Zerto and IDC survey: Backup failures cause data loss globally

Zerto, a Hewlett Packard Enterprise company, recently commissioned IDC to conduct a major ransomware and disaster preparedness survey, which revealed the extent to which backup-related issues are currently failing organisations across the globe.

These backup-related issues are currently the number one cause of data loss —responsible for 32% of incidents — despite the fact that backup and recovery was cited as the number one priority for IT software investment this year. 

Data disruptions

Respondents reported an average of 4.2 data disruptions per year requiring an IT response

The IDC White Paper, titled 'The State of Disaster Recovery and Cyber-Recovery, 2024–2025: Factoring in AI,' pulls its insights from a survey carried out across North America, Western Europe, India, and Australia, among organisations with 500 to 10,000+ employees.

Respondents reported an average of 4.2 data disruptions per year requiring an IT response with one ransomware attack and one internal attack per year on average.

Backup environments

Across respondents, the weakness of a backup-only recovery strategy was evident. For instance, 48% of organisations in the survey that paid a ransom indicated they did so despite having valid backups, with the most common reasons cited being a desire for a speedier recovery or minimised data loss.

Nonetheless, only 20% of ransom-payers were able to fully recover their data after payment, creating a "worst of both worlds" situation in which organisations deploy and maintain backup environments without any concrete advantages in the event of an attack.

Disaster recovery challenges  

Most commonly cited DR challenges for organisations are IT personnel time and resource availability

These challenges are exacerbated by worsening personnel issues: according to the report, the most commonly cited disaster recovery (DR) challenges for organisations are "IT personnel time and resource availability" and "IT personnel skills and knowledge." 

The same applies to cyber recovery, with 34% of respondents citing "keeping recovery processes up to date" as a primary challenge in this arena and 31% of respondents citing "staff knowledge and skill sets." 

Importance of a holistic approach

In response to these challenges, the report highlights the importance of a holistic approach to DR and cyber recovery (CR) in which "backup and recovery, disaster recovery, and cyber-recovery" build on each other and provide a higher degree of data protection.

Continuous data protection (CDP) in particular provides essential support here, allowing organisations to recover to a point just prior to the attack and consequently minimise any data loss. Unified solutions like these enable organisations to scale systems without proportionally adding staff — an essential benefit since, per IDC, IT organisations tend to take a cautious approach to hiring.

Trustworthy for DP/CR 

While most respondents claim that AI will have a "significant" impact on DR/CR down the line

At the same time, businesses remain split on the future of AI. While most respondents claim that AI will have a "significant" impact on DR/CR down the line, a strong majority — 59% — don't think current AI is trustworthy for DP/CR.

Meanwhile, although the vast majority of organisations are using cloud for backup/DR, 58% are still protecting a majority of their apps purely on-premises, suggesting that on-prem remains a highly viable backup/DR solution. Overall, 40% believe AI will provide a greater benefit than a threat.

Data protection efforts 

"It’s unfortunate to see organisations funnelling resources into backup processes only to realise that it was all for naught — paying the ransom money and losing the data," said Phil Goodwin, research vice president, IDC.

“What's clear is that only a holistic approach can eliminate these negative outcomes and keep organisations safe. In particular, CDP will prove increasingly central to unified data protection efforts in months and years to come." 

Data environments

"Organisations are increasingly responsible for data environments whose complexity they are unequipped to handle and whose integrity they are ill-prepared to safeguard," said Caroline Seymour, vice president, storage product marketing, HPE. 

"This is not the fault of any individual organisation, but it does demand a more sophisticated approach to data protection — one in which traditional backup is not the be-all-end-all but instead one of a suite of complementary tools, including CDP."