data loss and disaster recovery statistics

If you own a business and don’t yet have a disaster recovery plan in place these statistics might make you think again.

1. 35% of data loss is caused by malware

Causes for data loss range from human error to physical theft. However, it’s actually malware that’s responsible for some 35% of data loss. In comparison, 21% of data loss is caused by email attacks and 17% by phishing scams. Variants of mobile malware increased by 54% in 2017. Needless to say, it’s important to use quality, up-to-date antivirus software in order to prevent data loss caused by malware.

2. 140,000 hard drives fail in the US each week

As many of us have found to our cost, hard drives can and do fail. In fact, hard drive failure is the leading cause of all unplanned downtime at 45%. Approximately 140,000 hard drives fail in the United States every week. You can protect yourself from losing data in such an event by having a reliable data backup solution. For many, this may entail having a backup hard drive in a physical off-site location or storing files on the cloud.

3. 21% of files are not protected in any way

open access files folders

According to the 2018 Global Data Risk Report by Varonis, 21% of all folders used by a company are open to everyone. As you’d expect, the bigger the company, the more files that can potentially be compromised. For example, 88% of companies with over 1 million folders have over 100,000 folders open to everyone. Attackers look for unsecured folders such as these. Files that are open to anyone can provide easy access to sensitive information, putting organizations at risk from malware and ransomware attacks.

4. 22% of small businesses cease business after a ransomware attack

Ransomware makes files on the target system unreadable without a key known only to the attacker. Typically ransomware works by encrypting files it finds, then forcing the victim to pay up in order to decrypt them.

According to a report from Osterman Research, approximately 22% of businesses with less than 1,000 employees are forced to cease business operations immediately after experiencing a ransomware attack. What’s more, around 15% of small businesses lost revenue. On average, small companies lost over $100,000 per ransomware incident due to downtime, highlighting the importance of having multiple security measures and backups in place.

5. Most small and medium-sized businesses don’t have a backup and disaster recovery plan

backup & disaster recovery plan

A survey of SMEs (small and medium-sized enterprises) by Riverbank IT Management showed that 46% of company respondents didn’t even have a backup and disaster recovery plan in place. In contrast, 33% said that they had some plans in place while only 21% had a full disaster recovery plan. Having a backup plan in place improves the odds of a business being able to recover quickly from a disaster, saving a lot of money in the process.

6. The average cost of downtime is $5,600 per minute

According to Gartner, the average cost of downtime is around $5,600 per minute which works out at around $300,000 per hour. This is corroborated by Datto which says that an hour of downtime costs $8,000 for a small company, $74,000 for a medium company and $700,000 for a large enterprise. Needless to say, this emphasises the importance of having an effective disaster recovery plan that allows a business to continue operations as normal.

7. 96% of businesses with a backup and disaster recovery plan fully recover operations

Datto’s State of the Channel Ransomware Report showed that with a backup and recovery solution in place, 96% of businesses fully recover from ransomware attacks. In contrast, 40% of businesses without a plan in place were unable to recover quickly and fully from ransomware.

8. 78% of small businesses will back up their data on the cloud by 2020

SMBs cloud backup

According to research by Clutch, 78% of small businesses will back up their data on the cloud by 2020. Of the small businesses that already use cloud backup, 84% use both online and on-site backup, 68% test their backup systems on a weekly or monthly basis and 49% back up their data on the cloud daily. Using cloud backup offers a number of advantages including ease of access and affordability.

9. 27% of businesses lose revenue due to outages

Impact outages organizations

A Spiceworks survey found that 27% of organizations that experienced at least one outage in the last 12 months reported loss of revenue as a result. 8% of the organizations that experienced an outage also suffered data loss. Of the organizations that had lost revenue due to an outage in the past 12 months, 31% estimated a loss of $10,000 to $100,000 with 10% losing $100,000 or more.

10. 23% of businesses never test their disaster recovery plan

While 95% of respondents in a recent study stated that they have a disaster recovery plan in place, some 23% of businesses admitted they never test their plan. Needless to say, this leaves them vulnerable in the event of a disaster. One of the main reasons for not testing their plans was a lack of time (61%). Others cited inadequate resources (51%) and disaster recovery simply not being a priority in their company (34%).

What is disaster recovery?

Disaster recovery is a form of security planning that allows a business to maintain or recover infrastructure and systems following a disaster. With good planning, a business should be able to resume normal operations by regaining access to hardware, applications and data. This is achieved through the use of a disaster recovery plan – a set of policies and procedures to follow in the event of a disaster.

The disaster that impacts a business may be anything from a natural event such as a flood or earthquake to one that is man-made whether by human error, a device failure or even a cyberattack. Disaster recovery involves planning for a variety of possible circumstances, allowing businesses to reduce overall downtime and save time, money and customer trust.

How does disaster recovery work?

The disaster recovery process involves a lot of planning and testing. First, risk assessment and business impact analysis needs to be carried out. Security vulnerabilities must be identified in order to draft an effective disaster recovery plan. Even when a disaster recovery plan is created, it must be tested and revisited on a regular basis.

Naturally, plans differ based on the type of disaster they’re addressing, each offering varying immediate, intermediate and long-term responses with specific responsibilities assigned to specific staff members. Aside from offering corrective measures in the event of a disaster, a disaster recovery plan should also have preventive measures in place as well as detective measures that help discover events that may otherwise be missed.

Tips for an effective disaster recovery plan

There are a number of things that your business can do in order to prevent and prepare for a disaster, whether natural or man-made:

  • Back up data and send it to physical off-site locations. You may also wish to use cloud storage. Either way, backups should be made on a regular basis to ensure minimal disruption should you lose data in a disaster.
  • Test your disaster recovery plan. Carrying out practice drills can help determine the overall effectiveness of the plan. That way, you can modify the plan if you find anything that doesn’t work in practice.
  • Establish a disaster recovery team. The team should receive regular training on how to prepare for a variety of different situations. The disaster recovery plan should also be communicated to other key staff members, ensuring it’s understood.
  • Maintain up-to-date contact information. Should a disaster occur when key staff members are out of the office, you may need their latest contact details for such an emergency. Contact details should be updated on a regular, periodic basis.
  • Update your plan. As businesses change and technology develops, it’s important to regularly revisit your disaster recovery plan. Potential changes may involve a new antivirus software or cloud provider, for example.