Today’s business continuity statistics reveal that small and mid-sized businesses (SMBs) are increasingly taking their business continuity planning more seriously, implementing stronger technologies and protocols that limit interruptions from unexpected disasters.
However, data loss statistics show that many organizations still face costly business continuity issues stemming from data-loss events, ransomware attacks, power outages and other disruptions.
Below, we highlight the most telling disaster recovery and business continuity plan statistics to illustrate why preparing for a crisis is so vital for every organization.
🛡️ Ensure Business Continuity Without Gaps
Downtime is costly. Datto backup and disaster recovery solutions keep your business running with rapid recovery, ransomware protection, and compliance-ready backups, so you’re always one step ahead of disruption.
1. The cost of continuity breaks ranges from $137 to $16,000 per minute
The amount of money you lose to downtime depends heavily on your industry and the size of your business. Even the smallest organizations heavily rely on data and connectivity. As a result, IT disruptions have become more expensive than ever.
According to one study, smaller businesses lose an average of $427 per minute. That might seem like small potatoes compared to the typical cost of downtime for enterprise companies—up to $9,000 per minute—but even $100 a minute can be devastating for a small business.
For organizations in high-risk industries, such as government, finance, and healthcare, the cost of downtime can exceed $5 million per hour. Globally, businesses lose $250 million per year due to downtime.
2. Over two-thirds of industrial businesses experience downtime at least once a month
Outages have become frustratingly common for industrial organizations, with the majority suffering from downtime once a month or more. Lost productivity can have a major impact on a company’s bottom line, particularly in areas like manufacturing, where every minute of downtime equates to lower revenue.
A typical business in this sector loses close to $125,000 per hour during a continuity break. That means an outage that persists through an 8-hour work shift would cost $1 million or more.
3. 84% of businesses say network outages are increasing
Unexpected network outages are extremely common, affecting 91% of businesses at least once per quarter. And unfortunately, these outages are occurring more frequently than ever. According to 2025 statistics from Opengear, 84% of surveyed companies experienced an increase in network outages over the past two years.
4. Cyberattacks cost small businesses up to $1.24M in business continuity issues
One of the most common (and costly) causes of business continuity issues for small companies today is cyberattacks. Despite what news headlines might suggest, attackers don’t just target the big guys. Many of them aim to intentionally disrupt SMBs, which tend to have weaker cybersecurity measures. According to a report highlighted by Mastercard, the average cost of a cyberattack on small businesses ranges from $120,000 to $1.24 million per incident.
5. 54% of data centers lost more than $100,000 to an outage in 2024
Outages at data centers are especially concerning because they handle such immense quantities of data, often for numerous businesses around the globe. As a result, the cost of downtime can quickly skyrocket when incidents occur. More than half of respondents to the 2024 Uptime Institute data center survey said their most recent significant, serious, or severe outage cost more than $100,000. One in 5 said their most recent outage cost more than $1 million.
6. Nearly half of small businesses never reopen after a disaster
A break in continuity isn’t just costly. It can literally end a business if operations can’t be restarted quickly enough. According to the Federal Emergency Management Agency (FEMA), 43% of small businesses affected by a disaster never reopen and another 29% go out of business within 2 years. The longer recovery takes, the more likely a business will have to permanently shutter its doors.
7. 1 in 5 businesses fails within its first year
More than 20% of businesses fail within their first year. This figure represents closures from all causes, but it underscores the challenges that small businesses face. New businesses are especially vulnerable to the financial losses that can occur from a break in continuity.
The rate of failure for new businesses varies significantly by state and location. For example, the one-year survival rate for businesses in the Middle Atlantic region is higher than in the Mountain region.
According to data from Lending Tree, around one-fourth of businesses fail before their first year is up, but that number skyrockets as time passes. Almost half fail within the first five years, and more than 60% close within 10 years.
8. Approximately 700,000 businesses closed due to COVID-19
The rate of business closures can be massively exacerbated by unexpected health crises, as was the case during the COVID-19 pandemic, which presented one of the most challenging continuity challenges in living memory. Among the most shocking business continuity statistics is that around 700,000 businesses closed in the second quarter of 2020 alone (though some reopened their doors in the following quarters).
Recent research has revealed that the pandemic disproportionately affected small businesses, highlighting a key lesson for business continuity: expect the unexpected. While it is impossible to predict events like global pandemics, you can plan for their potential risks and impact. This is why having a solid disaster recovery plan is essential.
9. External actors make up 81% of data breach threats
According to Verizon’s 2025 Data Breach Investigation Report, external actors account for 81% of data breaches. That means around 19% are due to internal actors and business partners, but don’t assume that your colleagues are all out to sabotage your company. Nearly 65% of breaches caused by internal parties were due to errors, not malicious intent. That’s why it’s so important to offer employee training and factor in internal threats when creating cybersecurity protocols and business continuity plans.
10. 76% of logistics companies have suffered supply chain disruptions
According to the 2025 J.S. Held Global Risk Report, 76% of European shipping companies experienced some or substantial supply chain disruptions over the past year. These incidents can have long-lasting impacts on organizations across the supply chain, including manufacturing, shipping and retail. Whether it’s new tariffs, a ransomware attack or an electrical grid failure, businesses must plan for workarounds to maintain continuity even if they rely on other organizations throughout the supply chain.
11. 90% of organizations have sensitive files exposed to all employees
Sometimes, all it takes is one compromised folder—or even a single file—to cause a break in continuity. And the latest business continuity statistics suggest that businesses are not being careful enough with their file restrictions.
According to recent research by Varonis, 90% of organizations have sensitive files exposed to all employees. This is especially dangerous for organizations within sectors like financial services, which handle some of the most sensitive customer information available.
This lack of security is a disaster waiting to happen. Folder access should be configured on an “as needed” basis (i.e. the principle of “least privilege”). Not everyone in an organization needs the same access and permissions, and being too liberal with access control significantly increases the risk that a user will create, edit, update or delete business-critical data.
12. 88% of web app hacking attacks involve stolen credentials
Data breaches are a problem that nearly all organizations face, and 45% of them suffer a breach due to a successful hacking attempt. Verizon’s 2025 Data Breach Investigation report revealed that 88% of web application attacks are the result of stolen credentials. Around 56% occur due to brute force attacks, often when people use easily guessable passwords.
Businesses that don’t plan or put due diligence into protecting sensitive data could suffer massive losses. In industries such as healthcare and financial services, which face stringent data regulations like HIPAA, organizations can also face steep fines and penalties.
13. Around 60% of corporate data is stored in the cloud
Businesses of all sizes continue to adopt cloud technology in various ways to support their business continuity objectives. Nearly two-thirds of corporate data is now stored using a public or private cloud solution, double the amount from 2015. Employee and customer data are the most common types of data stored in the cloud.
14. 45% of data breaches are cloud-based
Cloud storage is convenient and beneficial in many ways, but it’s also an increasingly popular target for hackers. Almost half of all data breaches now occur in the cloud. In addition, 80% of companies experienced at least one cloud security incident in the last year, and 27% experienced a public cloud security incident. Implementing cloud backup solutions, including SaaS backup for solutions like M365, in conjunction with traditional disaster recovery systems, is the best way to prevent this type of attack from wreaking havoc on your business.
15. Hard drive failure rates are increasing
Hard drives can and do fail. When they do, they can cause a massive operational disruption. In 2024, the failure rate for hard drives was 1.57%, down slightly from 1.7% in 2023, 1.37% in 2022 and 1.01% in 2021. This is largely due to aging devices that companies have been reluctant to replace.
While 1.57% might not sound like a lot, for a small business that relies heavily on its hard drives, even a single crash can be disastrous. SMBs must create business continuity plans that include reliable data backup solutions and regular hardware replacement schedules to mitigate the risk of sudden drive failure and data loss. Solutions like Datto SIRIS provide robust protection, and since Datto SIRIS pricing is based on a fully integrated, all-in-one solution, SMBs can find affordable options that ensure both data security and quick recovery, preventing catastrophic downtime.
16. Power issues cause 54% of data center outages
An unexpected power failure can bring your most critical operations to a screeching halt. According to the Uptime Institute, power outages were responsible for 54% of data center outages in 2024. Other common causes of downtime in data centers include hardware and software failures (11%) and network failures (12%). Power disruptions are often outside of your control, but you can maintain and replace your servers, network devices and other components to minimize the risk of failures.
17. Ransomware attacks cause 24 days of downtime
Ransomware has become one of the leading causes of operational downtime, affecting businesses around the globe. As of 2022, the average amount of downtime experienced following a ransomware attack was more than three weeks. That represents a significant increase from two years prior when the average length of downtime was 16 days.
Pair the length of downtime with costly ransom demands and payments, which averaged $1 million in 2025, and you’ve got plenty of reason to worry about what might happen if a ransomware attack hits your system. As with most disaster scenarios, data backup remains the single greatest protection against ransomware because it allows businesses to quickly recover lost data and restore systems to their pre-infected state. For smaller businesses, Datto ALTO provides an affordable yet powerful backup and recovery system. Explore Datto ALTO pricing to see how it can fit into your disaster recovery plan.
18. Malware attacks expected to reach 6.5 billion in 2025
Malware is a persistent and ongoing problem that causes significant disruption for businesses. A malware infection can corrupt data, crash applications or cause other disruptions.
What’s most concerning is how pervasive these attacks have become. In 2025, security researchers projected more than 6.5 billion malware infections, according to DeepStrike, driven increasingly by adaptive AI and deepfake technologies. In recent years, 88% of such attacks have been carried out via email. Experts estimate that 73% of companies are at risk of a material cyberattack—an event that’s significant enough to affect a company’s financial condition, operations or market valuation.
19. AI and zero-day attacks are among the top security concerns in 2025
In recent years, phishing emails have been a top security concern among IT managers. But the rise of AI has ushered in a new era of sophisticated threats that can exploit vulnerabilities faster than ever, often without user deception at all. To combat such zero-day attacks, organizations must deploy advanced cybersecurity tools that stop these threats in their tracks. Zero-trust solutions like Threatlocker Ringfencing and managed-detection and response platforms like RocketCyber MDR provide the multilayered security strategy that today’s small businesses require.
20. 60% of data breaches involved the human element
Verizon’s 2025 Data Breach Report, which analyzed 22,052 real-world security incidents, revealed that nearly 2 in 3 breaches involved the human element, including social engineering attacks or human error. This business continuity statistic shows that organizations can’t let their guard down against social engineering attacks like phishing, even as other threat trends are on the rise.
21. Only 26% of companies have a disaster recovery plan
With so many red flags flying, you might assume that every company has a rock-solid business continuity plan in place. Unfortunately, that’s far from the truth. A business continuity survey by the U.S. Chamber of Commerce Foundation found that 94% of businesses believe their companies would recover from a disaster – but only 26% have an actual disaster plan in place. Not surprisingly, businesses that were actually hit by a disaster faced a harsh reality. 34% took six months or more to recover, with some taking over a year.
22. 16% of SMB executives don’t know their Recovery Time Objectives
A survey by Infrascale found that 16% of SMB executives don’t know their recovery time objectives (RTOs), and 24% of those surveyed expect their data to be recovered in under 10 minutes after a disaster. One-third said they expect recovery within an hour, and 17% said one day.
Not surprisingly, these estimates often do not align with the actual recovery timelines that are possible with their implemented IT systems. Typically, the less insight that executives have about those systems, the greater the gap between their recovery estimates and the realistic outcomes.
23. 30% of IT managers say their companies don’t have adequate backups
A 2025 BCDR report by Datto revealed that nearly 1 in 3 IT managers lack confidence in their backup systems’ ability to protect critical data in the event of a crisis. In a survey of more than 3,000 IT professionals and MSPs, 30% said they worry that their companies do not have adequate backup and recovery solutions. Additionally, 30% of respondents said they’re so concerned about it, they’ve had nightmares.
24. Companies only allocate 9% of their IT budget to security
The business continuity management program solutions market is booming, with a 2023 valuation of $1.478 billion. As the market has grown and become more competitive, it has helped bring down business continuity pricing and make it more accessible to smaller organizations.
However, for business continuity to truly make a difference, companies must be willing to invest in their security. According to a recent survey, 21% of businesses downsized their IT staff over the prior year, and 62% reduced their IT budgets. Experts suggest taking the opposite approach, increasing security spending to 10 to 15% of the total IT budget to cover security programs, compliance and business continuity. The money companies spend on those efforts pales in comparison to the cost of not having a business continuity plan in the first place.
25. 69% of IT decision-makers are increasing cybersecurity spending
Now for some good news amongst all these dire statistics: in 2024, nearly 70% of IT leaders planned to increase cybersecurity spending by between 10 to 100%, while around 20% expected to raise budgets by 30 to 49%. Only 4% expected to see no change to their budget.
Taking a closer look at those numbers reveals where organizations’ priorities lie. About 44% of IT leaders are willing to invest up to 20% of their budget in education, and 41% are considering allocating the same amount to AI-enabled cyber tools. This combination is ideal, as both training and advanced cybersecurity solutions like RocketCyber can make the difference between suffering or succeeding during a cyberattack. By exploring RocketCyber pricing, businesses can find scalable, AI-driven protection that fits their budget, ensuring both employee awareness and comprehensive threat defense.
Frequently Asked Questions (FAQ)
1. What are the statistics for backup and recovery?
Around 91% of organizations used some form of data backup. On average, today’s businesses use more than three types of backup solutions, according to a 2025 report by Datto. Nearly half of the surveyed companies back up copies of their data to a public cloud.
2. How many organizations have a business continuity plan?
An estimated 61% of businesses globally have a business continuity plan, according to a survey conducted by AvidXchange. Just under 20% of organizations in the United States have an incomplete plan, and 14% have no plan at all.
3. How often should a BCP be reviewed?
A business continuity plan should be reviewed at least once a year to ensure that the information within the plan is still accurate and up to date. It is also good practice to review the plan whenever there are significant changes to the business’s operations, systems or processes.
4. What are the three branches of business continuity?
Business continuity consists of three primary branches of planning: 1) disaster prevention, 2) response and 3) recovery. Together, these branches help businesses better understand their risks for operational disruptions and the steps to minimize them.
5. How many businesses close each year?
Nearly 600,000 businesses in the United States close each year. This figure represents closures due to numerous factors, including general business failure, lack of profitability, natural disasters, cyberattacks and owner retirement.
Conclusion
The most recent business continuity statistics show a troubling ongoing trend. Threats like ransomware, AI-powered threats and other cyberattacks continue to disrupt operations for organizations in every industry, and they’re becoming costlier and more difficult to resolve. SMBs are especially vulnerable because they typically have fewer resources. All of this underscores the importance of implementing a strong business continuity plan and dependable BC/DR technologies that can prevent data loss.
Want to Avoid Costly Business Continuity Issues?
Business continuity issues can make or break your organization, but Invenio IT is ready to help. Schedule a call with one of our data protection specialists to get expert guidance on deploying robust data backup and other business continuity technologies. You can also reach us by calling (646) 395-1170 or emailing success@invenioIT.com.
