Today’s business continuity statistics reveal that small and mid-sized businesses (SMBs) have gotten better at embracing business continuity planning in recent years. Events like the COVID-19 pandemic and the ever-increasing reliance on business data have encouraged organizations to implement stronger technologies and protocols that limit interruptions from unexpected disasters.
However, data loss statistics show that many organizations still face costly disruptions due to a wide range of threats. From ransomware to floods to power outages, disasters seem to lurk around every corner. When that happens, the only thing standing between your organization and complete turmoil is proper planning.
This breakdown of the most telling disaster recovery and business continuity plan statistics proves why preparing for a crisis is so vital for every organization.
1. The cost of continuity breaks ranges from $137 to $16,000 per minute
The amount of money you lose to downtime depends heavily on your industry and the size of your business. Even the smallest organizations heavily rely on data and connectivity. As a result, IT disruptions have become more expensive than ever.
According to one study, smaller businesses lose an average of $427 per minute. That might seem like small potatoes compared to the typical cost of downtime for enterprise companies—up to $9,000 per minute—but even $100 a minute can be devastating for a small business.
For organizations in high-risk industries, such as government, finance, and healthcare, the cost of downtime can exceed $5 million per hour. Globally, businesses lose $250 million per year due to downtime.
2. Over two-thirds of industrial businesses experience downtime at least once a month
Outages have become frustratingly common for industrial organizations, with the majority suffering from downtime once a month or more. Lost productivity can have a major impact on a company’s bottom line, particularly in areas like manufacturing, where every minute of downtime equates to lower revenue.
A typical business in this sector loses close to $125,000 per hour during a continuity break. That means an outage that persists through an 8-hour work shift would cost $1 million or more.
3. 9 out of 10 businesses experience one or more outages per quarter
Unexpected disruptions are extremely common. They happen every day at businesses of all sizes, and network failures are a common cause. For organizations across virtually every industry, network outages have become a serious headache. According to research by Opengear, 91% of businesses experience at least one network outage per quarter.
4. Cyberattacks cost small businesses thousands each year
One of the most common causes of continuity interruptions is data breaches by outside attackers. Despite what news headlines might suggest, these threat actors don’t just target the big guys. Many of them aim to intentionally disrupt SMBs, which tend to have weaker cybersecurity measures. According to the 2023 Hiscox Cyber Readiness Report, small businesses in the United States lose more than $8,000 a year to cyberattacks.
5. 54% of data centers lost more than $100,000 to an outage in 2023
Outages at data centers are especially concerning because they handle such immense quantities of information. As a result, the cost of downtime can quickly get out of hand. More than half of respondents to the 2023 Uptime Institute data center survey said their most recent significant, serious, or severe outage cost more than $100,000. Even more frightening, 16% said their most recent outage cost more than $1 million.
6. Nearly half of small businesses never reopen after a disaster
A break in continuity isn’t just costly. It can literally end a business if operations can’t be restarted quickly enough. According to the Federal Emergency Management Agency (FEMA), 43% of small businesses affected by a disaster never reopen and another 29% go out of business within 2 years. The longer recovery takes, the more likely a business will have to permanently shutter its doors.
7. 1 in 5 businesses fails within its first year
More than 20% of businesses fail within their first year. This figure represents closures from all causes, but it underscores the challenges that small businesses face. New businesses are especially vulnerable to the financial losses that can occur from a break in continuity.
The rate of failure for new businesses varies significantly by state and location. For example, the one-year survival rate for businesses in the Middle Atlantic region is higher than in the Mountain region.
According to data from Lending Tree, around one-fourth of businesses fail before their first year is up, but that number skyrockets as time passes. Almost half fail within the first five years, and more than 60% close within 10 years.
8. Approximately 200,000 businesses permanently closed due to COVID-19
The problem of business closures was exacerbated by the COVID-19 pandemic, which presented one of the most challenging continuity challenges in living memory. Among the most shocking business continuity statistics is that around 200,000 businesses shut their doors due to the pandemic
Recent research has revealed that the pandemic disproportionately affected small businesses, highlighting a key lesson: expect the unexpected. It’s impossible to predict such events, which is why having a solid disaster recovery plan is essential. While some businesses adapted, many were unprepared and lacked a viable backup solution. For small businesses, Datto ALTO provides an affordable yet powerful backup and recovery system. With hybrid-cloud technology and instant virtualization, it ensures business continuity even during unexpected disruptions. You can explore Datto ALTO pricing to see how it can fit into your disaster recovery plan.
It’s impossible to predict this type of event, reinforcing a fundamental requirement of all disaster recovery planning: expect the unexpected. While some types of businesses did their best to adapt, many were not prepared or had no viable backup plan.
9. External actors make up 65% of data breach threats
According to Verizon’s 2024 Data Breach Investigation Report, external actors account for 65% of data breaches. That means around 35% are due to internal actors, but don’t assume that your employees are all out to sabotage your company. Nearly 75% of breaches caused by internal parties were due to errors, not malicious intent. That’s why it’s so important to offer employee training and factor in internal threats when creating cybersecurity protocols and business continuity plans.
10. Nearly 50% of manufacturers have suffered supply chain disruptions
According to the Federal Reserve Bank of New York, just under half of manufacturers and one-third of service firms experienced some or substantial supply chain disruptions over the past year. These incidents can have long-lasting impacts on modern organizations, which are highly connected and interdependent. Whether it’s a pandemic, a ransomware attack, or an electrical grid failure, businesses need a way to maintain continuity even if they rely on other organizations to provide transportation, supplies, or technologies.
11. Financial services employees have access to nearly 11 million files
Sometimes, all it takes is one compromised folder—or even a single file—to cause a break in continuity. And the latest business continuity statistics suggest that businesses are not being careful enough with their file restrictions.
Financial services organizations, in particular, handle some of the most sensitive customer information available, but their security and privacy protocols don’t always reflect that fact. According to recent research, 20% of all folders are open to every employee from the day they walk in the door. In larger organizations, that number doubles to 20 million.
This lack of security is a disaster waiting to happen. Folder access should be configured on an “as needed” basis (i.e. the principle of “least privilege”). Not everyone in an organization needs the same access and permissions, and being too liberal with access control significantly increases the risk that a user will create, edit, update, or delete business-critical data.
12. 77% of hacking attacks involve stolen credentials
Data breaches are a problem that nearly all organizations face, and 45% of them suffer a breach due to a successful hacking attempt. Verizon’s 2024 Data Breach Investigation report revealed that the majority of data breaches that occur due to hacking are the result of stolen credentials. Around 21% occur due to brute force attacks, often when people use easily guessable passwords.
Businesses that don’t plan or put due diligence into protecting sensitive data could suffer massive losses. In industries such as healthcare and financial services, which face stringent data regulations like HIPAA, organizations can also face steep fines and penalties.
13. Around 60% of corporate data is stored in the cloud
Businesses of all sizes continue to adopt cloud technology in various ways to support their business continuity objectives. More than half of corporate data is now stored using a public or private cloud solution, double the amount from 2015. That includes approximately half of all business records for finance and accounting and just under half of all employee records.
14. 45% of data breaches are cloud-based
Cloud storage is convenient and beneficial in many ways, but it’s also an increasingly popular target for hackers. Almost half of all data breaches now occur in the cloud. In addition, 80% of companies experienced at least one cloud security incident in the last year, and 27% experienced a public cloud security incident. Implementing cloud backup solutions in conjunction with traditional disaster recovery systems is the best way to prevent this type of attack from wreaking havoc on your business.
15. Hard drive failure rates are increasing
Hard drives can and do fail. When they do, they can cause a massive operational disruption. In 2023, the failure rate for hard drives was 1.7%, up from 1.37% in 2022 and 1.01% in 2021. This is largely due to aging devices that companies have been reluctant to replace.
While 1.7% might not sound like a lot, for a small business that relies heavily on its hard drives, even a single crash could be disastrous. SMBs must create business continuity plans that include reliable data backup solutions and regular hardware replacement schedules to mitigate the risk of sudden drive failure and data loss. Solutions like Datto SIRIS provide robust protection, and understanding Datto SIRIS pricing can help SMBs find affordable options that ensure both data security and quick recovery, preventing catastrophic downtime.
16. Power issues cause 44% of data center outages
An unexpected power failure can bring your most critical operations to a screeching halt. According to the Uptime Institute, power outages were responsible for 44% of data center outages in 2022. Other common causes of downtime in data centers include hardware and software failures (13%) and network failures (14%). Power disruptions are often outside of your control, but you can maintain and replace your servers, network devices, and other components to minimize the risk of failures.
17. Ransomware attacks cause 24 days of downtime
Ransomware has become one of the leading causes of operational downtime, affecting businesses around the globe. As of 2022, the average amount of downtime experienced following a ransomware attack was more than three weeks. That represents a significant increase from two years prior when the average length of downtime was 16 days.
Pair the length of downtime with growing ransom bills, which were 5 times higher in the last 12 months, and you’ve got plenty of reason to worry about what might happen if a ransomware attack hits your system. As with most disaster scenarios, data backup remains the single greatest protection against ransomware because it allows businesses to quickly recover lost data and restore systems to their pre-infected state.
18. There were more than 6 billion malware attacks in 2023
Malware is a persistent and ongoing problem that causes significant disruption for businesses. A malware infection can corrupt data, crash applications, or cause other disruptions.
What’s most concerning is how pervasive these attacks have become. In 2023, 6.06 billion malware attacks were detected globally. Of those, 88% were carried out via email. Experts estimate that 73% of companies are at risk of a material cyberattack—an event that’s significant enough to affect a company’s financial condition, operations, or market valuation.
19. Phishing emails were the biggest concern in 2023
According to Datto’s cybersecurity report, 37% of IT managers reported that phishing emails were a top threat to business continuity in 2023. Collectively, it was the top concern among the nearly 3,000 IT managers surveyed, followed by malicious websites/ads (27%), weak passwords/access management (24%), and poor user practices (24%).
These results aren’t especially surprising when you consider that phishing emails can get past even the strongest cybersecurity safeguards with user deception. They’re particularly problematic if employees haven’t received instruction on how to avoid them, which seems to be the case for a large number of organizations. Datto’s report indicates that 72% of SMBs blame security issues on a lack of training.
20. 68% of data breaches involved the human element
Verizon’s Data Breach Report, which analyzed 10,626 data breaches, also revealed that nearly 3 in 4 breaches involved the human element, including social engineering attacks or human error. This is yet another business continuity statistic that explains why IT managers are so concerned about the threat of phishing emails and other user deception.
21. Only 61% of companies have a business continuity plan
With so many red flags flying, you might assume that every company has a rock-solid business continuity plan in place. Unfortunately, that’s far from the truth. A business continuity survey of senior management from 500 companies in the United States found that a little over 60% have a strong business continuity plan. Among the remaining businesses, around 19% of have a plan that’s not comprehensive or complete, 4% aren’t aware whether they have a plan, and 14% have no plan at all.
In an era when disaster can (and does) strike at any time, those numbers simply aren’t good enough. The COVID-19 pandemic demonstrated just how vulnerable a large percentage of businesses were, and the presence of ransomware and other cyberattacks has made continuity planning even more important. It’s a proven method for businesses to recover from disaster by outlining critical steps and systems.
22. 16% of SMB executives don’t know their Recovery Time Objectives
A survey by Infrascale found that 16% of SMB executives don’t know their recovery time objectives (RTOs), and 24% of those surveyed expect their data to be recovered in under 10 minutes after a disaster. One-third said they expect recovery within an hour, and 17% said one day.
Not surprisingly, these estimates often do not align with the actual recovery timelines that are possible with their implemented IT systems. Typically, the less insight that executives have about those systems, the greater the gap between their recovery estimates and the realistic outcomes.
23. More than 20% of SMBs don’t have disaster recovery solutions
Additional research from Infrascale reveals that 49% of leaders at SMBs said that cyberattacks are their biggest data protection concern, yet many have no data backup or disaster recovery tools. One in five SMB executives haven’t implemented a solution, often because they don’t have the necessary resources or budget.
24. Companies only allocate 9% of their IT budget to security
The business continuity management program solutions market is booming, with a 2023 valuation of $1.478 billion. As the market has grown and become more competitive, it has helped bring down business continuity pricing and make it more accessible to smaller organizations.
However, for business continuity to truly make a difference, companies must be willing to invest in their security. According to a recent survey, 21% of businesses downsized their IT staff over the past year, and 62% reduced their IT budgets. Experts suggest taking the opposite approach, increasing security spending to 10 to 15% of the total IT budget to cover security programs, compliance, and business continuity. The money companies spend on those efforts pales in comparison to the cost of not having a business continuity plan in the first place.
25. 69% of IT decision-makers are increasing cybersecurity spending
Now for some good news amongst all these dire statistics: in 2024, nearly 70% of IT leaders expect to increase cybersecurity spending by 10 to 100%, while around 20% expect to raise budgets by 30 to 49%. Only 4% expect to see no change to their budget.
Taking a closer look at those numbers reveals where organizations’ priorities lie. About 44% of IT leaders are willing to invest up to 20% of their budget in education, and 41% are considering allocating the same amount to AI-enabled cyber tools. This combination is ideal, as both training and advanced cybersecurity solutions like Field Effect’s Covalence can make the difference between suffering or succeeding during a cyberattack. By exploring Field Effect Covalence pricing, businesses can find scalable, AI-driven protection that fits their budget, ensuring both employee awareness and comprehensive threat defense.
Don’t Let Your Business Become Another Statistic
The most recent business continuity statistics show a troubling ongoing trend. Threats like ransomware and other cyberattacks continue to disrupt operations for organizations in every industry, and they’re becoming costlier and more difficult to resolve. SMBs are especially vulnerable because they typically have fewer resources. All of this underscores the importance of implementing a strong business continuity plan and dependable BC/DR technologies that can prevent data loss.
Business continuity challenges can make or break your organization, but Invenio IT is ready to help. Schedule a call with a data protection specialist to get expert information and guidance on deploying robust data backup and other business continuity technologies.
Frequently Asked Questions (FAQ)
1. What are the statistics for backup and recovery?
As of 2019, around 91% of organizations used some form of data backup. Research by Acronis found that 72% of IT users were forced to recover lost data from a backup at least once within the previous year, and 33% had to recover data more than once.
2. How many organizations have a business continuity plan?
An estimated 61% of businesses globally have a business continuity plan, according to a survey conducted by AvidXchange. Just under 20% of organizations in the United States have an incomplete plan, and 14% have no plan at all.
3. How often should a BCP be reviewed?
A business continuity plan should be reviewed at least once a year to ensure that the information within the plan is still accurate and up to date. It is also good practice to review the plan whenever there are significant changes to the business’s operations, systems, or processes.
4. What are the three branches of business continuity?
Business continuity consists of three primary branches of planning: 1) disaster prevention, 2) response, and 3) recovery. Together, these branches help businesses better understand their risks for operation disruptions and the steps to minimize them.
5. How many businesses close each year?
Nearly 600,000 businesses in the United States close each year. This figure represents closures due to numerous factors, including general business failure, lack of profitability, natural disasters, cyberattacks, and owner retirement.