Today’s data loss statistics are a giant red flag waving in front of businesses of every size, industry, and structure. When you put all the facts together, they tell a clear story: your data is in danger, and it’s imperative that you use the right tools and solutions to safeguard it.
As technology has evolved, it’s become easier than ever for small to mid-sized businesses to get the enterprise-level data protection that only large organizations could access in the past. As businesses have become more aware of the threats against their data, many of them have jumped on the bandwagon and invested in protection. Unfortunately, there are still plenty of holdout companies that don’t feel it’s necessary to invest in data protection or that haven’t considered the potential consequences of data loss. As a result, they still suffer significant losses of data that put their operations at risk. If you’re a business owner or manager and don’t have any continuity systems in place to prevent lost data, these data loss statistics might make you think twice.
1. Severe data loss affects three-quarters of IT decision-makers
In a 2022 survey, 76% of respondents IT leaders said that they experienced a severe loss of critical data in the past year, and 45% of them lost data permanently. These types of losses are often preventable because there are many affordable backup options available these days, including cloud storage and disaster recovery as a service (DRaaS).
Data is the lifeblood of essentially all businesses, and organizations invest heavily in solutions that not only protect that data but also interpret it. According to a survey by Oracle, more than 90% of businesses feel that data analytics improves their decision-making processes, particularly regarding finance and supply chain issues. Data also serves as a critical resource for internal systems, applications, customer information, email, and more. Without it, most businesses today are dead in the water.
2. More than half of the world’s business data is in cloud storage
Over the past several years, businesses of all sizes have embraced the cloud as a safe and convenient place to store their data. In 2022, businesses stored 60% of all corporate data in the cloud.
Of course, cloud storage can mean different things to different organizations. There are cloud-based productivity platforms, cloud file-sharing apps, and cloud-based infrastructure with off-site backup. Regardless of which kind you use, keeping data in the cloud is typically a smart option to prevent disruptions from on-site disasters and enable access from anywhere – as long as it’s adequately backed up.
3. Attacks on cloud services are exploding
Most organizations, including small businesses, use cloud storage. That’s generally a good strategy, but it isn’t infallible. Organizations can still suffer data losses, especially as cyberattackers increase their focus on cloud services.
Here’s all the proof you need that you should back up your cloud data: in 2022, there was a 95% increase in cloud exploitation as more bad actors took advantage of stolen credentials and vulnerabilities.
Leveraging the cloud is a great continuity strategy, as long as it’s not the only solution you use. To protect yourself from data loss, employ a combination of strategies, including SaaS data backup for cloud productivity apps like M365 and Google.
4. More than 1 out of 100 hard drives failed last year
All hard drives — including the ones in your servers — have limited lifespans. In 2022, the average fail rate for hard drives rose to 1.37%. That’s an increase over prior years, but it still may not seem like a large percentage.
Keep in mind, however, that businesses that rely on data they store locally and don’t perform separate backups could experience a catastrophic failure if those drives fail. Hard drives, particularly spinning disk drives, are among the most fallible components in your infrastructure. As part of your business continuity plan, you should set and follow a schedule to routinely replace them. Even then, backing up the data on those drives is still a critical step.
5. The cost of a data breach is over $4 million, on average
Data breaches don’t just put your reputation, customers, and clients at risk. They also drain your financial resources. From recovery costs to lost revenues, a breach has the power to erode even a large business’s bottom line.
According to IBM’s 2023 report, the global average cost of a data breach is $4.45 million. That’s a 15% increase over the past three years and a good reason why no organization should leave its data up for grabs.
6. More than one-fourth of small businesses lose a quarter of a million dollars to cyberattacks
The cost of cybercrime for small and medium-sized businesses (SMBs) might not be as high, but it’s often an overwhelming sum that could lead to layoffs or even bankruptcy. In 2022, 26% of small businesses that experienced cyberattacks lost between $250,000 and $500,000, and 42% of businesses lost revenue due to cybercrime. That’s a substantial amount of money for a business with limited resources.
A comprehensive business continuity and disaster recovery plan with robust data backup can go a long way to preventing costly outages from such attacks. Aside from the price tag attached to the data loss, there are regulatory and industry fines to consider, along with damage to your brand reputation and a loss of customer trust.
7. Almost 70% of cyberattacks in 2022 were ransomware
Data loss happens for various reasons, including drive failure, physical theft, and human error, but malware is still a leading cause. Ransomware, which locks your data with unbreakable encryption and makes it useless, is among the most common forms of malware. These types of attacks accounted for approximately 68% of all identified cyberattacks worldwide in 2022.
8. Ransomware attackers almost always steal data
Ransomware attacks are notorious for encrypting data, but that’s not all they do. A growing number of attacks involve data theft, which raises a whole host of other concerns. If an attacker steals your data, they might threaten to release it on the dark web or share confidential information that could cause immeasurable damage to your business and customers. At the end of 2021, 84% of ransomware attacks involved data exfiltration, a form of data theft.
9. Most businesses experienced at least one ransomware attack in the past year
No business can afford to ignore ransomware at this point. According to the 2023 Data Protection Trends report, 85% of organizations experienced at least one ransomware attack in the past year. While not all those attacks were successful, the reality is that every business is at risk virtually all the time.
The worst part is that this problem won’t get better anytime soon. Experts project that there will be a ransomware attack every two seconds by 2031.
10. Small businesses are the main focus of ransomware attacks
Small business owners sometimes assume that their operations aren’t worthy of attention from cybercriminals, but the opposite is true. Bad actors are putting a significant effort into targeting small businesses, as evidenced by a steady uptick in incidents. More than 80% of ransomware attacks target businesses with fewer than 1,000 employees.
Attackers often view small businesses as easy targets because they don’t have the resources or personnel to effectively mitigate threats and keep their technology up to date. The same is also true of slightly larger organizations. The 2022 MSP Threat Report from ConnectWise revealed that nearly two in three midsize organizations had suffered a ransomware attack in the past 18 months. Among those businesses, one in five spent a minimum of $250,000 on their recovery.
11. Even the smallest businesses are under siege
According to Verizon’s small business data breach statistics, there were 832 cyberattacks on very small businesses in 2022, and 80% were the result of ransomware. Of those victims, 130 suffered permanent data loss. Organizations of this size often struggle to recover from an attack of any scale, and data loss could be the final straw for a business that’s already under financial strain.
12. Nearly half of organizations pay ransoms . . . but they shouldn’t
There’s an upside to all this bad news about ransomware and data loss. A 2023 survey by Sophos found that 97% of organizations whose data was encrypted managed to get it back. That’s great news, but the most important detail is how they went about it. While 70% of businesses recovered their data from backups, 46% gave in to the attackers’ ransom demands.
Ransomware is one of the gravest threats to business data today, but paying cybercriminals should be a very last resort. The FBI urges companies not to make payments, particularly because there’s no guarantee that they’ll get their data back. The best way to resolve a ransomware attack and restore your data is to roll back to a recovery point from before the infection occurred.
13. Half of small businesses have no cybersecurity plan in place
A solid plan could mean the difference between protecting your data and trying to put together the pieces when your business falls apart after an attack. Even though the threat of cybercrime gets widespread media attention, many small businesses have been slow to respond. As of 2022, only 50% of small businesses in the United States had a cybersecurity plan. The other 50% are leaving a lot up to chance, especially as the number of cyberattacks continues to grow.
14. Only 50% of businesses test their disaster recovery plans every year
Testing a disaster recovery plan is another important component of data backup and business continuity. History has shown that companies that don’t test their data recovery processes are more vulnerable to data loss. The bottom line is that a plan is only good if it works, and the only way to be sure is by testing it.
While 50% of organizations conduct recovery testing annually, the other half test less frequently, and 7% don’t test at all. When businesses swap out their technology, change personnel, or make other adjustments, it can adversely impact their recovery plan. Testing ensures you’ve made the right updates so your carefully crafted plan remains consistently effective.
15. One-third of folders aren’t protected
A 2021 survey found that around 33% of company folders are open for everyone in the business to access. That might not seem like such a bad thing, but consider what could go wrong when people in your organization have access to information they don’t need. If they accidentally or intentionally share their login credentials, sensitive information can quickly disappear or fall into the wrong hands.
Configuring your system to allow access on a need-to-know basis is a much better and safer approach. It’s rare for any employee to need full access to all company folders. Setting permissions, along with multi-factor authentication, helps prevent data loss from occurring. Granting access only to the individuals who really need it lowers the probability that your data will accidentally be edited, modified, or deleted.
Protect your business from becoming part of these frightening data loss statistics
Data loss is a real possibility for every business, but SMBs are particularly vulnerable. They typically don’t have robust IT departments to manage technology safeguards and ensure strong business continuity strategies are in place. This is a primary reason why a growing number of SMBs turn to expert partners to manage these important business processes.
Businesses today rely too heavily on data to lose it. For many, a data loss incident might be the disaster that puts an end to an otherwise successful operation. Partnering with experts will help you to invest in a comprehensive strategy and develop a solid business continuity plan so that your data stays safe and sound. To learn more about effective data backup and disaster recovery solutions, talk to one of our data protection specialists.