Governments are increasingly a target for ransomware attacks, but a new report says the majority are not confident in their ability to fully recover.

Arcserve conducted a survey of local governments and public services, and the results were not encouraging. In fact, only 36% of government IT departments have an established, documented disaster recovery plan. What’s more, only 38% have a business continuity plan.

To make matters even worse, only 34% of governments “are very confident in their IT team’s ability to recover all lost data in the event of a ransomware attack.”

A big factor hindering governments’ ability to recover is a lack of comprehensive backup plans. Some 24% of remote government workers have no backup solution, and “45% of government IT departments mistakenly believe it is not their responsibility to recover data and applications in public clouds.”

Ultimately, governments are setting themselves up for disaster at a time when threats are increasing rapidly.

“It’s like opening yourself up to a one-two knockout punch,” said Patrick Tournoy, executive vice president of operations at Arcserve. “Gaps in protecting remote workers and cloud-based apps and data create an ideal hunting ground for bad actors and ransomware, while not having documented and tested recovery plans leave an organization more vulnerable and poorly equipped to recover data.”