Backup And Recovery

Q&A: Acronis Sr Product Manager On Prioritizing Cloud Backup Strategies In 2025

Expert Insights interviews Andy Kerr, senior product marketing manager at Acronis.

Andy Kerr cover

Andy Kerr is a senior product marketing manager at Acronis with over a decade of experience in B2B and SaaS growth strategies. Acronis offers cloud backup and disaster recovery, antivirus, and endpoint protection solutions, used by over 500,000 companies globally.

Cloud backup and recovery continues to be one of the most common challenges for Expert Insights readers. We recently reached out to the Acronis team to share Kerr’s insights on the biggest challenges in the cloud backup and recovery space today, and what trends he expects to see in the cloud backup space in 2025 and beyond.

What are the biggest challenges facing organizations in the cloud backup space today and how are threats evolving?

One of the most pressing challenges facing organizations in the cloud backup space today is the emergence of generative AI-enabled malware. Cybercriminals are increasingly leveraging artificial intelligence to develop more sophisticated and adaptive threats that can evade traditional security measures. This AI-driven malware can autonomously modify its code to avoid detection, generate highly convincing phishing emails, and exploit vulnerabilities at an unprecedented scale and speed.

Malware is not only targeting production data but backup data as well. Bad actors are specifically targeting backup data, which is the last line of defense against threats such as malware.

Malware authors are also looking to embed malware within backup data, often sitting dormant for upwards of over 200 days, which results in malware being recovered post cyber-attack. The only way to address this threat is to integrate backup with cybersecurity. By scanning backup data for malware, you can make sure that it’s possible to recover malware-free. Ideally, an organisation’s chosen solution would also enable patching an environment to ensure vulnerabilities are patched before recovery.

The acceleration of remote and hybrid work models has further complicated this issue by expanding the attack surface. With more employees accessing corporate resources from various locations and devices, there are additional endpoints that could be compromised by these advanced threats. The use of generative AI by malicious actors means that threats are not only more numerous but also more personalized and harder to detect.

In addition to these evolving threats, organizations are grappling with the exponential growth of data that needs to be securely managed, backed up, and restored. The increasing data volumes require backup solutions that are not only efficient and reliable, but also intelligent enough to identify and neutralize AI-generated threats embedded within the data.

Compliance with stringent data protection regulations like GDPR and CCPA adds another layer of complexity. Organizations must maintain robust and transparent data management practices, while ensuring that their backup and security solutions can defend against advanced threats without compromising regulatory compliance.

How does the Acronis Cyber Protect Cloud Backup platform help to teams address these challenges, and how do you differentiate the platform in this competitive space?

If I think back to when I began in the backup space around 2005, conversations around backup strategies focused on human error, hardware failure, and so on, with backup itself sitting within the realm of storage. Today, when we discuss backup, we’re typically focused on cybersecurity threats including malware, especially ransomware. Threats today target not just production data but seek to nullify the protection offered by backup strategies by targeting backup data itself.

Acronis Cyber Protect Cloud is designed to address today’s complex challenges with a natively integrated approach, ensuring that backup plays an integral role in any organization’s cyber protection strategy. It does this by combining backup, advanced cybersecurity, and remote management into a single, unified solution. In an environment where traditional, siloed solutions leave critical gaps in protection, our platform empowers IT teams to proactively defend against both known and emerging threats, including sophisticated generative AI-enabled malware. This native integration enables integration between backup and security components, enhancing both the speed and effectiveness of threat response and especially recovery in the event of a cyberattack.

A significant advantage of Acronis Cyber Protect Cloud’s natively integrated approach is vendor consolidation. By providing all essential data protection and cybersecurity functions within a single platform, organizations can reduce costs, improve cost predictability, and simplify their IT management processes. With fewer vendors to manage, IT teams benefit from reduced administrative complexity and lower operational overhead, which directly impacts cost efficiency. Additionally, this consolidated solution minimizes the need for continuous upskilling or retraining of technicians across multiple tools and platforms, further saving time and resources.

Our platform’s use of advanced AI and machine learning technologies enables proactive, automated threat detection and response within a single interface, allowing IT teams to focus on what matters most without juggling multiple systems. This consolidation also simplifies compliance, as consistent policies can be applied across the entire IT environment, whether data resides on-premises, in the cloud, or on remote devices.

Acronis stands out by offering a natively integrated solution that not only strengthens resilience but also enhances operational efficiency and cost control. By eliminating the need for separate backup, cybersecurity, and remote management, Acronis Cyber Protect Cloud enables organizations to stay one step ahead of attackers, maintain operational continuity, and manage costs predictably, all while reducing complexity and administrative burden. 

What are your top recommendations for CISOs in the process of looking for a cloud backup solution?

As threats become increasingly sophisticated and the amount of data to protect grows exponentially, choosing the right solution can significantly impact an organization’s resilience, security posture, and operational efficiency. Here are our top recommendations for CISOs navigating this decision:

Prioritize natively integrated cyber protection: The days when backup and cybersecurity could function as separate entities are over. Look for a solution that natively integrates backup with advanced cybersecurity capabilities. An integrated approach reduces vulnerabilities by ensuring that data protection and threat detection operate seamlessly together. This is especially important in defending against sophisticated attacks incorporating generative AI-enabled malware, which can evade traditional defences.

Focus on vendor consolidation for cost and complexity management: Consolidating vendors can bring several advantages. A unified platform that combines backup, cybersecurity, and remote management not only reduces costs and complexity but also enhances cost predictability. Managing fewer vendors simplifies administrative overhead, allowing your team to focus on strategic tasks rather than troubleshooting disparate systems. Additionally, a consolidated solution minimizes the need for continuous upskilling or training across multiple platforms, saving time and resources.

Ensure fast, reliable recovery with integrated solutions: In today’s threat landscape, it’s not just about preventing attacks—it’s also about recovering from them quickly. The ability to recover fast is crucial for minimizing downtime and protecting business continuity, especially in the face of cyber incidents like ransomware. A natively integrated cybersecurity and backup solution enables organizations to respond and recover rapidly, as these systems work seamlessly together to identify, isolate, and restore affected data. This rapid recovery capability can make the difference between a minor disruption and a major operational crisis, giving organizations a crucial edge in resilience.

Seek proactive threat detection and response capabilities: Cyber threats evolve constantly, so your backup solution should go beyond simple backup and recovery. Choose a platform with proactive threat detection and automated response capabilities, ideally powered by advanced AI and machine learning. This ensures your data is not only backed up, but also protected in real time, enabling faster recovery and minimizing potential data loss in the event of an attack.

Assess scalability and flexibility: As your organization grows, so will your data needs. Choose a solution that can scale with your organization and offers the flexibility to adapt to new types of infrastructure, cloud environments, or evolving security requirements. A scalable solution ensures you’re not forced into a costly migration down the road as your data landscape expands.

What trends do you expect to see in the cloud backup space in 2025?

Zero trust architecture in cloud backup: Security will continue to be a priority, and zero trust architecture will become more standard in cloud backup solutions. This approach continuously verifies every data access request, ensuring data is protected from unauthorized access, even within trusted networks.

Strengthened ransomware defence: Ransomware attacks are anticipated to grow in scale and sophistication. Cloud backup providers enhanced ransomware protection features, including immutability (preventing unauthorized modification of backup data) will become standard. Cybersecurity platforms will also focus on rapid recovery options, allowing businesses to restore operations without succumbing to ransom demands.

Enhanced focus on cyber recovery in regulatory compliance: Regulatory bodies are expected to enforce stricter requirements around cyber resilience, including cyber recovery capabilities. Compliance frameworks will increasingly emphasize the need for tested, effective cyber recovery plans as part of an organization’s data protection strategy

Cyber recovery planning and automation: Organizations will prioritize automated cyber recovery solutions to speed up incident response and reduce human error. Automated workflows will guide recovery processes, restoring critical systems and applications in a structured, prioritized manner to minimize downtime and financial losses

Greater multi-cloud and hybrid cloud support: More businesses will adopt multi-cloud and hybrid strategies, leading providers to enhance cross-cloud backup and security solutions. This will enable businesses to leverage different cloud and SaaS environments seamlessly, mitigating risks associated with vendor lock-in and allowing more flexible, resilient infrastructure. Cybersecurity solutions will also provide unified management across these environments, ensuring comprehensive protection and compliance.

In your view, what should organizations’ top cloud backup planning priorities for 2025 be?

Effective cloud backup planning requires a proactive, integrated approach that addresses today’s complex threat landscape, operational needs, and regulatory environment. Here are the top priorities we recommend for organizations to focus on:

  1. Prepare for increased compliance and data governance requirements: Compliance challenges will continue to grow as regulations around data privacy and protection expand. Organizations should be forward-thinking in their selection of backup, cybersecurity and remote management platforms that include a global datacentre footprint for data sovereignty and that are already vetted in terms of facilitating compliance with the compliance frameworks relevant to them whether GDPR, NIS2, or HIPAA.
  2. Take advantage of frameworks: By utilizing CIS and NIST CSF 2.0, organizations can access a wealth of free resources, tools, and documentation to benchmark their current practices against industry standards. These resources can help identify gaps across backup, cybersecurity, and remote management strategies, as well as provide actionable recommendations for strengthening overall resilience. Whether an organization is beginning to build its defences or enhancing an existing security posture, CIS and NIST CSF 2.0 offer essential guidance for creating robust, scalable, and adaptive security frameworks that align with today’s evolving cyber landscape.
  3. Consider your cyber insurance position: The insurance industry is tightening its requirements for companies seeking to obtain or renew cyber insurance policies, often aligning their standards closely with robust cybersecurity practices. Cyber insurers increasingly expect businesses to implement solutions such as Endpoint Detection and Response (EDR), Multi-Factor Authentication (MFA), automated vulnerability management, better backup strategies, and formalized incident response plans. Meeting these requirements can not only help you secure or renew a cyber insurance policy, but may also allow you to negotiate more favourable rates.
  4. Establish a comprehensive Business Continuity and Disaster Recovery (BCDR) strategy: Planning for cloud backup in 2025 should be part of a broader BCDR strategy. Organizations must ensure their backup solutions align with their overall resilience goals, enabling them to recover from various disruptions, whether from cyberattacks, hardware failures, or natural disasters. This strategy should also include regular testing of backup and recovery processes to confirm that critical systems can be restored quickly and effectively when needed.
  5. Prepare for even more Gen-AI enabled malware: Until the advent of gen-AI enabled malware, bad actors had to choose between hyper-targeted malware attacks or scale. With the advent of gen-AI enabled malware, they can distribute highly targeted malware at significant scale. Cybercriminals are leveraging it to create adaptive, highly sophisticated malware that can evade traditional defences. This trend highlights the need for backup solutions that do more than store data—they must also be natively integrated with cybersecurity that can detect and neutralize these threats. Acronis recommends selecting a platform with AI-driven threat detection capabilities, enabling rapid identification of unusual patterns and preventing attacks from compromising backup data.

Further reading