With global disaster costs now exceeding $2.3 trillion annually, disaster recovery is no longer just an IT concern. It's a business survival issue. When systems go down, revenue stops, customers leave, and in some cases, businesses never recover. 

The question today isn't if your organization will face a disaster. It's if you'll be prepared when it happens.

To help you understand the current threat landscape and identify gaps in your own disaster recovery strategy plan, we've compiled over 100 disaster recovery statistics from the latest reports showing the devastating impact of disasters today, how prepared organizations are, and how they’re responding to persistent challenges and new threats to improve their resilience. 

Key findings at a glance

Here are some of the most significant disaster recovery statistics pulled from the list below:

• 100% of technology companies experienced revenue losses from outages in the past 12 months
• Organizations experienced an average of 86 outages in the past year 
• 90% of IT leaders reported that outages or disruption have reduced customer trust
• Outages last 196 minutes (3+ hours) on average across all industries and company sizes
• Every minute of IT outage-related operational shutdowns costs $33,333
• A third of organizations require days or even weeks to recover lost SaaS data
• 92% of teams have to deprioritize essential work occasionally to address unplanned downtime or outages
• Only 20% of organizations describe themselves as fully prepared for outages
• The average annual spend on incident responders per organization is $1.9 million, with $700K eaten up by manual work
• Organizations with automated incident response resolve incidents 78 minutes faster and experience 45% lower annual outage costs

Disaster recovery cost statistics and trends to know for this year

The financial and operational toll of disasters and outages extends far beyond the immediate incident, creating cascading effects that can threaten organizational survival.

1. Global disaster costs annually now exceed $2.3 trillion when factoring in indirect costs such as lost customers, regulatory fines, stalled growth, and reputational damage. (2025 Global Assessment Report on Disaster Risk Reduction)

2. Indirect disaster costs account for over $2 trillion in losses annually worldwide, while direct costs account for more than $200 billion per year globally. (2025 Global Assessment Report on Disaster Risk Reduction)

3. 100% of technology companies surveyed experienced revenue losses from outages related to disaster events in the past 12 months. (Cockroach Labs' The State of Resilience 2025)

4. 69% of companies experience outages or service interruptions at least weekly, with 14% experiencing them daily. (Cockroach Labs' The State of Resilience 2025)

5. Organizations experienced an average of 86 outages over a 12-month period. (Cockroach Labs' The State of Resilience 2025)

6. Total losses ranged from at least $10,000 to well over $1 million per outage, putting total annual losses from outages between $86,000 to $86 million for the average technology organization. (Cockroach Labs' The State of Resilience 2025)

7. Companies over 1,000 employees and/or $500 million ARR experienced average outage-related losses of $495,000, though 8% of these large enterprises reported losses of $1 million or higher over the last 12 months. (Cockroach Labs' The State of Resilience 2025)

8. 32% of companies lost $100,000 or more due to outages in the past twelve months across all company sizes and sectors. (Cockroach Labs' The State of Resilience 2025)

9. Companies with revenue of $500 million or more are 256% more likely to incur outage-related financial losses of over $1 million per year. (Cockroach Labs' The State of Resilience 2025)

10. Every minute an IT outage causes an operational shutdown costs businesses a median of $33,333. (New Relic's Observability 2025 Report)

11. High-impact outages carry a median cost of $2 million per hour, or approximately $33,333 for every minute systems remain down. (New Relic's Observability 2025 Report)

12. IT outages cost businesses a median of $76 million annually .(New Relic's Observability 2025 Report)

13. Government entities experienced nearly 28 days of downtime per ransomware attack, with each day costing approximately $83,600. (Comparitech 2024 Government Study)

14. The average ransomware recovery cost for government entities is $2.3 million per incident. (Comparitech 2024 Government Study)

15. Healthcare organizations lose nearly $900,000 per day during ransomware-related downtime. (Comparitech 2024 Healthcare Study)

16. Manufacturers lose up to $1.9 million per day of downtime from ransomware attacks. (Comparitech 2024 Manufacturing Study)

17. While average data breach costs decreased to $4.4 million globally in 2025, U.S. breach costs climbed to a record $10.22 million, driven by higher regulatory fines and escalation costs. (IBM's 2025 Cost of a Data Breach)

18. 48% of organizations that suffered a breach paid $100,000 or more in regulatory fines. (IBM's 2025 Cost of a Data Breach)

19. Organizations estimated that a breach cost them $1.38 million in lost business, including revenue from system downtime, lost customers, and reputation damage. (IBM's 2025 Cost of a Data Breach)

20. 37% of executives reported lost revenue or an inability to process sales transactions following the July 2024 global IT outage. (2024 PagerDuty IT Outages Survey)

21. 39% experienced delayed response times to customer or internal requests following major service disruptions. (2024 PagerDuty IT Outages Survey)

22. Customer impacting incidents increased by 43% during the past year, with organizations experiencing an average of 25 high-priority/priority incidents that each cost nearly $800,000. (2024 PagerDuty Customer Incidents Survey)

23. 90% of IT leaders reported that outages or disruption have reduced customer trust in their organization. (2024 PagerDuty Customer Incidents Survey)

24. IT leaders estimated the true cost of downtime to be $4,537 per minute, with the last major customer-facing outage costing their organization $1.5 million in lost revenue/sales. (2024 PagerDuty Customer Incidents Survey)

24. IT leaders estimated the true cost of downtime to be $4,537 per minute, with the last major customer-facing outage costing their organization $1.5 million in lost revenue/sales. (2024 PagerDuty Customer Incidents Survey)

25. IT leaders say that the biggest impact to their business of incidents or outages are:

• innovation slow down (35%)
• lost customers/revenue (32%)
• legal and regulatory issues (24%)
• company share price harmed (24%). (2024 PagerDuty Customer Incidents Survey)

Disaster recovery time statistics to improve this year

The duration of outages and the time required to restore normal operations significantly impacts business continuity and customer trust.

26. The average outage time across all geographies, company sizes, and industries is 196 minutes—or more than three hours of service disruption. (Cockroach Labs' The State of Resilience 2025)

27. 70% of large enterprise companies report that their outages typically take 60 minutes or more to resolve. (Cockroach Labs' The State of Resilience 2025)

28. Nearly half of all respondents report that their average downtime lasts two or more hours before resolution. (Cockroach Labs' The State of Resilience 2025)

29. 10% of organizations report the loss of a full workday or more before they are able to resume operations after an outage. (Cockroach Labs' The State of Resilience 2025)

30. Only 2% of companies surveyed can resolve an unplanned outage in 60 seconds or less. (Cockroach Labs' The State of Resilience 2025)

31. 35% of organizations require days or even weeks to recover lost SaaS data. (2025 State of SaaS Backup and Recovery Report)

32. 8% of respondents were unsure of their SaaS data recovery times, and 2% of organizations could not recover lost SaaS data at all. (2025 State of SaaS Backup and Recovery Report)

33. Only 14% of IT leaders feel confident they can recover critical SaaS data within minutes following an incident. (2025 State of SaaS Backup and Recovery Report)

34. 65% of organizations said they were still recovering from their data breach when surveyed, though this represents improvement from last year's 88%. (IBM's 2025 Cost of a Data Breach)

35. 35% of organizations said they had fully recovered from their breach, nearly tripling the response from last year (12%). (IBM's 2025 Cost of a Data Breach)

Data loss during disaster recovery and leading causes

Data loss remains a persistent challenge, with backup systems failing at alarming rates and organizations struggling to protect critical assets.

36. 87% of IT professionals experienced SaaS data loss in 2024, with malicious deletions as the leading cause. (2025 State of SaaS Backup and Recovery Report)

37. The actions of malicious actors resulted in SaaS data loss for more than 50% of organizations worldwide. (2025 State of SaaS Backup and Recovery Report)

38. 29% of organizations experienced deletion at the hands of external threat actors, while 27% experienced deletion by a malicious insider. (2025 State of SaaS Backup and Recovery Report)

39. Accidental deletion or human error caused SaaS data loss for 34% of respondents. (2025 State of SaaS Backup and Recovery Report)

40. Misconfiguration caused by mistakes during setup or maintenance impacted more than 30% of organizations. (2025 State of SaaS Backup and Recovery Report)

41. Integrations, where conflicts or overwrites were caused by third-party applications, compromised data for 30% of respondents. (2025 State of SaaS Backup and Recovery Report)

42. Technical errors such as scripting or coding errors impacted 18% of organizations, while sync errors affected 14%. (2025 State of SaaS Backup and Recovery Report)

43. Only 13% of respondents cited that they did not suffer SaaS data loss in the last 12 months. (2025 State of SaaS Backup and Recovery Report)

44. 42% of organizations keep personally identifiable information (PII) and protected health information (PHI) on-premises due to strict regulations and breach concerns. (2025 State of SaaS Backup and Recovery Report)

45. 42% maintain corporate financial data on-premises, remaining wary of potential cloud risks for critical financial records. (2025 State of SaaS Backup and Recovery Report)

46. 40% keep sensitive intellectual property on-premises to maintain tight control over proprietary assets. (2025 State of SaaS Backup and Recovery Report)

47. About 75% of organizations report having policies and controls in place to secure access to backup data across cloud, SaaS applications, endpoints, and servers/VMs. (2025 State of SaaS Backup and Recovery Report)

48. 25% of organizations have no policies or controls in place to prevent malicious access to their backup infrastructure. (2025 State of SaaS Backup and Recovery Report)

49. 44% of organizations that experienced a security incident involving shadow AI suffered data compromise. (IBM's 2025 Cost of a Data Breach)

50. 41% reported increased security costs as a result of shadow AI incidents. (IBM's 2025 Cost of a Data Breach)

The impact of disaster recovery on the workforce and productivity

Disasters and outages don't just affect systems. They take a significant toll on teams, forcing difficult tradeoffs and creating long-term operational challenges.

51. 92% of executives report their teams must occasionally deprioritize essential work in order to address unplanned downtime or outages. (Cockroach Labs' The State of Resilience 2025)

52. 66% say they are forced to deprioritize everyday tasks like improvements, maintenance, or administrative tasks frequently or even all the time. (Cockroach Labs' The State of Resilience 2025)

53. 48% of executives say their teams must work overtime and on weekends to fully restore normal operations after unplanned downtime. (Cockroach Labs' The State of Resilience 2025)

54. 48% say that unplanned downtime has derailed their tech teams from meeting objectives. (Cockroach Labs' The State of Resilience 2025)

55. 39% of organizations must conduct post-mortems and investigations following outages, creating additional unplanned work. (Cockroach Labs' The State of Resilience 2025)

56. Engineers are spending 33% of their time addressing IT disruptions. (New Relic's Observability 2025 Report)

57. 41% of IT leaders report that IT service issues are identified through manual checks, customer complaints, or incident tickets after the fact, which delays response. (New Relic's Observability 2025 Report)

58. Outages caused missed deadlines for 39% of organizations, work backlogs for 43%, and overtime or weekend work for 48%, driving burnout and turnover. (Cockroach Labs' The State of Resilience 2025)

59. 88% of companies experiencing frequent outages (several times per month or more) report team concerns about staff being fired, as do 88% of organizations where average outages last two hours or more. (Cockroach Labs' The State of Resilience 2025)

60. 38% experienced communication breakdowns between departments during major IT incidents and 39% saw an impact on decision-making during service disruptions. (2024 PagerDuty IT Outages Survey)

61. 35% saw delays in workflow and projects put on hold as a result of service outages. (2024 PagerDuty IT Outages Survey)

62. 93% of executives surveyed believe such incidents are disruptive to their teams, with 9% calling them severely disruptive. (2024 PagerDuty IT Outages Survey)

The leading causes of outages and downtime

Understanding what triggers disasters helps organizations prioritize their prevention and response efforts.

63. The top 5 reported causes of downtime are: 

• network issues (38%)
• software issues (36%)
• cyber attacks (36%)
• cloud service provider reliability (35%)
• third-party service failures (33%). (Cockroach Labs' The State of Resilience 2025)

64. Network failure is the top cause of IT outages (35%). (New Relic's Observability 2025 Report)

65. Third-party or cloud provider services failure accounts for 28% of IT outages. (New Relic's Observability 2025 Report)

66. Deploying software changes internally causes 28% of IT outages. (New Relic's Observability 2025 Report)

67. 31% of companies report experiencing an unplanned service outage due to human error. (Cockroach Labs' The State of Resilience 2025)

68. Approximately half of executives in the U.S. (48%), Australia (48%), the U.K. (47%), and Japan (53%), believe that limited access to real-time data tools will further hinder their organizations during an outage. (2024 PagerDuty IT Outages Survey)

69. 88% of executives believe another major IT outage as large as the July 2024 global outage will occur in the next 12 months. (2024 PagerDuty IT Outages Survey)

70. 91% of U.K. executives, 89% of U.S. executives, 88% of Australian executives, and 78% of Japanese executives believe that it's not a matter of "if" but "when" service disruptions will happen. (2024 PagerDuty IT Outages Survey)

71. 71% of executives across key markets agree that certain factors could make major IT incidents even worse if approaches to service disruption are not prioritized. (2024 PagerDuty IT Outages Survey)

72. 47% of IT executives believe that insufficient incident management planning will exacerbate the impact of major IT outages on their organizations. (2024 PagerDuty IT Outages Survey)

73. 43% of both IT and business executives agree that neglecting business continuity planning would worsen the effects of major IT outages. (2024 PagerDuty IT Outages Survey)

Disaster recovery planning statistics and top concerns

Despite the high stakes, many organizations remain underprepared for disasters, with significant gaps in planning, testing, and response capabilities.

74. Only 20% of respondents describe their organization as fully prepared for outages. (Cockroach Labs' The State of Resilience 2025)

75. Only 33% of organizations have an organized response approach to outages. (Cockroach Labs' The State of Resilience 2025)

76. 39% of executives describe their outage handling as "reactive", responding to outages as they occur with no formal protocols or response planning in place. (Cockroach Labs' The State of Resilience 2025)

77. Larger enterprises (1,000+ employees) are significantly more likely (49%) than smaller organizations to have formal protocols and preventive measures like continuous monitoring in place. (Cockroach Labs' The State of Resilience 2025)

78. 79% of technology executives admit their organization is not completely prepared to comply with new operational resilience governance regulations like DORA and the NIS2 directive. (Cockroach Labs' The State of Resilience 2025)

79. 44% of technology executives say they are losing sleep over the regulatory fines and penalties that come from unplanned downtime or outages.(Cockroach Labs' The State of Resilience 2025)

80. 85% of EMEA leaders report losing sleep over downtime-related fines, spiking from the 44% global average. (Cockroach Labs' The State of Resilience 2025)

81. 93% of leaders are concerned about the financial and organizational impacts of outages, and 95% are aware of operational weaknesses that leave them vulnerable. (Cockroach Labs' The State of Resilience 2025)

82. 48% say their organizations aren't doing enough to improve resilience, despite being aware of vulnerabilities. (Cockroach Labs' The State of Resilience 2025)

83. 36% of leaders worry about data getting corrupted or completely lost/destroyed during unplanned downtime, consistent across company size, longevity, revenue, and location. (Cockroach Labs' The State of Resilience 2025)

84. 86% of executives now realize they've been prioritizing security at the expense of readiness for service disruptions. (2024 PagerDuty IT Outages Survey)

85. Only 40% of organizations expressed confidence their backup and recovery solution can sufficiently protect critical digital assets in a disaster. (2025 State of SaaS Backup and Recovery Report)

86. 30% worry their organization doesn't have a good enough backup and recovery solution. (2025 State of SaaS Backup and Recovery Report)

87. Fewer than 10% of respondents said they would not change anything about their organization's approach to backup and disaster recovery. (2025 State of SaaS Backup and Recovery Report)

88. 30% of IT professionals have had nightmares about their company's backup and recovery situation. (2025 State of SaaS Backup and Recovery Report)

89. Virtually all organizations (100%) conduct at least some sort of resiliency testing to mitigate unplanned downtime or outages. (Cockroach Labs' The State of Resilience 2025)

90. The most common test is security vulnerability assessments (42%), followed by:

• regular system backups and restoration (38%)
• load and stress testing (38%)
• incident response drills (37%)
• scalability testing (37%)
• disaster recovery simulations (33%). (Cockroach Labs' The State of Resilience 2025)

91. A shocking 62% of organizations fail to do regular system backups and restoration exercises. (Cockroach Labs' The State of Resilience 2025)

92. 71% of organizations do no failover testing to ensure their outage prevention protocols are working. (Cockroach Labs' The State of Resilience 2025)

How organizations are investing and allocating resources for disaster recovery 

Organizations are recognizing the need for greater investment in disaster recovery capabilities, though priorities vary.

93. Organizations on average spent $1.9 million on incident responders in the last 12 months. (2024 PagerDuty Customer Incidents Survey)

94. Incident responders spend 38% of their time dealing with manual processes, which means the cost of manual work can reach $700,000 per year. (2024 PagerDuty Customer Incidents Survey)

95. Automation is becoming a priority, with IT leaders saying they’re under pressure to:

• reduce the cost of IT operations (56%)
• improve efficiency and productivity (55%)
• improve the user experience (47%)
• leverage AI quickly (47%)
• achieve cost savings (43%). (2024 PagerDuty Customer Incidents Survey)

96. The primary barriers to automating end-to-end incident response are:

• lack of alignment across IT (24%)
• budget constraints (22%)
• insufficient talent/expertise (16%)
• inadequate data management practices (16%)
• a lack of alignment across executive leadership (12%). (2024 PagerDuty Customer Incidents Survey)

97. The top 3 incident response tasks that are not yet fully automated:

• remediation steps (73%)
• mobilizing incident responders (72%)
• collaboration between teams (72%). (2024 PagerDuty Customer Incidents Survey)

98. 49% of organizations believe they need to make more investments in their hardware to improve resiliency. (Cockroach Labs' The State of Resilience 2025)

99. 49% believe their cloud infrastructure and services need additional investments. (Cockroach Labs' The State of Resilience 2025)

100. For nearly 25% of organizations, cost is their greatest challenge when it comes to protecting SaaS data. (2025 State of SaaS Backup and Recovery Report)

101. 22% of respondents cited maintaining compliance as their top challenge, while another 22% cited the recovery of data itself as equally pressing. (2025 State of SaaS Backup and Recovery Report)

102. 10% of respondents cited that the use of too many backup tools creates inefficiencies and increases operational challenges. (2025 State of SaaS Backup and Recovery Report)

103. 10% said alerting and reporting is their organization's biggest challenge, as a lack of actionable insights and visibility into backup systems makes it difficult to identify risks and missed backups. (2025 State of SaaS Backup and Recovery Report)

104. 55% of executives have observed a mindset shift towards continually evaluating and improving preparedness instead of viewing investments as one-time moves. (2024 PagerDuty IT Outages Survey)

105. 86% of IT leaders say their organization is making strides towards fully automating the end-to-end incident response process. (2024 PagerDuty Customer Incidents Survey)

106. 49% feel automation and AI-driven solutions would be valuable for improving resilience. (Cockroach Labs' The State of Resilience 2025)

107. 75% of businesses report a positive return from their observability investments, while nearly one in five (18%) say they are realizing 3-10X ROI. (New Relic's Observability 2025 Report)

108. The top benefit of observability for the business is the reduction in unplanned downtime, cited by 55% of leaders.(New Relic's Observability 2025 Report)

109. 96% of businesses currently deploy or have plans to invest in AI monitoring capabilities. (New Relic's Observability 2025 Report)

110. 38% of IT leaders believe AI-assisted troubleshooting would improve their organization's incident response or observability practice the most. (New Relic's Observability 2025 Report)

111. Organizations with at least 5 fully automated incident response processes resolved customer-impacting incidents in 2 hours and 40 minutes on average, 78 minutes faster than organizations relying on 5 or more manual processes. (2024 PagerDuty Customer Incidents Survey)

112. Organizations with automated incident response processes experienced 45% lower annual costs from customer-facing outages, averaging $16.8 million compared to $30.4 million for organizations with manual processes. (2024 PagerDuty Customer Incidents Survey)

113. Highly automated organizations experienced fewer high-priority incidents resulting in customer-facing outages annually at 23 incidents (a 43% year-over-year increase),  compared to 29 incidents and a 48% growth rate for organizations with manual processes. (2024 PagerDuty Customer Incidents Survey)

Join the prepared 20%: Start with a proven disaster recovery plan template

Organizations without formal protocols face higher outage costs and longer recovery times. With 80% of organizations unprepared for outages, a solid disaster recovery plan is your first line of defense. Use this template to establish formal protocols and start shifting from reactive to proactive disaster recovery.

Key takeaways: What these statistics tell us about disaster recovery

The disaster recovery landscape in 2025 reveals several critical patterns:

1. The preparedness gap is widening. 

Despite 93% of leaders being concerned about outages and 95% aware of vulnerabilities, only 20% describe their organizations as fully prepared. This disconnect between awareness and action puts businesses at significant risk.

2. Testing remains the weakest link. 

While 100% of organizations conduct some form of resiliency testing, 71% don't perform failover testing and 62% fail to do regular backup restoration exercises. Without testing, organizations don't know if their disaster recovery plans will work when needed.

3. The human cost is mounting. 

Beyond financial losses, disasters are creating workforce challenges. 92% of teams must deprioritize essential work during outages, 82% of leaders report staff worried about being fired, and teams are spending a third of their time fighting fires instead of advancing strategic initiatives.

4. Recovery times aren't improving fast enough. 

The average outage still lasts over three hours, with only 2% of organizations able to resolve issues in 60 seconds or less. As customer expectations for availability increase, these recovery times represent a growing competitive disadvantage.

5. Security and resilience are competing priorities. 

86% of executives now realize they've been prioritizing security at the expense of disaster preparedness. Organizations need integrated approaches that address both threat prevention and rapid recovery.

6. Cloud adoption is creating new vulnerabilities. 

With 61% of workloads expected to run on public cloud platforms within two years, organizations are discovering that cloud doesn't eliminate disaster recovery challenges. It transforms them. Third-party dependencies and limited control require different approaches to vulnerability management.

7. Automation delivers measurable ROI in incident response

Organizations with at least 5 fully automated incident response processes resolve incidents 78 minutes faster than those relying on manual processes, while experiencing 45% lower annual costs from customer-facing outages ($16.8M vs $30.4M).

Yet more than 70% of IT leaders report that remediation, mobilizing responders, and collaboration between teams, are not fully automated, and employee time spent on manual incident response processes cost organizations an average of $700,000 per year.

Strengthen your disaster recovery strategy with Secureframe

With 100% of technology companies experiencing revenue losses from outages, average incidents costing $4,537 per minute, and 71% of organizations failing to test their disaster recovery protocols, the gap between awareness and action has never been more dangerous.

Secureframe helps organizations close this gap by automating the most critical and most commonly neglected aspects of disaster recovery preparedness:

Automate control mapping and testing to disaster recovery requirements

Secureframe automatically tests disaster recovery-related controls across 50+ frameworks through integrations with your existing tech stack. This addresses the critical testing gap revealed in our statistics, ensuring continuous compliance without the manual burden that causes 62% of organizations to fail at regular backup and restoration exercises.

Use policy templates developed by compliance experts

Secureframe provides auditor-vetted policies and procedures, including disaster recovery and business continuity templates, to help the 33% of organizations without an incident response plan establish formal protocols. You can publish policies, assign owners, track acceptance, and manage periodic reviews all within the platform.

Get support from former auditors on new operational resilience regulations

With 79% of organizations unprepared for new operational resilience regulations like DORA and NIS2, Secureframe's in-house compliance experts and former security and compliance auditors offer guidance at every stage, from initial plan development to testing, updating, and aligning with framework requirements.

Automate continuous monitoring

Address the 41% of organizations that still learn about service interruptions through customer complaints and manual checks. Secureframe enables ongoing adherence to regulatory and cybersecurity requirements by automatically and continuously monitoring your tech stack, scheduling regular reviews, and surfacing issues before they escalate into the costly disruptions that average 196 minutes per incident.

Assess and mitigate risk proactively with AI

Comply AI automatically identifies, scores, and recommends treatment for risks while generating justifications, residual risk, documentation, and remediation guidance instantly. This helps organizations move beyond the reactive approach to incident response that 39% currently rely on.

Together, these capabilities help organizations prevent disasters where possible, minimize their impact when they occur, and maintain operational resilience year-round. Secureframe is designed to address the core challenges that keep 30% of IT professionals up at night worrying about their backup and recovery situation.

Don't wait for a disaster to reveal the gaps in your preparedness. Request a demo to assess and improve your disaster recovery posture today.