How much does data loss cost?

Data loss can have devastating consequences for businesses, costing millions of dollars in lost revenue, productivity, and customer trust. With data growing exponentially, and cyber attacks on the rise, understanding the true cost of data loss is more critical than ever.

What causes data loss?

Data loss can occur for many reasons:

  • Hardware failure – Hard drives and other storage media can suddenly stop working, resulting in data that cannot be accessed.
  • Software failure – Bugs, viruses, and configuration errors can corrupt data or make it inaccessible.
  • Human error – Employees accidentally deleting files or overwriting data with bad data is a common occurrence.
  • Theft – Hackers stealing data through malware, phishing, or insider threats.
  • Natural disaster – Fires, floods, earthquakes, and power surges can destroy data centers.

How much data is lost?

Various studies have attempted to quantify the amount of data loss businesses experience:

  • IBM estimates that on average, data loss costs companies $3.96 million per year.
  • A Panetta Institute study found that 43% of companies experiencing a disruptive event for 10+ days filed for bankruptcy within 36 months.
  • The Aberdeen Group found that businesses experience an average of 1.2 ‘severe’ data loss events per year resulting in 24+ hours of downtime.
Company Size Hours Lost Per Employee Per Year
Small (under 100 employees) 37.8
Medium (100-1000 employees) 32.5
Large (over 1000 employees) 25.1

As this table shows, the amount of productivity lost due to data unavailability adds up quickly, especially for smaller businesses with less resilient IT infrastructure.

Short-term costs of data loss

When critical business data suddenly becomes unavailable, the short-term consequences are severe:

  • Lost productivity – Employees cannot complete their work without access to the data they need. Meetings and decisions are postponed. Critical business processes slow or halt.
  • IT expenses – IT staff must work overtime to restore data from backups. Outside experts may need to be hired. New hardware may need to be hastily purchased to get the business operating again.
  • Legal and regulatory fines – Failure to provide data to meet compliance requirements can result in steep fines. In the EU, GDPR non-compliance fines can be up to 4% of global revenue.

A Ponemon Institute study found the average cost of downtime per hour to be:

  • $301,000 for large enterprises
  • $215,000 for medium enterprises
  • $173,000 for small enterprises

With the average downtime lasting multiple hours or days, short-term data loss costs can rapidly escalate to millions of dollars.

Long-term costs of data loss

Losing critical company data can also have significant long-term impacts:

  • Permanent loss of intellectual property – Source code, designs, trade secrets and other proprietary data may be lost forever with no backups.
  • Decreased customer confidence – Customers will have doubts about a company’s reliability and competence after a significant data loss event.
  • Lost competitive advantage – R&D projects disrupted by data loss may fall behind competitor offerings.
  • Inability to make strategic decisions – Missing historical data hinders leaders’ ability to spot trends and make fully-informed decisions.

These lasting impacts echo through the years following a major data loss in the form of reduced revenue and market share.

Hard costs vs. soft costs

Data loss consequences fall into two categories:

  • Hard costs – Concrete financial losses like productivity declines, fines, IT expenses and contractual penalties.
  • Soft costs – Intangible damage like loss of customer and employee trust, lower morale, and tarnished brand reputation.

Most data loss cost estimates only include the direct hard costs. Yet the soft costs often inflict greater long-term damage due to lost opportunities and reduced competitiveness.

Costs by industry

While all businesses feel the sting of data loss, some industries suffer considerably higher costs:

Industry Average Data Loss Costs
Health care $6.2 million
Energy $5.4 million
Pharma $5 million
Financial $4.8 million
Technology $4.7 million
Industrial $4.5 million
Education $4.3 million
Media $3.8 million
Retail $3.6 million

Industries like healthcare and financial services that depend on large volumes of highly sensitive data suffer the most severe losses from data unavailability. They also frequently face strict regulatory data retention and security requirements.

Data loss probability

What are the odds of a business experiencing a disruptive data loss event in a given year? A leading study by the Ponemon Institute found the probability to be:

  • Small companies (under 100 employees): 33% chance
  • Medium companies (100 – 500 employees): 51% chance
  • Large companies (over 500 employees): 60% chance

As these statistics reveal, data loss is practically inevitable over time. Mid-size and large businesses face better than even odds of a significant data loss occurring in a given 12-month period.

Preventing data loss

Given the massive hard and soft costs involved, proactively preventing data loss needs to be a top priority. Some key data loss prevention best practices include:

  • Comprehensive backup policies with regular testing
  • Archiving old or redundant data
  • Using RAID disk configurations for redundancy
  • Encrypting data at rest and in motion
  • Restricting file access with rights management
  • Employee cyber security training
  • Offsite replication of critical data
  • Monitoring network for suspicious activity

A robust data loss prevention strategy combined with cyber liability insurance can greatly reduce both the likelihood and the impact of critical company data suddenly becoming inaccessible.

Data backup solutions

The most fundamental data loss prevention tactic is consistent backups. Backup options include:

  • External hard drives – Inexpensive local backup storage
  • Tape drives – Reliable long-term archival of data offline
  • Cloud storage – Flexible offsite backup through third-party services
  • Cloud backup – Managed cloud-based backup solutions
  • Hybrid backup – Combining local, external and cloud data copies

Cloud-based backup offers advantages like lower upfront costs, greater scalability and geographic redundancy. But backing up locally via external hard drive also provides fast recovery and air gap security.

A hybrid 3-2-1 backup strategy (3 copies, 2 different media, 1 offsite copy) combines the best of both worlds for most robust data protection.

Data recovery services

When data loss incident does occur, data recovery services can often retrieve the lost files or databases:

  • Logical recovery – Repairing corrupted file systems or software faults
  • Physical recovery – Repairing failed or damaged hardware media
  • Forensic recovery – Reconstructing data after deletion or system damage

Data recovery success rates depend on the cause and extent of data loss. Logical recovery has over 90% success rate, while forensic recovery from a smashed disk or cryptolocker virus may only have 50% chance of partial restoration.

While data recovery can seem expensive, it maximizes the chances of minimizing long-term data loss costs by rescuing intellectual property and productivity data.

Employee data loss training

Human error causes a large portion of data loss incidents. Regular cyber security and IT best practices training for employees can significantly reduce losses from mistakes like:

  • Accidentally deleting or overwriting files
  • Falling for phishing schemes and ransomware attacks
  • Improper access and sharing of sensitive documents

Low-cost periodic training inoculates against high-cost data loss errors. Instilling a top-down culture of data security and accountability further safeguards critical business data assets.


In summary, data loss inflicts heavy costs on businesses in lost revenue, productivity declines, IT expenses, fines, reputational damage, and long-term competitiveness impacts. With high annual probabilities, effective prevention defenses like redundant backups and employee training deliver a multiplier return on investment. While human mistakes and technology failures cannot be eliminated, mitigating the impact of data loss through recovery capabilities and resilience planning limits financial risks and safeguards the business against potential catastrophe.