More businesses than ever are now reporting that they’re choosing to recover from backups, rather than cede to ransomware demands. In fact, recent Databarracks research found that just 17% of UK businesses paid the ransom in the past year.
The changes in response and recovery are in part down to better backup practices. Managed Service Providers (MSPs), IT partners, and resellers have all played a crucial role in supporting businesses beyond the common compliance checkboxes and anti-virus software solutions of the past.
Businesses are now utilizing channel partners’ expertise to implement resilience strategies that include air-gapped and immutable backups and conducting regular testing, planning, and rehearsal. All of this is giving businesses the confidence to say no to ransom demands.
Air-gapped, immutable backups
The best exit route for organizations facing ransomware is to be in a position where they can choose not to make the payment. In order to do that, they first need to have an air-gapped, immutable backup that can’t be compromised.
There are several different methods to create air gaps now. There are also several ways to introduce ‘immutability’ that balance access with storage and cost. The channel can play a crucial part in supporting businesses with this step, advising on the best method, solution, and supporting technology per a business’s unique needs, then handling the implementation too.
One of the added benefits of outsourcing backups to a managed service provider is that you introduce another level of separation between production data and backups. Our recommendation from a continuity perspective would be to adopt a multi-vendor approach wherever possible. For example, having one supplier delivering production IT and another looking after IT resilience.
Implementing immutable storage is often touted as a silver bullet, but channel partners need to explain to their customers that they are committing to an increase in storage, too. There’s no blanket policy or simple answer for every organization; any decisions need to balance cost and risk.
Having all of this in place isn’t enough on its own, either; businesses also have to want to refuse the ransom. In rare cases, the ransom will even cost less than carrying out your own recovery.
Prepared, rehearsed, and resilient
The right channel partner can support more than just implementing new techniques and technologies. They also play a role in keeping cybersecurity policies and incident response plans up to date and can ensure that businesses are aware of any new requirements.
Crucially, they ensure teams are trained to recognize and report incidents promptly. While most organizations are already delivering cybersecurity awareness training — a necessary baseline — not all are pairing it, as they should, with incident response exercises.
Channel partner support with recovery planning and rehearsal is integral in instilling confidence for when disaster strikes. It’s always advisable to conduct regular cyber crisis management exercises to test plans and ensure preparedness.
Regulation plays its part
The shift in ransomware response is also in part due to new regulations. The UK Government confirmed its new ransomware policy in July, which includes a ban on ransom payments by public sector bodies and critical national infrastructure operators, plus mandatory reporting and pre-payment notification for the private sector.
While this is bold, the data shows the direction of travel was already clear. In one sense, the policy is a formalization of where UK businesses were already headed. Paying the ransom used to feel like the only option. Now, the best-prepared organizations are recovering faster, more reliably, and without funding criminals.
Overall, the balance is shifting. Despite these changes, the best antidote to ransomware – beyond any regulatory directives – remains preparedness.
The road ahead
The channel is empowering more organizations to make that choice and take a meaningful step towards strengthening the UK’s cyber resilience and breaking the cycle of ransomware attacks.
Recovery isn’t a last resort; it’s a strategy. The organizations that plan and rehearse their recoveries are the ones that come through an attack strongest. That’s how you beat ransomware: not by paying, but by preparing to recover.
How automation is quietly redefining what “good” looks like in endpoint management
Tapping into the ’touch grass’ movement in cybersecurity
The hidden cost of MFT vulnerabilities
The deepfake threat to mobile app authentication: What CISOs need to know
Data at risk: helping your customers close gaps in their supply chain
DNS Security 101: Safeguarding your business from cyber threats
How bridging the IT visibility gap empowers channel partners
What actions should channel partners take in response to DSPM growth?
