I suspect that many home users have no backups at all - but of course they are not as lucrative to extort as a business.
I’m sort of assuming that businesses have a documented, reviewed, approved backup strategy - and follow it. I wonder if that might be naive of me for the small end of town. 
Forget about ransomware for a moment, it is highly risky to have only one backup because if the system fails during the writing of the backup (unlikely but Murphy’s Law) then you can end up with a dead system and no valid backup. So two backups is the bare minimum. Any more than that comes down to media cost i.e. how much you want to spend on removable storage to hold backups v. how far you can go back in time.
