I had to smile (and shake my head a little) when I read the latest UK Government guidance: every business, regardless of size, should have its disaster recovery plan written down on paper and kept somewhere safe. Yes, actual paper. In 2025.

It sounds ironic, doesn’t it? In a world driven by AI, automation and cloud technology, we’re being told to dust off the printer. But when you think about it, it makes perfect sense.

When cyber attackers shut down your systems, your networks, your phones, even your cloud access, the one thing you can still rely on is the physical world. A printed disaster recovery plan can be your lifeline.

And this isn’t just theory, it’s happening right now.

• Jaguar Land Rover had to shut down production lines after a cyber incident, disrupting supply chains and output.
• Asahi, the global brewing group, faced a major outage that affected shipping, orders and production.
• West Lothian Council schools reverted to paper registers and manual lessons after a cyberattack, right before exam season.

These aren’t “tech problems”; they’re real-world operational crises that stop production, delay pay runs, and disrupt people’s lives.

What exactly is a disaster recovery plan?

A disaster recovery plan (DRP) is your organisation’s playbook for what to do when disaster strikes, whether that’s a cyberattack, power failure or total systems outage.

It covers the technical essentials like backups, data restoration and communication protocols, but that’s only half the story.

A robust DRP also sets out how you’d keep working manually if your systems were offline. That means having clear, written steps for:

• Processing sales orders and invoices manually
• Running payroll without system access
• Recording customer interactions, deliveries or stock changes
• Keeping communication open using non-digital channels

Because when your digital systems go dark, only your people and your paper processes remain.

The risk is real

The latest UK Cyber Security Breaches Survey (2025) found that:

• 43% of UK businesses experienced a cyber breach or attack in the past year;
• That rises to 67% for medium and 74% for large businesses;
• UK businesses have lost an estimated £44 billion over the last five years due to cyberattacks.

No sector is immune. From local retailers to global manufacturers, the scale may differ, but the impact can be devastating.

Why a paper copy still matters

When your systems are compromised, you might not be able to access your DRP in the cloud. Having a secure, printed copy means your team can still act calmly, clearly and effectively when everything else is failing.

In today’s world, the true cost of a cyberattack isn’t just downtime or lost data, it’s the hit to your reputation. The way you respond can either strengthen trust or damage it beyond repair.

How we can help

At Johnston Carmichael, we help businesses prepare for the unexpected. Our experts can:

• Create a new disaster recovery plan from scratch
• Review and test your existing plan
• Document manual fallback processes for essential operations
• Advise how and where to store physical copies securely
• Embed regular reviews to keep everything current

because true digital resilience includes a little analogue thinking.

Get in touch

In 2025, it’s easy to assume everything is digital, but when the systems fail, it’s the people, the paper and the preparation that keep you going.

When ‘click here’ doesn’t work, ‘turn to page 7 in the binder’ just might save the day.

If you’d like to find out more about how our Digital Advisory team can help you make sure you’re prepared for all eventualities, get in touch with me at Fraser.Kidd@jcca.co.uk.