Share Now:

Executive Summary

  • 77% of organizations experienced at least one insider-related data loss incident in the past 18 months, with 58% reporting six or more incidents.[1]
  • 62% of insider data loss incidents involved negligent or compromised users rather than confirmed malicious insiders.[1]
  • 70% of organizations were still struck by ransomware attacks in 2024–2025, and of those attacked, only 10% recovered more than 90% of their data.[3]
  • Only 35% of organizations could actually recover from a downtime event in under a day, despite more than 60% believing they could.[2]

1. Prevalence of Data Loss in 2025

Data loss incidents are not isolated or rare events. A comprehensive survey of 883 IT and cybersecurity professionals conducted by Fortinet and Cybersecurity Insiders in 2025 found that 77% of organizations experienced at least one insider-related data loss incident in the past 18 months.[1] More concerning, this was far from a one-time occurrence for most: 37% reported between 6 and 20 incidents, and 21% faced more than 20 incidents in the same period.[1]

Ransomware attacks compound the picture significantly. According to Veeam’s 2025 Ransomware Trends and Proactive Strategies Report, based on a survey of 1,300 organizations, 70% experienced a ransomware attack in the preceding year — a slight improvement from the 75% figure reported the prior year, but still an alarmingly high proportion.[3] Of those attacked, the data recovery outcomes were poor: only 10% managed to recover more than 90% of their data, while 57% recovered less than half.[3]

A separate global survey of 750 enterprise CISOs conducted by Absolute Security revealed that 55% of organizations experienced a cyberattack, ransomware infection, compromise, or data breach that rendered endpoint devices inoperable in 2025.[4]

2. Primary Causes of Data Loss

2.1 Human Error and Negligence: The Leading Driver

Contrary to the popular perception of data loss as primarily a cyber-attack problem, the most common cause in 2025 remains human behavior — particularly careless or uninformed employees. In the Fortinet/Cybersecurity Insiders survey, 62% of insider data loss incidents were attributed to negligent or compromised users, while only 16% involved confirmed malicious intent. A further 12% could not be attributed at all.[1]

For SaaS environments specifically, the Unitrends State of Backup and Recovery Report 2025 — based on responses from 3,051 IT professionals worldwide — identified the following leading causes of SaaS data loss:[2]

  • Accidental deletion or human error — cited by 34% of respondents as the top cause
  • Misconfiguration — caused by mistakes during setup or maintenance, responsible for over 30% of incidents
  • Integration issues — conflicts or overwrites caused by third-party application integrations, accounting for 30% of cases
  • External threat actors — cyberattacks targeting SaaS platforms, cited by 29%
  • Malicious insiders — intentional sabotage or data theft by employees, acknowledged by 27%

2.2 On-Premises Outage Causes

For traditional on-premises environments, the Unitrends report found that server hardware failure was the leading cause of outages over the past 12 months, affecting 22% of organizations. Service provider outages (ISP disruptions) accounted for 19%, while human error and ransomware attacks each caused 18% of outages. Natural disasters contributed to 12% of cases, and only 10% of organizations reported no outages at all.[2]

Cause of On-Premises Outage % of Organizations
Server hardware failure 22%
Service provider outage (ISP) 19%
Human error 18%
Ransomware attack 18%
Natural disasters 12%
No outages experienced 10%

Source: Unitrends State of Backup and Recovery Report 2025[2]

3. Financial and Business Impact of Data Loss

3.1 Direct Financial Losses

The financial consequences of data loss incidents in 2025 are substantial and, for many organizations, potentially existential. According to the Fortinet/Cybersecurity Insiders survey, 76% of organizations reported losses exceeding $100,000 in their most significant insider-related incident. Of these, 41% sustained losses between $1 million and $10 million, and 9% reported losses exceeding $10 million.[1]

3.2 Operational and Reputational Consequences

Financial losses are only one dimension of data loss impact. The Fortinet/Cybersecurity Insiders report found that in their most serious incidents:[1]

  • 45% of organizations reported revenue or financial loss as the primary consequence
  • 43% cited reputational damage
  • 39% experienced operational disruption
  • 36% faced legal and regulatory exposure
  • 29% reported loss of intellectual property
  • Only 8% said the incident had no meaningful impact

This means that in nearly nine out of ten significant data loss incidents, organizations experienced consequences they could concretely quantify — ranging from lost revenue and regulatory fines to brand damage and operational paralysis.

3.3 Downtime Duration

Downtime caused by data loss and cyber incidents extended far longer than most organizations anticipated. A global survey of 750 enterprise CISOs by Absolute Security found that 57% of organizations took more than 4.5 days on average to achieve full remediation and recovery, with 19% reporting that recovery efforts stretched to two full weeks. Not a single respondent in the survey was able to recover from a cyber incident within a single day when attacked in the past year.[4]

The Unitrends 2025 report corroborates the recovery time challenge: more than 60% of respondents believed they could recover from a downtime event in under a day, but in reality, only 35% actually achieved this.[2] Among those who experienced on-premises outages:

  • 30% experienced less than one day of downtime
  • 22% experienced 2–3 days of downtime
  • 18% experienced one full day of disruption
  • 11% experienced 4–6 days of downtime
  • 7% experienced a week or more
  • 2% were unable to recover their impacted workloads at all[2]

4. Ransomware as a Data Loss Vector

Ransomware represents a distinct and particularly damaging form of data loss, since it combines encryption-driven inaccessibility with extortion, business disruption, and — increasingly — data exfiltration. The 2025 Veeam Ransomware Trends report, which surveyed 1,300 organizations including 900 that had suffered ransomware attacks, provides the most comprehensive picture of this threat vector.

4.1 Attack Prevalence and Recovery Outcomes

70% of organizations were hit by ransomware attacks in the past year, down from 75% the prior year — a modest improvement attributed to better preparation and increased IT-security team collaboration.[3] However, the data recovery story remains deeply troubling:

  • Only 10% of attacked organizations recovered more than 90% of their data
  • 57% recovered less than 50% of their data following an attack
  • 33% of production workloads were disrupted per attack
  • 66% of backup repositories were impacted, with 34% modified or deleted by attackers[3][5]

4.2 The Confidence Gap

A striking finding from the Veeam research concerns the disconnect between perceived and actual preparedness. 69% of ransomware victims stated they believed they were adequately prepared before being attacked — yet that confidence level dropped by more than 20 percentage points following the incident.[5] CIOs showed the steepest decline, with preparedness ratings falling 30% post-attack, compared to a 15% decline for CISOs, suggesting security leaders have a more realistic grasp of organizational posture.

Additionally, while 98% of surveyed organizations had a ransomware playbook in place, fewer than half had critical technical elements included: only 44% had backup verification procedures and frequencies documented, and only 30% had a pre-defined chain of command for incident response.[3]

5. Backup and Recovery: The Readiness Reality

5.1 Confidence, SaaS, and Cloud Protection Gaps

Organizational confidence in backup systems remains low across the industry. The Unitrends State of Backup and Recovery 2025 report found that only 40% of IT professionals expressed confidence that their backup and recovery solutions could protect critical data in a crisis, and more than 50% plan to switch their primary backup solution within the next year, citing cost, disaster recovery capabilities, and inadequate testing as the primary drivers.[2]

As SaaS applications become the dominant repository for business-critical data — with Microsoft 365 used by over 50% of organizations, Google Workspace by 35%, and Salesforce by 25% — the gaps in SaaS-specific protection are critical. Only 42% of organizations can recover lost SaaS data within hours; 25% require days, 10% require weeks, and 2% cannot recover it at all. Despite this, 25% of organizations have no policies or controls in place to prevent malicious access to their backup infrastructure.[2]

Cloud workloads face similar exposure. Over 50% of workloads now run in the public cloud — projected to reach 60% within 24 months — yet 8% of businesses do not back up their public cloud data at all, leaving those workloads entirely vulnerable to ransomware, misconfiguration, or accidental deletion.[2]

5.2 Backup Testing and Recovery Alerting

The reliability of any backup solution depends on regular, verified testing — yet most organizations fall significantly short. From the Unitrends 2025 report, only 15% of organizations conduct backup tests daily, with 25% testing weekly and 24% monthly. Disaster recovery testing is even less frequent: only 11% test DR capabilities daily, and 12% test on an ad hoc basis or not at all.[2]

Alerting gaps compound the risk: 19% of organizations would not know a backup had failed unless the restoration itself failed, and 10% admitted they would receive no notification at all if backups were missed — leaving critical protection gaps invisible until the moment of an actual data loss event.[2]

6. Conclusion: A Persistent, Evolving, and Underestimated Risk

The 2025 data loss statistics show that insider negligence, SaaS misconfigurations, hardware failures, ransomware, and weak recovery readiness all contribute to data becoming unavailable or unrecoverable. The central warning is the recovery gap: more than 60% of organizations believe they can recover from a major incident in under a day, but only 35% actually can. To reduce exposure, businesses need stronger insider-risk controls, better SaaS and cloud data protection, regular backup and disaster recovery testing, and recovery plans that are proven before the next incident occurs.

References

  1. Fortinet & Cybersecurity Insiders. (2025). 2025 Insider Risk Report. Based on a survey of 883 IT and cybersecurity professionals. https://www.fortinet.com/content/dam/fortinet/assets/reports/2025-insider-risk-report-ftnt.pdf
  2. Unitrends. (2025). The State of Backup and Recovery Report 2025: Navigating the Future of Data Protection. Based on responses from 3,051 IT professionals worldwide. https://www.unitrends.com/media/downloads/resources/The-State-of-Backup-and-Recovery-Report-2025.pdf
  3. StorageNewsletter / Veeam. (2025, April 28). 70% of Organizations Still Under Cyber-Attack. Reporting on the Veeam 2025 Ransomware Trends and Proactive Strategies Report (survey of 1,300 organizations). https://www.storagenewsletter.com/2025/04/28/70-of-organizations-still-under-cyber-attack/
  4. Absolute Security. (2026, January 8). Cyber Incidents and Attacks Disrupt Enterprise Business Operations for Two Weeks, Reveals First Comprehensive Global Cyber Resilience Survey. Based on a survey of 750 enterprise CISOs in the US and UK, covering 2025 incident data. https://www.absolute.com/press-releases/cyber-incidents-and-attacks-disrupt-enterprise-business-operations-for-two-weeks-reveals-first-comprehensive-global-cyber-resilience-survey
  5. Cloud Connect Summit / Veeam. (2025, October). Ransomware Trends and the Future of Data Protection. Presentation based on the Veeam 2025 Ransomware Trends and Proactive Strategies Report. https://www.cloudconnectsummit.com/wp-content/uploads/2025/10/Ransomware-Trends-and-the-Future-of-Data-Protection.pdf
Share Now: