Why your data isn't as safe as you think and what it could cost you

April 2, 2024
The assumption that data is automatically backed up in the cloud is one that can have costly consequences.

We’ve all been guilty of not backing up important files, only learning our lesson after losing family photos, documents or homework. But for businesses, not backing up data can be a costly mistake. To mark this year’s World Backup Day, Alan Stephenson-Brown, CEO at Evolve, reveals the biggest backup mistakes you don’t know you’re making, and shares industry best practices.

Businesses use data for everything — sales, marketing, logistics, staffing. When it’s lost, things quickly grind to a halt.

With so much at stake, it would make sense for every business to back up its data regularly. But after the rate of backups saw a drastic uptick following the onset of the COVID pandemic and the rise in remote work, numbers have now dropped off.

According to the World Backup Day website, 21% of people have never made a backup, and 30% of all computers are already infected with malware. Although 99% of IT decision-makers say they have backup strategies in place, 26% acknowledge that they couldn’t fully restore all their data or documents when recovering from a backup.

Among our own clients we see a worrying assumption that data is automatically backed up in the cloud, but it’s an assumption that can have costly consequences.

Cost to businesses

Calculating the cost of data loss is difficult for two reasons. Firstly, because it can vary widely depending on the size of the business and how valuable the data is. Secondly, because the end cost ultimately depends on the consequences of the loss, not necessarily the missing files alone.

However, there is no doubt that a typical data-loss event can be incredibly expensive. One recent report found that “small” instances of data loss (around 100 lost or compromised records) cost businesses an average of $18,120 to $35,730, while large-scale data loss (100+ million records) costs an average of $5 million to $15.6 million.

But it can be more helpful to think of the cost of data loss in terms of the cost of the downtime that follows. Depending on a company’s size, costs of downtime can vary from $10,000 per hour to more than $5 million per hour.

Common Causes of Data Loss

There are many ways data can be lost. These include hardware failures, malware, malicious deletion by internal employees, or even physical on-site events like fires.

According to the 2023 Verizon Data Breach Investigations Report:

  • 74% of breaches in 2022 involved a human element, such as error or misuse.
  • 24% of all breaches involved ransomware.
  • 83% of breaches involved external actors, such as criminal organisations.
  • 49% of external actors used stolen credentials in their attacks.

In 2022, the NHS fell victim to a major ransomware attack which saw the NHS 111 service being taken offline alongside management systems for GP surgeries, care homes, and mental health services being affected. Since then the healthcare industry remains a common target for ransomware, with the NHS Trust confirming it was affected by a ransomware attack in June 2023. 

No business or sector is immune, however, so best practices for data back up need to be followed.

Top tips for protecting business data

1. Understand the causes of a breach

This understanding can help take simple preventative steps. Hard drives, for example, will eventually fail because they have a defined lifespan. If you are aware of this inherent limitation you can schedule timely replacements to reduce the risk of unexpected failures that result in data loss.

Likewise, the knowledge that human error plays a role in many breaches, which can be mitigated through training and education.

The data loss risks your business faces also inform the types of backups that you use. For example, if your physical premises are located in a flood plain, consider the value of off-premises and cloud backups.

2. Data mapping

This exercise we use during the onboarding process to identify where data is stored. It’s a great way to determine what kind of backup is best for individual businesses.

3. Follow the 3,2,1 rule

Back up three copies of data, in two separate locations, and make sure one is the cloud.

4. Choose the right storage

Local: Local storage may be the better option to ensure your data is secure and physically controlled. Among businesses, 33% of users now rely exclusively on local backups.

Cloud: Conversely, cloud storage could be more convenient and cost-effective if your data isn't sensitive or there are no regulatory limits on third-party providers. As of 2022, around 60% of all corporate data was stored in the cloud.

Hybrid: Although many experts believe hybrid backup, combining cloud and local storage, is the best possible data backup solution, only 12% of IT users were using this model according to a recent study.

5. Monitor backups daily.

This may seem excessive, but we recommend daily backup testing - backing up data is useless if the backups themselves fail.  

Make sure to document your backup strategy and testing plan, including the backup types, schedules, goals, metrics, methods, and frequency. Additionally, review and analyse backup test results by using reports and logs that can show the status and performance of your backups and restores.

Although many businesses are not backing up their data as frequently as we would recommend, we know there is a growing awareness of how important measures like these can be. In a 2023 survey, more than one-third of businesses said they planned to increase cybersecurity spending over the next year, including expanding and upgrading their cloud systems.


Alan Stephenson-Brown is a senior international telecommunication, network security, and payments specialist with a proven track record of developing, securing, and managing clients at the highest level. His experience spans across 28 countries worldwide, where he has delivered impressive business growth, including securing major contracts with Barclays, the Royal Bank of Scotland, and Tesco, and co-founded TNS.

Alan successfully spearheaded the corporate side of Tuxedo Money Solutions and headed the international sales and business development for Phoenix Managed Networks, which led him to where he is today, as Evolve's Managing Director. Since his appointment, he has helped grow the business, expanding services to 11 countries and 7500 endpoints, with revenue growth reaching over £17 million.

Throughout his career, Alan has secured contracts worth millions, negotiated acquisitions of over 12 companies, and introduced the first PCI Level 1 certified secure network management solution to the UK market.

A true leader, Alan completed a master's degree while still achieving excellence in all aspects of business and has a Chartered Directorship with the Institute of Directors. He's an investor, a director, a sales and business development expert, and a visionary who has proven his capabilities on an international platform.