Businesses are being urged to reconsider the backup policies they have in place as part of their disaster recovery planning amid fears that these systems themselves could be a security risk.

Many firms currently hold unencrypted business and customer backup information on tape or in file form, while some online security services do not offer encrypted backup policies for their customers.

Recent months and years, however, have seen a string of cases where criminals have targeted these areas in their bid to uncover sensitive financial details, with stashed backup information often seen as a relatively easy target in otherwise secure companies.

"It is important to understand that unencrypted information stored on backup tapes is difficult to read, but it is not impossible," Richard Reese, chairman and chief executive of US data protection service Iron Mountain, said after a spate of backup attacks in the US in 2005.

"Companies need to reassess their backup strategies and seriously consider encrypting sensitive data to prevent a potential breach of privacy," he warned.

The 2005 US storm saw a number of high-profile backup policies breached, with files lost from the Bank of America and trading firm Ameritrade among others. Fears over breaches of backup policies remain current, as internet criminals and ID fraudsters continue to look for new ways to get past company security systems.

Research for Connect in 2007 found that 88 per cent of UK businesses were interested in Disaster Recovery systems primarily to protect their critical applications and data