RESILIENCE · CONTINUITY2026-06-25·8 min read

Your backup isn’t real until you’ve restored it — what downtime and lost data actually cost, and why recovery is a systems decision

Q: If your primary system failed completely right now, exactly how much data would you lose and how many hours would you be down — and have you ever actually measured those two numbers, or only guessed at them?

Open question — discussed in the perspectives section of this article. No settled answer yet; see the linked references for current positions.

Q: When was the last time someone performed a full restore from your backups, end to end, and confirmed the recovered system actually worked — not just that a backup file exists?

Open question — discussed in the perspectives section of this article. No settled answer yet; see the linked references for current positions.

Q: Are any of your backups stored offline or in an immutable form the rest of your network cannot reach, or could a single ransomware event encrypt your live data and your backups at the same time?

Open question — discussed in the perspectives section of this article. No settled answer yet; see the linked references for current positions.

Q: Which parts of the business deserve a tighter recovery target than others — and have you set different RPO and RTO numbers for the customer ledger than for, say, last week’s marketing analytics?

Open question — discussed in the perspectives section of this article. No settled answer yet; see the linked references for current positions.

Q: How much of your continuity depends on rented apps whose backup and recovery guarantees you have never actually read — and what is their real promise if their service, not yours, is the thing that fails?

Open question — discussed in the perspectives section of this article. No settled answer yet; see the linked references for current positions.

A backup you have never restored is a hope, not a safeguard. Resilience is not a product you buy and forget — it is a property you design into your systems, measured by two numbers: how much data you can lose, and how long you can be down.

By Felukaa

[ THE SHORT VERSION ]

Every business owner believes they are covered. The hosting has backups, the laptop syncs to the cloud, the accountant keeps a copy — and so the question of "what happens if it all disappears tomorrow" gets filed under solved and never looked at again. It stays solved right up until the day a server dies, a database gets corrupted, an employee deletes the wrong thing, or ransomware locks every file you own. That is the day you discover the difference between having a backup and having a recovery — and for a frightening number of businesses, that day is the last one they trade.

The gap is not laziness. It is a category error. "Do we have backups?" feels like a yes/no IT question, so it gets answered once and forgotten. But a backup is not a thing you have; it is a thing you do — and the only proof it works is a restore you have actually performed. A copy you have never tried to bring back is a hypothesis. Most of the businesses that fail after a data-loss event did have backups. The backups were old, or partial, or silently broken, or sitting on the same system that just got encrypted, or simply never tested. The copy existed. The recovery did not.

This piece is about reframing continuity from an afterthought — a checkbox someone ticked when the system was built — into a deliberate design decision with two numbers attached. How much data can you afford to lose if everything goes down right now? How long can you be offline before the loss becomes existential? Answer those two honestly and the whole problem changes shape: it stops being "do we have backups" and becomes "is the business built to survive its own worst day." That is not something you buy. It is something you build in.

[ FIGURES ]

Figure 1 · The two numbers that define a recovery: RPO and RTO

Every recovery is defined by two gaps around the moment of failure. RPO — recovery point objective — is the distance back to your last good backup: the data you lose. RTO — recovery time objective — is the distance forward to being operational again: the time you are down. You do not get to skip choosing these; if you never decide them on purpose, the failure decides them for you, usually badly.

Figure 2 · From "we have a backup" to "we have a recovery"

A backup existing is the easy part — and the part everyone counts. The number that actually saves the business is the last bar: a copy that is tested, restores cleanly, and comes back fast enough to matter. Industry figures suggest roughly a quarter of recovery plans are never tested and more than half of backups fail when someone finally tries to restore them. The first bar is comfort; only the last bar is continuity.

[ EXPLANATION ]

Start with what downtime costs, because the number is larger and more immediate than most owners think. Splunk and Cisco’s study of the world’s largest companies put the aggregate cost of unplanned downtime at around six hundred billion dollars a year — a fifty percent jump in two years — working out to roughly fifteen thousand dollars a minute on average, and about ninety-five million dollars in lost revenue per organisation annually ^[1]. Those are enterprise figures and your business is not the Global 2000 — but the proportion does not shrink when you do. A small operation that takes orders, books appointments, or runs a till has the same problem at its own scale: when the system is down, the business is not earning, staff are paid to wait, customers go elsewhere, and the clock does not stop because you are small.

Downtime is the recoverable disaster. Data loss is the one that ends companies. The numbers here are stark and they have held steady for years: roughly one in four businesses never reopen after a major disaster, and of small businesses that suffer significant data loss, about sixty percent close within six months and seventy-two percent are gone inside two years ^[2]. A security breach is theft — someone takes a copy of what you have. Data loss is amnesia — the business forgets who owes it money, what it ordered, what it promised, who its customers are. You can survive being robbed. It is much harder to survive waking up with no memory of how to run yourself.

So the obvious defence is backups — and here is where the comfortable assumption falls apart. Having a backup and having a recovery are different things, and the gap between them is enormous. Surveys of disaster-recovery readiness find that around eighty percent of organisations are not genuinely prepared, that roughly a quarter never test their recovery plan at all, and — the figure that should stop you cold — that something like fifty-eight percent of backups fail when someone actually tries to restore from them ^[3]. The reasons are mundane: the backup silently stopped running months ago, it captured a corrupted database, it is missing the one system that mattered, or no one had ever practised the restore so it took three days under pressure instead of three hours. An untested backup is not a safety net; it is a story you tell yourself.

Ransomware has made this the central question rather than a peripheral one, because it attacks the recovery directly. The instinct is to assume that if you are hit you can just pay and get your data back — but that bet is failing more often every year. In Barracuda’s 2025 research, forty-one percent of organisations that paid the ransom still did not recover all their data ^[4], and CyberEdge found only fifty-four percent of paying victims recovered their data at all, down from seventy-three percent two years earlier ^[5]. Paying is not a recovery plan; it is a coin flip you are funding. The only thing that reliably brings a business back is a clean, isolated, tested backup the attacker could not reach — which means modern backups have to be kept offline or immutable, because ransomware now deliberately hunts down and encrypts the backups first.

The fix is to stop treating continuity as a product and start treating it as a designed property of your systems, anchored to those two numbers from the first figure. Decide your RPO and RTO deliberately — how much data you can lose, how long you can be down — for each part of the business, because they differ: losing an hour of orders is survivable, losing the customer ledger is not ^[6]. Then build to meet them: multiple copies on different media with at least one off-site and one immutable, automated so no human has to remember, and — the part everyone skips — restores tested on a schedule so you know the number is real before you need it. This is far easier when your business runs on systems you own and can reason about than when your data is scattered across a dozen rented apps you cannot see inside. Resilience is not bought in a panic after the failure. It is built in quietly, long before.

[ PERSPECTIVES ]

Camp A — This is paranoia; nothing has ever gone wrong

We have run for years, the cloud provider handles backups, and we have never lost anything serious. Spending real money and attention on disaster scenarios that may never happen is fear-selling — it is how vendors upsell. Keep it simple, trust the platform’s defaults, and put the effort into growth instead of insuring against ghosts.

Camp B — Buy the backup product and the box is ticked

Continuity is a solved, commoditised problem: subscribe to a reputable backup service, switch it on, and you are covered. The job is procurement, not engineering. Once the backup tool is running and the green light is on, the risk is handled and we can stop thinking about it.

Camp C — Recovery is a designed property, proven by restore

Backups are necessary but they are not the deliverable — a tested recovery is. The only evidence that you are protected is a restore you have actually performed against a target you set on purpose: a defined RPO and RTO per system, copies that are off-site and immutable, and a drill on the calendar. The green light is not proof; the rehearsed restore is.

Where we land

Camp C, without hesitation. Camp A is the assumption that buries most of the companies that never reopen, and Camp B is the comfortable half-measure that produces backups nobody has ever restored. Buy the tools — of course — but treat continuity as something you design and prove, not something you purchase and forget. Set the two numbers, build to them, and test the restore on a schedule. The day you need it is the wrong day to find out whether it works.

[ OPEN QUESTIONS ]

01If your primary system failed completely right now, exactly how much data would you lose and how many hours would you be down — and have you ever actually measured those two numbers, or only guessed at them?

02When was the last time someone performed a full restore from your backups, end to end, and confirmed the recovered system actually worked — not just that a backup file exists?

03Are any of your backups stored offline or in an immutable form the rest of your network cannot reach, or could a single ransomware event encrypt your live data and your backups at the same time?

04Which parts of the business deserve a tighter recovery target than others — and have you set different RPO and RTO numbers for the customer ledger than for, say, last week’s marketing analytics?

05How much of your continuity depends on rented apps whose backup and recovery guarantees you have never actually read — and what is their real promise if their service, not yours, is the thing that fails?

[ REFERENCES ]

[1]Cisco / Splunk — "The $600 Billion Wake-up Call: New Splunk Research Reveals Downtime is a Systemic Business Crisis" (Hidden Costs of Downtime 2026): ~$600B annual cost for Global 2000, ~$15,000 per minute average, ~$95M lost revenue per organisation per year.
Verify Archive
[2]Invenio IT — "25 Disaster Recovery Statistics That Prove Every Business Needs a Plan": FEMA ~1 in 4 businesses never reopen after a major disaster; ~60% of small businesses close within six months of significant data loss and ~72% within two years.
Verify Archive
[3]Secureframe — "The Disaster Recovery Gap: 110+ Statistics": ~80% of organisations are not adequately prepared, ~23% never test their disaster-recovery plan, and ~58% of backups fail during recovery.
Verify Archive
[4]CSO Online — "Ransomware recovery perils: 40% of paying victims still lose their data" (Barracuda 2025 Ransomware Insights Report): 41% of organisations that paid the ransom still failed to recover all their data.
Verify Archive
[5]CyberEdge Group via Business Wire — "Only Half of Ransomware Victims Recover Data After Paying" (2025 Cyberthreat Defense Report): only 54% of ransom-paying victims recovered their data, down from 73% two years earlier.
Verify Archive
[6]Ready.gov (U.S. Department of Homeland Security) — "IT Disaster Recovery Plan": defines recovery time objective (RTO) and recovery point objective (RPO) and the role of tested backups in business continuity.
Verify Archive

[ Could your business survive its worst day? ]

We build continuity into the systems we deliver — tested recovery, not a backup nobody has ever restored.

Owning your systems means we can set a real recovery target for each one, keep copies off-site and immutable, automate the whole thing, and rehearse the restore so the number is proven before you ever need it. Fifteen minutes to map how much data you could lose right now and how long you would be down — and what it would take to make both survivable.

Book a free 15-min consultation