Backup vendors and analyst firms now share the same headline: standardised, immutable, regularly-tested backups are a mandatory component of any managed-services offering in 2026. Older, manual, or untested backup approaches simply cannot support recovery after a modern cyber incident.
"Immutable" means storage that, once written, cannot be changed or deleted within a defined retention window — even by an administrator account compromised in the attack. "Tested" means an actual restore exercise that produces working data on a defined RTO. Both are required. Either alone is theatre.
The Acronis-style architecture that most serious MSPs deploy has these properties by design: immutable retention enforced at the storage layer, MDR overlay watching for backup-modification events, scheduled restore drills with documented results. If your backup posture is a green dashboard in a vendor portal, you don't yet know whether it would work under pressure. Find out in a drill, not in an incident.