I can name one excuse: The backup system was affected by the attack and thus all the backups were encrypted by the same ransomware as everything else. This happened to the Public Services department of the local junior college (where my dad's an instructor). They lost 30 years worth of data, but being an educational institution paying the ransom was not an option. The budget just wasn't there.
Now quite how the backup system was affected I have no clue. That's not my IT department. My IT department would have had a years worth of backup tapes in a fire safe and at least another seven years worth safely tucked away in a safe deposit box. I can only assume that either they used a tapeless backup solution or that the ransomware had been on the system longer than their tape rotation cycle before it was noticed.