The IDC White Paper, titled 'The State of Disaster Recovery and Cyber-Recovery, 2024–2025: Factoring in AI,' pulls its insights from a survey carried out across North America, Western Europe, India, and Australia, among organizations with 500 to 10,000+ employees. Respondents reported an average of 4.2 data disruptions per year requiring an IT response with one ransomware attack and one internal attack per year on average.
Across respondents, the weakness of a backup-only recovery strategy was evident. For instance, 48% of organizations in the survey that paid a ransom indicated they did so despite having valid backups, with the most common reasons cited being a desire for a speedier recovery or minimized data loss. Nonetheless, only 20% of ransom-payers were able to fully recover their data after payment, creating a "worst of both worlds" situation in which organizations deploy and maintain backup environments without any concrete advantages in the event of an attack.
These challenges are exacerbated by worsening personnel issues: according to the report, the most commonly cited disaster recovery (DR) challenges for organizations are "IT personnel time and resource availability" and "IT personnel skills and knowledge." The same applies to cyber recovery, with 34% of respondents citing "keeping recovery processes up to date" as a primary challenge in this arena and 31% of respondents citing "staff knowledge and skill sets."
In response to these challenges, the report highlights the importance of a holistic approach to DR and cyber recovery (CR) in which "backup and recovery, disaster recovery, and cyber-recovery" build on each other and provide a higher degree of data protection. Continuous data protection (CDP) in particular provides essential support here, allowing organizations to recover to a point just prior to the attack and consequently minimize any data loss. Unified solutions like these enable organizations to scale systems without proportionally adding staff — an essential benefit since, per IDC, IT organizations tend to take a cautious approach to hiring.
At the same time, businesses remain split on the future of AI. While most respondents claim that AI will have a "significant" impact on DR/CR down the line, a strong majority — 59% — don't think current AI is trustworthy for DP/CR. Meanwhile, although the vast majority of organizations are using cloud for backup/DR, 58% are still protecting a majority of their apps purely on-premises, suggesting that on-prem remains a highly viable backup/DR solution. Overall, 40% believe AI will provide a greater benefit than a threat.
"It’s unfortunate to see organizations funneling resources into backup processes only to realize that it was all for naught — paying the ransom money and losing the data," said Phil Goodwin, research vice president, IDC. “What's clear is that only a holistic approach can eliminate these negative outcomes and keep organizations safe. In particular, CDP will prove increasingly central to unified data protection efforts in months and years to come."
"Organizations are increasingly responsible for data environments whose complexity they are unequipped to handle and whose integrity they are ill-prepared to safeguard," said Caroline Seymour, vice president, storage product marketing, HPE. "This is not the fault of any individual organization, but it does demand a more sophisticated approach to data protection — one in which traditional backup is not the be-all-end-all but instead one of a suite of complementary tools, including CDP."
