As data loss continues to disrupt businesses, understanding its causes and impact has never been more critical. Cyberattacks, system failures, and human error all contribute to the challenge, making data protection for mobile devices and on-site infrastructure a top priority for technology leaders.
To gain deeper insights into these challenges, we leveraged AI-driven audience profiling to synthesize insights from opinions expressed online to a high statistical confidence level. Our profiling covered 71,353 technology leaders in the U.S. over a 12-month period ending on February 17, 2025. The results reveal how businesses are impacted by data loss, the leading causes, and the strategies organizations use to protect their critical information.
What Is Data Loss?
Data loss happens when important information becomes inaccessible, corrupted, or permanently deleted—often with no way to recover it. The impact can be severe, whether the loss is caused by a ransomware attack encrypting critical files, a hardware failure wiping out stored data, or an employee mistakenly deleting key records.
While backup systems and disaster recovery plans help reduce the risks, no organization is completely immune. 72% of organizations report an increase in cyber risks in the last year, making understanding and preventing data loss more important than ever.
Describe The Level Of Data Losses Your Business Experienced
67.7% businesses experience significant data loss
The vast majority of businesses have faced data loss, resulting in severe disruptions. Our graph reveals the scale of these losses:
Data loss can be catastrophic, with 93% of companies that experience prolonged data loss going bankrupt, 25.90% of recovery efforts consuming significant staff resources, and downtime costing small businesses an average of $1,410 a minute.
Our audience reflects this reality, with 67.7% of businesses reporting significant data loss while only 32.3% experienced minimal impact.
With 67.7% of businesses experiencing significant data loss, it’s clear that organizations continue to struggle with protecting their critical information. Beyond financial losses, downtime, reputational damage, and compliance risks make data loss a serious threat to business continuity.
Andrew Evers, CTO at Infrascale, emphasizes why proactive data protection strategies are essential:
“For businesses, data loss isn’t just an IT issue—it’s an existential threat. Without a recovery plan in place, companies risk losing not only their data but also their customers’ trust and their ability to operate.”
This is why organizations must think beyond just backup—they need fast, reliable recovery that minimizes disruption.
Healthcare Industry Data Loss Statistics
The healthcare sector continues to grapple with widespread data loss, driven largely by cyberattacks. One of the most shocking incidents in 2024 was the Change Healthcare cyberattack, which exposed sensitive information from up to 190 million people, making it the largest healthcare data breach in U.S. history.
This wasn’t an isolated event. Over the course of 2024, the U.S. Department of Health and Human Services recorded 720 incidents of healthcare data breaches, compromising 186 million user records. These breaches led to real data loss, with hospitals, insurance providers, and healthcare systems struggling to recover critical patient information.
The financial impact is just as staggering. For the 14th consecutive year, healthcare tops the list as the industry with the most expensive data breach recoveries, with an average cost of $9.77 million per incident. With numbers like these, it’s clear that stronger data protection strategies aren’t just necessary; they’re urgent.
Describe The Level Of Confidence In Cloud Storage?
27.1% consider cloud storage a secure option
As organizations continue shifting toward cloud-based solutions, confidence levels vary. This is reflected in our graph:
Of our audience of 71,353 technology leaders in the U.S., 27.1% describe cloud storage as a secure option, and another 7.2% rate its security level as high. Research supports this confidence, with 94% of managers previously reporting improved security after adopting cloud applications. However, a significant portion—24.2%—value cloud storage primarily for its flexibility rather than security.
Greater flexibility (19.9%) also plays a major role in cloud adoption. However, 11.1% believe cloud storage complicates security, and 6.4% say it makes management more difficult. This highlights that while cloud adoption continues growing, some organizations still struggle to balance convenience and control.
At the lower end, 2.8% cite significant risks and 1.4% view cloud storage as outright less secure than alternatives. Though a small percentage, these concerns reflect ongoing debates around compliance, misconfigurations, and reliance on third-party providers.
Evers points out why businesses must be strategic about their cloud security approach:
“Cloud storage is flexible, durable, and scalable, but it’s a building block not a complete solution. Configuration issues have been known to expose data. Additional protections like encryption, identity management, and access controls should be deployed. Customers also need retention management for cost and legal purposes, dashboards and reporting for management. Without a managed solution for offsite backups organizations are leaving themselves vulnerable to data loss, data leaks, and cyberattacks.”
Businesses must ensure their cloud strategy includes layered security measures to prevent misconfigurations, breaches, and unauthorized access.
Where Have Most Of Your Data Loss Incidents Occurred?
85.6% of data loss incidents happen in cloud storage
As businesses increasingly rely on cloud-based solutions, the risks of data loss in these environments have grown, as is evident in our audience’s responses:
With 85.6% of reported incidents occurring in the cloud, it’s clear that cloud security remains a pressing concern. Broader industry data reinforces this, with IBM’s 2024 Cost of a Data Breach Report finding that 82% of breaches involved cloud-stored data. Cloud environments may offer flexibility and scalability, but they also introduce vulnerabilities.
Local servers account for just 14.4% of incidents, indicating that traditional on-premises storage, while not immune to failure, may offer greater control over security and access management.
The overwhelming majority of data loss incidents now occur in cloud environments, highlighting the urgent need for better cloud security and disaster recovery measures.
As Evers explains:
“Software as a Service solutions are a game-changer for business agility, but customer’s don’t always understand shared responsibility models. Too often, organizations assume their cloud or application provider is responsible for data protection—only to find out the hard way that this protection only covers failures at the cloud provider – not human error, malware, misconfiguration, incorrect retention, and accidental or deliberate deletion of data.”
Businesses must take an active role in securing and backing up their cloud-stored data to mitigate these risks.
What Are The Most Common Causes Of Data Loss Incidents In Your Organization?
Malware accounts for 31.2% of data loss incidents
Data loss can stem from many sources, but as our statistics show, some risks overshadow the rest, creating serious business challenges.
At 31.2%, malware is the top cause of data loss, highlighting the growing impact of cyber threats. Ransomware, trojans, and other attacks can encrypt or erase critical files, locking businesses out of essential systems. However, cyberattacks aren’t the only threat; system outages (30.1%) are nearly as disruptive.
Industry data suggests human error is the leading cause of data loss, with estimates ranging from 20% to 95%. Verizon’s 2024 Data Breach Investigations Report found that 68% of breaches involved a non-malicious mistake. Yet, human error accounts for just 4.1% of incidents in our data. This discrepancy raises a key question: Are businesses underreporting or misclassifying errors? Many may fall under categories like insider threats (19.5%) or inadequate backup strategies. While organizations invest heavily in cybersecurity, they may overlook a preventable risk—their employees mishandling data.
Data corruption (5.4%) and software bugs (2.6%) show that cyberattacks or human mistakes don’t always cause data loss. Sometimes, internal system failures are to blame. Similarly, inadequate backups (2.5%) and hardware failures (2.1%) highlight weaknesses in IT infrastructure, where a minor lapse in redundancy can turn a small issue into a major crisis. At the bottom, natural disasters (1.4%) and network failures (1.1%) are the least common causes.
If Cyberattacks Contributed To Data Loss, Which Types Of Attacks Were Most Common?
Ransomware causes 36.7% of data loss
Cybercriminals use a variety of attack methods, but as our graph reveals, a handful account for most data loss incidents:
Cyberattacks remain a major driver of data loss, and in just Q3 of 2024, a whopping 422.61 million data records were leaked in data breaches. With our audience, ransomware (36.7%) stands out as the most common culprit. This isn’t surprising as ransomware attacks continue to evolve, targeting businesses of all sizes with sophisticated encryption techniques that lock organizations out of their own data. In 2023, nearly seven in 10 organizations in the U.S. were targeted by ransomware, reinforcing its status as a top cybersecurity concern. These attacks not only encrypt business-critical data but also leave organizations with costly recovery decisions—often forcing them to pay ransoms just to regain access.
Evers warns that businesses must be proactive, not reactive, in their defense strategies:
“Ransomware isn’t going away—it’s evolving. Attackers are finding new ways to bypass defenses, infiltrate networks, and hold businesses hostage. Attacks themselves are automated and indiscriminate, much like spam. The only true defense is preparation: comprehensive backups, endpoint protection, and disaster recovery solutions that ensure data can be restored without paying a ransom.”
Investing in proactive cybersecurity and backup strategies is essential for minimizing risk and ensuring business continuity.
Social engineering attacks account for 18.6% of reported data loss cases, highlighting the effectiveness of deception-based tactics. Phishing, smishing, and business email compromise (BEC) were the leading causes of data breaches in the U.S. in 2023, making up 18% of all cyberattacks that resulted in a personal data violation. Phishing alone accounts for 10.6% of data loss incidents in our findings.
Malware (15.7%) is another major contributor to data loss, showing that beyond ransomware, other forms of malicious software continue to wreak havoc on corporate networks. Distributed Denial-of-Service (DDoS) attacks (7.4%) demonstrate that cybercriminals are also leveraging volume-based attacks to cripple businesses, potentially leading to service disruptions and data loss.
While insider threats (5.8%) remain less common, they still present a serious risk, especially when considering that breaches caused by employee error, negligence, or intentional wrongdoing often go undetected until significant damage has been done. More advanced threats, such as zero-day exploits (3.2%), man-in-the-middle attacks (1.0%), credential stuffing (0.7%), and SQL injection (0.4%), round out the list, showing that cybercriminals continue to exploit a wide range of attack vectors.
Which Backup Storage Approach Do You Primarily Use?
Offsite backup accounts for 48.5% of all backup storage strategies
As businesses continue to prioritize data security, their choice of backup storage plays a critical role in safeguarding information. Here’s which approaches are most common:
Nearly half of technology leaders in our study (48.5%) rely on offsite backups, making it the go-to solution. With growing concerns about cyberattacks, system failures, and data loss, offsite storage offers peace of mind by keeping backups safe from on-site disasters.
Despite being considered old-school, 29.8% of businesses in our study still use tape backup. It may not be the fastest option, but it’s reliable and cost-effective. Plus, since it’s not online, it’s immune to cyber threats like ransomware.
On-site solutions like local backups (12.7%) and external hard drives (0.2%) are far less common, likely due to risks like hardware failure, theft, or physical damage. Meanwhile, cloud storage sits at 7.2%, suggesting many businesses still hesitate to put all their trust in the cloud. However, cloud backup adoption is growing fast. The global cloud storage market is projected to grow from $161.28 billion in 2025 to $639.40 billion by 2032.
Interestingly, hybrid solutions, which combine on-site and cloud storage, are only used by 1.7% of businesses in our audience. Given their flexibility and redundancy, this number could rise as companies look for a balance between control and convenience.
What’s Your Priority Investment In The Next 12 Months To Reduce Data Loss?
26.7% say cloud security is their #1 short-term investment
With data loss a growing concern, here’s how our audience of business leaders is making strategic investments to stay ahead of the risks:
Due to ever-increasing concerns about data privacy and security, the data loss prevention (DLP) market has shown rapid growth and is projected to increase from $1.24 billion in 2019 to $3.5 billion by the end of 2025.
Businesses are investing in different areas of DLP, and for our audience, cloud security is the top priority, with 26.7% focusing on it over the next 12 months. This trend is reflected globally, with cloud infrastructure spending expected to grow by 19% in 2025 as companies ramp up protection against cyber threats.
Backup systems come in second at 21.8%, reinforcing how vital reliable DLP solutions are. Disaster recovery follows at 16.1%, showing that companies are thinking beyond prevention and preparing for worst-case scenarios. Network security (14.6%) remains a major focus as cybercriminals find new ways to exploit vulnerabilities.
Lower down the list, incident response (5.8%) and data loss prevention (3.9%) indicate that while companies want to prevent data loss, many still prioritize protection over rapid response. Data encryption (3.6%) and compliance tools (2.9%) also see relatively low investment despite their critical role in safeguarding sensitive data.
Monitoring systems (2.6%) and employee training (1.8%) receive the least focus. Given that so many data breaches are caused by human error, it’s surprising that security awareness training isn’t a bigger priority.
What Advice Would You Share To Prevent Recovery From Data Loss Incidents?
Essential data backup tops the list at 30.2%
A layered approach to data protection helps minimize both risk and recovery time. Here’s what our audience suggests:
Essential data backup is the #1 advice, with 30.2% of technology leaders saying it’s the most important step in preventing and recovering from data loss. A reliable backup ensures that lost files can be restored quickly, keeping downtime to a minimum. However, 1.7% flagged unreliable backups as a concern, showing that simply having a backup isn’t enough; it must be tested and maintained regularly.
A disaster recovery plan (23.8%) is the second most common recommendation. A solid recovery plan helps teams act fast when things go wrong, reducing disruption and financial losses. On the prevention side, essential prevention tools (21.0%) rank highly, showing that many respondents are focused on stopping data loss before it happens. Strong cybersecurity measures (4.1%) and cloud storage solutions (4.0%) also make the list, though they rank lower than backup and recovery. This suggests that many teams still see data protection as something to fix after an incident rather than preventing it altogether.
Security basics like encryption (3.2%) and access controls (2.5%) also get attention, highlighting the importance of securing data at the source. However, 0.6% noted that encryption alone isn’t enough, reinforcing the need for a multi-layered security approach.
One of the more surprising findings is that employee training (2.3%) sits near the bottom of the list, despite human error being a major factor in data loss. Similarly, data classification (1.3%), incident response plans (1.2%), and regular audits (0.9%) are among the least-cited strategies, showing that structured risk management may not be a top priority for some teams.
Winding it up, not having sufficient tools (0.7%) and unreliable cloud storage (0.3%) point to concerns about the effectiveness of current solutions.
Firmographics
Which Industry Best Describes Your Organization’s Primary Focus?
41.4% of organizations focus on healthcare
Our audience operates in numerous industries. In the graph below, we can see the statistical split:
41.4% of our audience work in healthcare, making it the most represented sector. This isn’t surprising, as healthcare organizations deal with vast amounts of sensitive data, making them a frequent target for cyber threats.
Manufacturing follows at 25.1%, confirming its status—alongside healthcare—as one of the two most vulnerable industries to data breaches in 2024. With increasing cyber threats targeting supply chains and business partners, manufacturers face growing risks of data theft and operational disruptions.
Energy (15.1%) ranks third, with cybersecurity playing a crucial role in protecting critical infrastructure. Other industries include real estate (6.8%), retail (3.7%), and transportation (2.9%), all of which have their own unique security challenges.
The remaining industries—telecommunications (2.1%), finance (1.7%), information technology (1.1%), and education (0.1%)—round out the list. While less represented in our data, these industries still face significant cybersecurity risks as digital transformation accelerates.
Region
Pacific region leads with 31.3% U.S tech professionals
Technology leaders come from a wide range of regions, with notable concentrations in key areas, as is evident in the following graph:
The Pacific region has the largest share at 31.3%, reflecting its status as a major tech hub. The Mid-Atlantic follows at 17.3%, with East North Central close behind at 16.6%. These regions are home to major business and financial centers, making them key locations for technology and data security leadership.
Other well-represented areas include the South Atlantic (13.2%) and West South Central (6.9%), regions that have seen significant growth in tech industries. The Mountain region (5.0%) and New England (4.0%) also contribute, reflecting the increasing spread of technology leadership beyond traditional coastal hubs.
Smaller shares come from the East South Central (3.1%) and West North Central (2.5%), indicating that while technology leadership is present nationwide, some areas remain less concentrated in the field.
About the data
Sourced from an independent sample of 71,353 technology leaders in the US expressing opinions online across X, Quora, Reddit, TikTok and Threads. Responses are collected within a 65% confidence interval and 8% margin of error.
