Over 90% of ransomware operators now target backup infrastructure first — before encrypting anything else. This 2-minute assessment scores your backup architecture against the criteria attackers exploit and carriers require.
Backup Exposure Score
8 questions. 2 minutes. Find out if your backups would survive a ransomware attack.
Question 1 of 8
Network Architecture
Are your backups stored on the same network as your production environment?
This includes NAS shares, backup servers, or any storage accessible from domain-joined machines.
Yes — same network
Partially separated
Air-gapped / cloud-isolated
Credential Separation
Do your backup admin accounts use the same credentials as your production IT accounts?
If compromising a domain admin account gives access to your backup console, this is a gap.
Yes — shared credentials
Some overlap
Fully separate accounts
Immutability
Are your backups immutable — meaning they cannot be modified or deleted by anyone who has compromised your production environment?
Immutable storage enforces write-once retention at the storage level, not just via access controls.
No
Partially
Yes — fully immutable
MFA on Backup Systems
Is your backup software console and management interface protected by MFA?
Separate from production MFA — this specifically covers access to the backup platform itself.
No
Yes
Offsite / Cloud Copy
Do you have an offsite or cloud copy of backups completely separate from your on-premise infrastructure?
An on-site backup and an on-site secondary copy are not the same as an offsite copy.
On-premise only
Offsite, same vendor network
Truly offsite / cloud-isolated
Restore Testing
When did you last complete a documented restore test — not a backup job log, but an actual data restore with timestamps and results?
Carriers now require this within the last 90 days to satisfy underwriting requirements.
Over a year ago / never
6–12 months ago
Within 90 days — documented
Recovery Clarity
If ransomware encrypted your primary systems right now, does your team know exactly which backup to restore from and how long it would take?
This is about documented recovery runbooks, not general confidence.
No — no documented process
Informally — key person knows
Yes — documented runbook
Review Cadence
Has your backup and recovery architecture been formally reviewed in the last 12 months?
Not just "are the jobs running" — a review of architecture, coverage gaps, and alignment with current threats.
No — not formally reviewed
Yes — reviewed in last 12 months
—
Exposed
Your backup architecture has significant gaps that ransomware operators specifically target. Based on your answers, your backups may be reachable from your production environment — meaning an attacker who compromises your network likely has a path to your recovery option before you know you've been hit.
Talk to Mike Johnson — Backup Architecture Review
20 minutes. We go through what you have, what's in the blast radius, and what to fix first. No cost, no obligation.
You have some protections in place, but your backup architecture has at least two gaps that ransomware operators are specifically targeting in 2026. The right combination of missing controls could still leave your recovery option inside the blast radius.
Talk to Mike Johnson — Backup Architecture Review
20 minutes. We go through what you have, close the remaining gaps, and confirm your recovery plan is out of reach. No cost, no obligation.
Your backup architecture is solid. You've addressed the primary vectors that ransomware operators target — isolated storage, credential separation, immutability, and documented restore testing. That puts you ahead of the majority of manufacturers in your size tier.
Want a second set of eyes?
Even well-architected backup environments have edge cases — especially as OT and IT networks converge. Mike does a free 20-minute architecture review if you want to confirm there are no blind spots.
