When an admin has created DB backups and is foolishly relying on stored DB backups as their only backup without local copies. If a malicious actor were to gain access to ACP with an account that has permissions to restore and delete backups they could cause all kinds of havoc. 

Remove the ability to delete backups, instruct admins to do this through FTP.

Restore feature  is going to be rarely used if ever. Force a full backup before a restore can proceed.

Lastly add a auto backup feature that will create backups on schedule and rotate out the older ones. There should be some kind of control for any changes to how this is configured.  e.g. disabling it will also disable rotating out old backups.