Microsoft products usually have a lifecycle of 10 years from release, after which businesses suddenly become incredibly vulnerable when using these systems. After the 10 years, Microsoft no longer provide bug fixes and security updates which leave systems open to malware and attacks, and no longer offer full support from Microsoft’s experts when an issue arises resulting in slower responses and the reduced likelihood of retrieving any stolen data. Cybercriminals target older systems which have less of a focus from security teams and don’t possess the most up-to-date technology, and they usually find success in finding vulnerabilities. Furthermore, running outdated products can create compliance issues, such as the Cyber Essentials certification which requires fully supported systems in place when audits take place.
Although a cloud solution provides highly available, globally accessible services and removes the requirement to manage and patch local file and application servers it does not provide backup protection for your data in the event of corruption or deletion.
Therefore, a backup for Office 365 is highly recommended to protect that data migrated into the cloud, by backing up a copy of your data to an alternate location.