As IT environments grow more complex, IT professionals are facing unprecedented pressure to secure business-critical data. With hybrid work the new standard and cloud adoption on the rise, data is increasingly distributed across different environments, providers and locations, expanding the attack surface for emerging cyberthreats. While the need for a strong data protection strategy has become more critical than ever, organizations find themselves caught in a difficult balancing act. They are struggling to manage the rising costs and complexities of business continuity and disaster recovery (BCDR) while ensuring that their business-critical data remains secure and recoverable.
To help IT teams and managed service providers (MSPs) understand how their peers are navigating these challenges, the State of Backup and Recovery Report 2025 has gathered insights from more than 3,000 IT professionals, security experts and administrators worldwide. The report reveals how businesses are tackling today’s biggest data protection challenges, the strategies they’re adopting and the critical gaps that could leave them vulnerable to data loss and downtime.
So, where do organizations stand? The survey indicates that the confidence in backup systems is declining, cloud adoption is outpacing data protection strategies and recovery expectations often don’t match reality. In this article, we’ll explore the key findings from the report to help IT teams and MSPs stay prepared for what comes next. Meanwhile, for full insights and actionable strategies, you can download the complete report now and see how your organization compares.
The backup paradox: Essential yet increasingly unreliable
Data backup and recovery should be a safety net for businesses, but for many, it has become a source of frustration, complexity and risk. The numbers tell a clear story — backup inefficiencies are rising, IT teams are overburdened and security vulnerabilities remain widespread. Let’s dive into the key findings.
Trend #1: Data loss is no longer a question of “if” but “when.”
9 in 10 organizations experienced operational downtime in the past 12 months.
Trend #2: Confidence in backup systems is declining.
Trust in backup solutions is slipping, leaving many businesses questioning whether they can reliably recover from data loss.
Only 40% of IT teams feel confident in their backup systems.
About 30% worry their backup strategy is inadequate, raising concerns about data security and recoverability.
More than half of organizations plan to switch backup providers, citing cost, inefficiency and limited disaster recovery capabilities as major pain points.
Trend #3: Backup management is a time-consuming burden.
Managing backups isn’t just complex — it’s draining IT resources. As data volumes grow, IT teams are spending more time than ever maintaining backup systems, testing recovery processes and troubleshooting failures.
IT teams now spend 10+ hours per week managing backups, adding to operational strain.
The number of businesses spending more than three hours weekly on backups jumped from 5% in 2022 to 23% in 2024, denoting a significant rise in time and effort.
Around 35% of organizations wouldn’t even know if backups were skipped or missed, highlighting critical gaps in monitoring and testing.
Trend #4: Security gaps are leaving backups exposed.
Backup systems are supposed to be the last line of defense against cyberthreats. However, many contain serious security flaws that put data at risk.
About 25% of workloads lack policies that limit unauthorized access to backups, leaving them vulnerable to malicious attacks.
There are varying levels of protection for credentials across businesses. Only 33% of businesses use dedicated password managers. Others rely on less secure methods like document storage platforms or browser-based password tools, introducing potential vulnerabilities.
The recovery gap: Why businesses can’t bounce back fast enough
Having the backup of data is one thing; recovering it quickly and reliably is another. IT teams face significant hurdles in ensuring fast, seamless recovery when disaster strikes.
Trend #1: Quick and reliable data recovery remains a major challenge in data protection.
The top concerns cited by IT teams with respect to data protection are costs, compliance requirements and the actual process of recovering data. Since IT teams spend hours managing and troubleshooting backup issues, it leaves little time for testing and validating recovery processes, increasing the risk of failure when it matters most.
Trend #2: Backup and DR testing gaps leave businesses vulnerable.
A backup solution is only as good as its ability to restore data, yet testing remains inconsistent across organizations.
Only 15% of businesses conduct daily backup tests, meaning most operate with a level of risk that could jeopardize recovery in a crisis.
Disaster recovery (DR) testing goes beyond just verifying backups — it involves assessing recovery locations, timelines and effectiveness. While around 20% of businesses conduct DR tests weekly and another 23% test monthly, the rest either test irregularly or not at all, leaving them unprepared for real-world recovery scenarios.
Trend #3: Most businesses overestimate their recovery readiness.
The lack of frequent testing is evident when looking at actual recovery times.
While close to 60% of businesses believe they can recover in a day, only 35% actually do.
Alarmingly, more than 10% of businesses don’t even know how long it would take to recover their business-critical SaaS data, if they could recover it at all.
Among businesses using public cloud services like Azure, almost 90% rely on native data protection tools, yet more than 60% of them lack true DR capabilities.
The cloud dilemma: Embracing growth without sacrificing protection
The cloud is now the backbone of modern IT, powering everything from infrastructure to collaboration. Businesses are rapidly adopting cloud and SaaS solutions to enhance flexibility and scalability, but many are overlooking a critical factor: data protection.
Trend #1: Cloud adoption continues to surge.
The shift to cloud-hosted workloads is only growing stronger, driven by the need for agility and resilience.
More than 50% of workloads are now hosted in the cloud, with that number expected to reach 61% within two years.
Most organizations now leverage hybrid and multicloud strategies to increase flexibility and avoid reliance on a single provider. However, gaps in cloud and SaaS data protection remain, putting critical business information at risk. Notably, SaaS platforms now serve as the backbone of daily business operations, but without the right backup strategies, this data remains vulnerable.
Trend #2: Small and midsize businesses (SMBs) prefer Google Workspace, while enterprises favor Microsoft 365.
Microsoft 365 dominates the market, with over 50% of organizations relying on it for collaboration and productivity.
Google Workspace (35%) remains a top choice as well, particularly among SMBs.
Microsoft 365 Entra ID (31%) and Dynamics (30%) show that businesses are also increasingly adopting specialized Microsoft products.
Salesforce (25%) rounds out the top five.
Trend #3: Cost, workload compatibility, vendor lock-in and security concerns are the biggest barriers to cloud migration.
While cloud adoption continues to accelerate, businesses still face major hurdles in ensuring a seamless transition and securing their data.
The lessons learned: What IT leaders must prioritize now
The State of Backup and Recovery Report 2025 reveals that critical security gaps remain while securing on-premises, cloud, endpoint and SaaS data. There is a growing disconnect between backup investments and actual recovery confidence, with IT teams unsure whether they can restore data when it matters most. Without a more resilient approach to data protection, businesses risk prolonged downtime, drastic financial losses and irreversible data breaches.
Have you considered how much an outage could cost your organization per minute? According to the IT Outages: 2024 Costs and Containment Report, the average cost of unplanned downtime is $14,056 per minute per organization.
Let’s take a closer look at the breakdown of downtime costs across different business sizes.
Business continuity depends on faster, more resilient recovery. However, many organizations aren’t as prepared as they think. To minimize downtime and financial losses, IT leaders must rethink their approach to BCDR. A modern BCDR strategy goes beyond basic backup, incorporating multilayered security, automation and hybrid cloud solutions to strengthen resilience and ensure business continuity against today’s sophisticated cyberthreats.
Protection alone isn’t enough, though. Without regular testing, organizations are left guessing whether their recovery plans will hold up in a real crisis. More frequent backup and disaster recovery testing ensures that recovery objectives are met when it matters most. Automation plays a key role there. By automating testing, IT teams can continuously verify their ability to restore data within required timeframes — all without disrupting the production environment. This removes the manual burden and provides real insights into recovery readiness.
At the same time, stronger security controls are also essential to protecting backup environments from unauthorized access. Almost 94% of ransomware victims have their backups targeted by attackers, which leaves them with no other choice but to pay the ransom to get back their access. On that front, improving credential management and enforcing stricter access controls can help prevent malicious actors from accessing backup infrastructure.
Final thoughts: The future of BCDR starts now
The IT landscape is changing, and with it, the risks are escalating. As businesses push further into the cloud and rely more on SaaS applications, their backup and disaster recovery strategies must evolve just as quickly. Cyberthreats are more advanced, downtime is more expensive and organizations can no longer afford to treat backup as an afterthought. To keep pace with this new reality, businesses must reassess their approach and strengthen their defenses against the growing threats that could bring operations to a halt.
For IT teams and MSPs, the insights from the State of Backup and Recovery Report 2025 provide a clear roadmap to assess vulnerabilities and improve resilience before disaster strikes. Download the full report now to benchmark your strategy, uncover critical gaps, and build a stronger, more reliable BCDR plan for the future.
Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.
“}]] The Hacker News
