. Regular, functioning backups help to reduce downtime, maintain business operations, meet compliance requirements and be able to act again quickly after disruptions.

The central message of this year's World Backup Day is clear: it is not enough to simply back up data - it is crucial to test and protect backups and ensure that they can be reliably restored in the event of an emergency. In the event of an attack, companies that know that their data is always available at all times recover the fastest. A solid backup strategy is of great importance here and should include a detailed recovery plan that defines which critical systems must be restored first in an emergency. Equally important is the quality of the backups: status monitoring and regular recovery tests ensure that data is always complete.

It should not be forgotten: Backups protect the availability of data, but do not guarantee its confidentiality. Encryption is the first line of defence against unauthorized access and data leaks - and this also applies to backup data. With ransomware increasingly causing business disruption through data theft and extortion, companies need to secure endpoints, identities and sensitive data so that attackers can't easily expose or monetize what they find."

Andre Schindler, General Manager EMEA, NinjaOne: Backups are not a tick on the to-do list

Andre Schindler, NinjaOne © NinjaOne

"World Backup Day is a reminder that backups are not a tick on the to-do list, but a key factor for operational resilience. And with the help of up-to-date backup strategies, this must be effective wherever business-critical data is created, distributed across endpoints, servers and SaaS applications. The decisive factor is not only that data is backed up, but also how quickly and reliably it can be restored in an emergency - without media disruptions, unnecessary complexity and loss of time. When IT teams can mount backups, restore files directly from a central interface and react immediately via remote access, recovery processes become much faster and clearer: less complexity, more efficiency - and above all, more certainty when it matters."

Christian Scharrer, Dell Technologies © Dell

Christian Scharrer, Enterprise Architect and CTO Ambassador at Dell Technologies: Protecting backups

"Regular data backups are one of the security basics, but they are no longer enough to protect against ransomware attacks. Companies need backups and data copies that cannot be compromised by cyber criminals because they are stored in tamper-proof, unalterable storage or well-secured data vaults. Irrespective of this, companies must also regularly check their backups for functionality, because if the recovery does not work in an emergency, the data backup is worthless and only wastes storage space."

In a press release, Dell emphasizes the importance not only of backups, but also of protecting them. To prevent cyber criminals from rendering data backups unusable, companies should store their backups on immutable storage, according to the company. These are special platforms that prevent subsequent changes to data once it has been written by means of a "retention lock" or "object lock" for a defined period of time. This protects backups not only from manipulation by ransomware, but also from accidental deletion by users.

Particularly important backups or copies of the most valuable data should also be stored in isolated cyber vaults. These data vaults are separated from the rest of the infrastructure by an operational air gap and are therefore inaccessible to ransomware. The vaults are only visible in the network at very specific times in order to receive verified data after strict authentication via encrypted connections.

Both immutable storage and cyber vaults can be set up on local storage systems and in the cloud, allowing companies to create multiple copies of data and store at least one of them "offsite" - just as recommended as part of the proven 3-2-1 backup strategy.