Today’s business continuity statistics reveal that small and mid-sized businesses (SMBs) have gotten better about embracing business continuity planning over the last few decades. Particularly following the attacks of September 11, 2001, and the ever-increasing reliance on business data, organizations have implemented stronger technologies and protocols to limit interruptions from unexpected disasters.
However, statistics suggest many organizations still face costly disruptions, due to a wide range of threats. And the year 2020 added an entirely new challenge as the COVID-19 pandemic threw many businesses into turmoil, forcing many to restructure their operations overnight, just to maintain continuity.
Here’s a breakdown of the most telling stats on business continuity and disaster recovery today.
1. A break in continuity can cost $10,000/hour at minimum
Even the smallest businesses heavily rely on data and connectivity. As a result, IT disruptions have become more expensive than ever. According to figures from Datto, just one hour of downtime can cost $10,000 for small businesses. For larger companies, those hourly costs can balloon to more than $5 million.
A break in continuity for even just a few hours can prove to be disastrous for small businesses. When big disruptions occur, such as fires, natural disasters and major cybersecurity events, it can be devastating for a business, creating conditions that make survival even more challenging. (Source: Datto)
2. 1 in 2 businesses have experienced an extended break in continuity
Unexpected disruptions are extremely common – they happen every day, at businesses of all sizes. In a survey highlighted by DataCore, 54% of businesses said they had experienced a downtime incident in the past five years that lasted at least eight hours. (Source: DataCore)
3. 9 in 10 small companies permanently close if they are slow to reopen
A break in continuity isn’t just costly. It can literally end a business if operations can’t be restarted quickly enough.
Data from FEMA shows that 90% of businesses fail within a year if they are unable to get back up and running within 5 days after a disaster. The longer recovery takes, the more likely a business will have to permanently shutter its doors. (Source: FEMA)
4. 28% of breaches affect small businesses
One of the most common causes of continuity interruptions is data breaches by outside attackers. And, it’s important to remember that these threat actors don’t just target the big guys. Many of them aim to intentionally disrupt SMBs, which tend to have weaker cybersecurity.
In 2020, 28% of breaches affected small businesses, according to data from Verizon’s Data Breach Investigations Report. Most breaches were linked to attacks on web applications (roughly 43%). Also, not surprisingly, 83% of these attacks were financially motivated. (Source: Verizon)
5. 100,000 small businesses were forced to close permanently during COVID-19
The COVID-19 pandemic presented one of the most challenging continuity challenges in living memory. Among the most shocking business continuity statistics: 100,000 small businesses in the U.S. were forced to close due to the pandemic.
While the pandemic is a type of disruption that no one could have predicted, it does underscore a fundamental requirement of all disaster recovery planning: expect the unexpected. While some types of businesses did their best to adapt, many were not prepared or had no other viable options. (Source: Washington Post)
6. 51% of companies don’t have a business continuity plan
A 2020 survey found that 51% of companies across the globe don’t have a business continuity plan. The COVID-19 pandemic demonstrated just how vulnerable a large percentage of businesses were, and a report by the Economic Times underscores the value of having a business continuity plan. This type of plan is a proven method for businesses to recover from disaster by outlining the critical steps and systems needed to maintain continuity. (Source: Mercer via Economic Times)
7. External threat actors make up 83% of threats
Statistics for 2023 found that 83% of attacks on businesses were perpetrated by external actors. That’s scary enough, but what’s perhaps more frightening is this means the other 17% are perpetrated by internal personnel or third parties that have authorized access to systems. All businesses should remember to factor in internal threats when creating their cybersecurity protocols and BCPs. (Source: Verizon)
8. 75% of companies have suffered supply chain disruption
A survey conducted in March 2020 found that 75% of companies suffered a supply disruption in the early days of the pandemic. Furthermore, an October survey found 90% of businesses, across all industries, believe the disruption of global supply chains will have long-lasting impacts on their businesses.
Today’s businesses are highly connected and interdependent on one another. Whether it’s a pandemic, a ransomware attack or an electrical grid failure (e.g. the state of Texas’s February 2021 disruption due to lack of planning for cold weather events), businesses need to be prepared for continuity when reliant upon other businesses for transportation, supplies or technologies they need. (Sources: Supply and Demand Chain Executive and Interos)
9. 33% of network folders are not protected at all
Sometimes, all it takes is one compromised folder—or even a single file—to cause a break in continuity. And the latest business continuity statistics suggest that businesses are not being careful enough with their file restrictions.
A recent survey found that approximately 33% of all folders used by a company are open to everyone. Worse yet, the survey found that nearly two-thirds of companies have more than 1,000 sensitive files open to every user on the network. This lack of security is a disaster waiting to happen. Folder access should be configured on an “as needed” basis (i.e. the principle of “least privilege”). Not everyone in an organization needs the same access and permissions. Being too liberal with access control significantly increases the risk that a user will accidentally (or maliciously) create, edit, update or delete business-critical data. (Source: Varonis).
10. 45% of data breaches involve hacking
Data breaches are a problem that nearly all organizations face, and 45% of them suffer a breach due to successfully being hacked. Businesses that don’t plan or put due diligence into protecting sensitive data could suffer massive losses. In industries such as healthcare and financial services, which face stringent data regulations like HIPAA, organizations can also face steep fines and penalties. (Source: Verizon via Comparitech)
11. Majority of small businesses use or will use a cloud storage solution
SMBs continue to adopt cloud technology in various ways to support their business continuity objectives. According to the latest business continuity statistics, 84% of businesses currently store data and backups in the cloud, and an additional 8% plan to do so within the next year. (Source: Comparitech)
12. About 1% of hard drives failed in 2020
Hard drives can and do fail. And when they do, they can cause a massive operational disruption. In 2020, the average rate of hard drive failure was 0.93% (pretty consistent with 2019 failure rates which were 0.92%). This might not sound like a lot, but to a small business that relies heavily on its hard drives, just one crash could be disastrous. SMBs need to include data backup planning in their business continuity plans, as well as hardware replacement schedules, which prevent the risk of sudden drive failure and data loss. (Source: BackBlaze)
13. 45% experience downtime from hardware failure
This statistic underscores just how disruptive hardware failure can be for a business. And it’s not limited to just hard drives. Servers, network devices and other components are all at risk of failing unexpectedly. When this happens, it can bring your most critical operations to a screeching halt. (Source: Veritis)
14. Ransomware attacks cause 16.2 days of downtime
Ransomware has become one of the leading causes of operational downtime, affecting 1 in 5 small businesses, according to Datto. Companies that faced attacks suffered, on average, 16.2 days of downtime, according to ZDNet, and the costs associated with this downtime are increasing at an alarming rate. Also worrisome is the fact that cybercriminals essentially doubled the amount of ransom they asked for last year over the previous year.
As with most disaster scenarios, data backup remains the single greatest protection against ransomware, as it allows businesses to quickly recover lost data and restore systems back to their pre-infected state. (Source: ZDNet)
15. 1 in 3 organizations have been infected by malware
Malware in general is a persistent and ongoing problem that causes significant disruption for businesses. And it only continues to get worse as threat actors find new ways to exploit businesses for profit. Roughly a third of businesses have been infected with malware, corrupting data, crashing applications, bricking servers or causing other disruptions. (Source: DataCore)
16. 37% of SMBs have lost data in the cloud
Earlier in this post, we noted that the majority of SMBs are utilizing the cloud and, overall, this is a good thing. However, it doesn’t mean it completely solves the business continuity issues associated with cloud use. Thirty-seven percent of SMBs have reported losing data in the cloud, a statistic that highlights the need for cloud backup solutions like Datto SaaS Protection, in conjunction with traditional BC/DR systems. (Source: Backupify)
17. 1 in 6 SMB executives don’t know their own recovery objectives
A survey by Infrascale conducted in 2020 found that one-sixth of SMB executives don’t know their own recovery time objectives (RTOs). Furthermore, 24% of those surveyed expect their data to be recovered in under 10 minutes after a disaster. One-third (29%) said they expect recovery within an hour, and 17% said one day.
Not surprisingly, these estimates often do not align with the actual recovery timelines that are possible with their implemented IT systems. Typically, the less insight that executives have about those systems, the greater the gap between their recovery estimates and the realistic outcomes. (Source: Infrascale via Small Business Trends)
18. 1 in 5 SMB executives doesn’t have a recovery plan
In the same study that reported statistics for #17, findings also indicated 1 in 5 of the SMB executives surveyed doesn’t have a recovery plan in place. Of those surveyed, 31% said they don’t have the right resources or budget. (Source: Infrascale)
19. Small businesses close at a much higher rate than large companies
A 2022 paper by the National Bureau of Economic Research found that smaller businesses are forced to close at a significantly higher rate than larger organizations, particularly “when facing a large aggregate negative shock such as a health crisis.” This was true prior to COVID-19, but it was exacerbated further by the pandemic. During Q2 of 2020, for example, large businesses experienced an increase in permanent closure rates of 1.3 percentage points specifically due to COVID-19. Meanwhile, the rate of increase was more than twice as high for small businesses: 3.3 percentage points. (Source: National Bureau of Economic Research)
20. 40% of IT decision-makers are increasing cybersecurity spending
A 2023 report by Datto revealed that businesses are actively increasing their cybersecurity spending in response to growing threats like ransomware. In a survey of nearly 2,913 IT decision-makers for SMBs, 40% said that their organizations are boosting their cybersecurity budget in the year ahead. In contrast, only 6% said they were decreasing their spending. (Source: Datto)
21. Phishing emails were the biggest concern in 2023
37% of IT managers reported said that phishing emails were a top threat to business continuity, according to Datto’s 2023 cybersecurity report. Collectively, it was the top concern among the nearly 3,000 IT managers surveyed, followed by malicious websites/ads (27%), weak passwords/access management (24%) and poor user practices (24%). The results are not surprising when you consider that phishing emails can get past even the strongest cybersecurity safeguards with user deception alone. (Source: Datto)
22. 74% of data breaches involved the human element
A 2023 analysis of 5,199 data breaches revealed that nearly 3 in 4 breaches involved the human element, such as social engineering attacks or human error. This is yet another business continuity statistic that explains why IT managers are so concerned about the threat of phishing emails and other user deception. (Source: Verizon)
23. 1 in 5 businesses fails within their first year
Data from the U.S. Bureau of Labor Statistics (BLS) shows that about 20% of U.S. businesses close within their first year of operations. While this figure represents closures from all causes, it underscores the challenges that small businesses face, particularly in their first year. New businesses are especially vulnerable to the financial losses that can occur from a break in continuity.
Interestingly, the rate of failure for new businesses varies significantly by state and location. In the District of Columbia, 28% of businesses fail in their first year – the highest in the nation. In contrast, only 13% of businesses in California fail in their first year. (Source: BLS via LendingTree)
Frequently Asked Questions (FAQ)
1. What are the statistics for backup and recovery?
Globally, about 91% of organizations use some form of data backup, according to Statista. Research by Acronis found that 72% of IT users were forced to recover lost data from a backup at least once within the previous year. 33% said they had to restore a backup multiple times.
2. How many businesses have a business continuity plan?
An estimated 49% of businesses globally have a business continuity plan, according to a survey conducted by Mercer. This translates to approximately 163 million companies that have a BCP, compared to about 171 million that do not.
3. How often should a BCP be reviewed?
A business continuity plan should be reviewed at least once a year to ensure that the information within the plan is still accurate and up to date. It is also good practice to review the BCP whenever there are significant changes to the business’s operations, systems or processes.
4. What are the three branches of business continuity?
Business continuity consists of three primary branches of planning: 1) Disaster prevention, 2) Response and 3) Recovery. Together, these three branches help businesses better understand their risks for operation disruptions and the steps to minimize them.
5. How many businesses close each year?
Nearly 600,000 businesses in the United States close each year, according to statistics from chamberofcommerce.org. This figure represents closures due to numerous factors, including general business failure, lack of profitability, natural disasters, cyberattacks, owner retirement and so on.
The most recent business continuity statistics show a troubling ongoing trend. Threats like ransomware and other cyberattacks continue to disrupt operations for organizations in every industry. At the same time, these disruptions are becoming costlier and taking longer to resolve. Small to mid-sized businesses are especially vulnerable, because they typically have fewer resources to recover from an extended outage. All of this underscores the importance of implementing a strong business continuity plan, as well as dependable BC/DR technologies that can prevent costly disruptions from data loss.
Don’t let your business become another statistic
To learn more about deploying robust data backup and other business continuity technologies, contact our experts at Invenio IT. Request a free demo, call (646) 395-1170 or email us at success@invenioIT.com