Invenio IT

2024 Disaster Recovery Statistics That Prove You’re at Risk

Tracy Rock

Tracy Rock

Director of Marketing @ Invenio IT

Published

2018 Ransomware Statistics

There’s good news and bad news when it comes to downtime in the IT world. On the upside, because of developing technology, IT systems are stronger and more reliable than ever. Unfortunately, this hasn’t translated into a significant dip in unplanned downtime. Every day, organizations around the globe struggle through unexpected disruptions in their operations.

Why hasn’t technological progress reduced the frequency of downtime? To answer that question, let’s look closely at some recent disaster recovery statistics.

How Serious Is the Risk of Downtime?

For now, we’ll limit the discussion to a single cause of downtime: ransomware. Although it’s only one of many potential contributors, the number of highly publicized attacks makes it an easy option to examine and quantify.

Ransomware attacks seemed to taper off in 2022, only to return with a vengeance in 2023. Attackers have improved their techniques and are more focused, so the prominence of the targets and the effects of the attacks have both escalated. Consider some of these examples:

  • Change Healthcare: In February 2024, an attack by ransomware gang AlphV affected pharmacies and medical providers across the United States. Reports suggest that the healthcare technology company may have paid a $22 million ransom to the gang.
  • Dish Network: Experts speculate that a Russia-backed ransomware group was responsible for the May 2023 attack on Dish Network. The company acknowledged that the attackers may have stolen personal information belonging to nearly 300,000 customers.
  • Insomniac Games: In December 2023, ransomware gang Rhysida attacked Sony subsidiary Insomniac Games, stealing more than 1.3 million files. They published many of them on the dark web, exposing internal documents and employee information.
  • City of Dallas: Employees of the City of Dallas realized they were under attack when their printers started generating ransom notes. While the government was initially tight-lipped about the extent of the attack, they eventually acknowledged that it exposed private information belonging to tens of thousands of personnel and residents.

All of these examples illustrate two key points. First, organizations of every size, location, and kind are vulnerable to attacks and at risk of experiencing extended downtime. Second, the effects of that downtime hit hard on multiple fronts.

In the case of Change Healthcare, a temporary outage made it difficult for patients to get prescriptions and prevented care providers from exchanging important clinical records. The Insomniac Games attack exposed social security numbers, addresses, and other sensitive data. In Dallas, ransomware temporarily affected the police department, water utilities, and court systems, to name a few.

This is just a glimpse of what the world faces when it comes to disasters and downtime. To get a broader perspective on this critical issue, let’s dive into some of the most notable statistics from the past year.

What Are the Common Causes of Downtime?

There are many possible causes of unscheduled downtime, but a few tend to dominate the IT landscape. Some you can prevent with proper planning and execution, while others are unavoidable forces of nature.

Failures & Outages

The downside of technology is that it’s reliant on many factors, like hardware, software, power, and climate control. When a system fails, it can be catastrophic for a data center.

According to the Uptime Institute’s Annual Outages Analysis, these kinds of outages and breakdowns are responsible for a large portion of incidents that result in downtime:

  • Network or connectivity issues were the most common cause of IT service outages in the past three years.
  • IT system or software-related issues accounted for 18% of IT outages.
  • Power outages were responsible for 44% of significant outages in 2022.

Having readily available backup sites and reliable data backup solutions can help ease the pain when a system goes haywire.

Cyberattacks

While they aren’t the most common cause, ransomware attacks often get a large share of the attention when it comes to IT downtime, and for good reason. They are dramatic events with significant sums of money in play.

However, the media focus is typically on incidents within large organizations, which sometimes eclipses the astounding regularity of cyberattacks. The likelihood that every business will experience an attack at some stage is remarkably high.

These statistics help put the threat into perspective:

While these facts are deeply troubling, predictions for the future are practically nightmarish. For example, some experts estimate that ransomware will cost victims $265 billion by the year 2031. Others argue that this number is too conservative, with ransomware attacks growing exponentially over the next decade.

How Many Companies Experience Downtime?

It’s difficult to pin down the exact number of organizations that experience downtime. Some businesses don’t report outages, and others try to understate the severity of events.

Overall, however, studies show that most data centers experience outages at some point:

The moral of this story is that you shouldn’t drop your guard if you’ve managed to avoid downtime so far. A quick look at the numbers shows that your time will likely come, and it’s critical to prepare in advance to mitigate the negative effects when it happens.

What’s the Cost of Unplanned Downtime?

All the evidence shows that downtime is more common than many people would like to believe, but why does that matter?

To put it simply, downtime is extremely costly. According to IDC’s Worldwide State of Data Protection & DR Survey, outages lead to major negative outcomes for organizations, including:

  • Employee overtime: The most common consequence of a data disruption, overtime affects 45% of organizations.
  • Lost productivity: Organizations lose employee productivity in 40% of incidents.
  • Lost revenue: Direct revenue loss occurs as a result of more than 35% of outages.
  • Irretrievable data: Around 35% of organizations permanently lose data.

A closer look at specific financial losses underscores the severity of these risks, particularly for small or medium-sized organizations that lack financial capital. Consider these recent findings:

  • More than two-thirds of all outages cost above $100,000 in 2022.
  • Almost two of every three midsize organizations experienced a ransomware attack in the past 18 months, and 20% of them spent at least $250,000 to recover from it.
  • A recent study found that one hour of server downtime costs $300,000 or more for 91% of mid-sized and large enterprises.
  • Of those enterprises, 44% of corporations said that hourly outage costs range from $1 million to over $5 million.

Many organizations find it impossible to recover from this degree of financial and operational damage. That’s why nearly 70% of organizations in a recent survey said they could survive less than one day without their IT systems.

Which Organizations Are Most Vulnerable to Downtime?

Every type of business could potentially experience significant downtime. However, cyber attackers target some industries more frequently than others, increasing the likelihood that downtime will occur.

According to the report “The State of Ransomware 2023,” these were the attack rates for the top targeted industries in 2022:

  • Higher and lower education organizations: 80%
  • Construction and property companies: 71%
  • Government offices and media, leisure, entertainment, and retail businesses: around 70%
  • Financial services companies: 64%

Although organizations in these areas may face heightened risk, other businesses are by no means safe. As recent history has shown, medical offices, IT companies, and major corporations are all among the potential victims of disasters.

How Does Disaster Recovery Planning Help Reduce the Damage from Downtime?

To survive downtime, businesses have to protect themselves. Unfortunately, many organizations have left themselves exposed by failing to develop or follow a disaster recovery plan — despite the huge red flags warning that they’re at risk.

Building & Testing a Plan

An effective disaster recovery plan is the foundation of business continuity, ensuring that a company can keep its doors open during an outage. That’s why it’s so distressing to know that only 54% of organizations reported having a documented, company-wide disaster recovery plan in place in 2021. This is an improvement over prior years, but it’s still woefully inadequate when considering what’s at stake.

Even companies that have documented their disaster responses aren’t always well-prepared. The most carefully considered plan will inevitably fall short without proper testing. Of the organizations with a developed plan, the majority test it no more than once a year, and 7% conduct no testing at all. When asked, most organizations with infrequent testing acknowledged that they might have inadequate discovery plans.

Creating & Following Effective Practices

Not every period of downtime is preventable. There’s no way to control whether a tornado or hurricane knocks out power. However, many incidents are a result of human error, making 51% of outages and 53% of brownouts avoidable.

Developing sound practices and offering thorough training to ensure that employees follow them could be all that stands between a business and disaster. Even if it’s not possible to stop every incident, making them less frequent is an attainable goal that can save considerable money over time. Companies with frequent outages experience costs that are 16 times higher than those with fewer instances.

Data Backup & Protection

Data is one of the foremost concerns of organizations that experience a disaster. Data breaches can expose customers’ and employees’ sensitive information, and lost data can permanently hinder a business’s operations. As these statistics show, having regular and secure data backups is key to self-preservation:

  • Approximately 78% of organizations worldwide rely on up to 10 different solutions for data security. Nevertheless, cyberattacks and downtime remain steady, indicating that the quality of protective measures is far more important than the number.
  • Even when data is successfully backed up, it may not be safe.  Hackers targeted backup repositories in 93% of ransomware incidents in 2022.
  • Although around 73% of organizations paid a ransom to get their data back in 2023, that doesn’t guarantee the attackers restored it. On average, organizations get approximately 60% of their data back after giving in to ransom demands.

Investing in a high-quality data storage system, backing up software as a service (SaaS) programs like M365, and turning to a reliable data recovery service are essential steps for businesses that want to survive a crisis.

How Can Businesses Successfully Respond to Disasters?

No organization can prevent every possible disaster, and, despite their best efforts, businesses will continue to experience unexpected downtime. Prevention is important, but it can only offer a certain degree of protection from external and internal elements that can suddenly upend a well-constructed system.

The question then becomes not only how to prevent downtime but also how to mitigate the effects. We began by discussing ransomware, and this seems like a good time to go back to it. Ransomware attacks offer a great opportunity to outline some strategies that you can use to protect your business:

  • Implement advanced BCDR solutions: When businesses have the right measures in place, recovery is almost instant, virtually eliminating downtime and disruptions in customer-facing services.
  • Set a more aggressive Recovery Point Objective (RPO): With the right technology, businesses can optimize their RPO and back up data as often as every five minutes without draining their system resources, minimizing data loss in the event of a disaster.
  • Isolate infections immediately: While shutting down systems may interrupt customer access, it will also prevent infections from spreading and worsening the severity of the attack.
  • Think twice before paying a ransom: As the numbers reflect, paying a ransom doesn’t guarantee that a business will have full data recovery, and negotiations can encourage hackers to go public and continue their efforts.
  • Make appropriate contacts: Ransomware attacks can create significant problems when it comes to compliance, so businesses must follow the proper guidelines for contacting the pertinent regulatory bodies and, when necessary, law enforcement agencies.

Developing a rigorous process for preventing and responding to an attack, and outlining it in a disaster recovery plan, can help reduce both the frequency and duration of downtime. That way, when disaster does strike, customers will hardly notice, effectively protecting both your finances and your reputation.

Where Can Businesses Turn for More Support?

These disaster recovery statistics highlight the importance of building a viable plan, but for many organizations, this is no small feat. It requires thoughtful analysis and the selection of the best possible technology and services, not to mention an investment of time and money. If you feel overwhelmed by this process, you might default to creating no disaster plan at all or one that is so basic that it offers little benefit.

Fortunately, there are valuable resources like Invenio IT available to help you learn more about practical and effective business continuity solutions. Schedule a call with one of Invenio IT’s data protection specialists to get more information about disaster recovery planning and data backup solutions.

Get the Ultimate Employee Cybersecurity Handbook
invenio logo

Join 23,000+ readers in the Data Protection Forum