Re: Ransomeware --> f**ked without known good working backups.
In your ideal word that's fine.
Have you any idea what testing backups would involve for, say, greater Manchester police? Or any NHS trust?
If you think these folks have the cash for things like resiliency, backup and failover servers, spare servers etc then think again. They largely don't.
In my experience of the NHS there's zero chance of testing backups, zip. The live systems are the only place they can be tested, and for pretty obvious reasons they don't like to lose them for the required time. If you want to test backups for "department A" then there's isn't access to machines/servers/networking stuff on which to restore any data, apart from the ones they are sat using.
Then you have the mish-mash of systems, some are entirely internal, some are centralised, and cannot be touched by the grunts at trust level. good luck testing all that stuff properly, or having any control over it at all.
We all know how to do it, and how it should be done but i'm telling you with these massive public sector things that things are so badly done, and have been for so long, you've got no chance.
I used the work "impossible" in an earlier posts, and stand by it.