Loss of Security Perimeter: Businesses have lost control of a defined security perimeter due to dependence on “agentic” AI and hundreds of third-party SaaS tools. Attackers have focused on identity compromise rather than network hacks. Attackers abuse AI technologies to automate MFA bypass using session hijacking and social engineering attacks.
Organizations struggle with billions of nonhuman identities being managed manually that are increasingly overprivileged. To survive 2026, organizations will need to shift focus from static point-in-time security audits to continuous posture management & automation-first governance to protect data in-motion across the borderless, multicloud ecosystem.
Organizations have lost control of where their sensitive data resides. This created a massive visibility gap where sensitive data is “shadowed” and unmanaged.”
Cloud computing is now about 20 years old. For numerous years businesses have implemented cloud technology as part of their infrastructure.
The significant amount of data organizations continue to transfer to the cloud stands out as noteworthy. According to the Hacker News “SaaS Backup and Recovery Report in 2025” - 54 percent of workloads function within cloud-based environments. By 2026 experts predict this percentage will rise to 61 percent.
According to G2 cloud computing statistics - 65 percent of businesses are planning on increasing their cloud budgets. In addition, spending on public cloud is expected to double between 2024 and 2028, according to IDC research. Worldwide investments in SaaS applications are expected to double in that same time frame.
What this means for data protection…
Cloud and SaaS data protection is about to become even more important than it is today. Not only will organizations be leveraging cloud and SaaS applications for more of their workloads, they’ll also be increasingly at risk if they do not have proper backup and recovery solutions in place including backup for Microsoft 365, or backup for Google Workspace which protect some of the most business-critical SaaS data environments.
IDC research suggests that businesses have adopted the cloud at a faster rate than they’ve invested in cloud and SaaS data protection. As a result:
Recent cloud security research from SentinelOne indicates that 83 percent of organizations suffered a cloud data breach in 2025.
The HYCU State of SaaS Resilience Report 2025, as reported by StorageNewsletter, shows that 70 percent of businesses using SaaS applications have suffered SaaS data loss.
74 percent said they don’t have offsite protection for their SaaS data
Determining the cause of your data loss is an important part of preventing it in the future. When it comes to SaaS backup, there are many potential causes.
As noted above, the same research cited by The Hacker News indicates that 50 percent of respondents experienced malicious data deletion, while 36.7 percent suffered a ransomware attack, with accidental deletion (34 percent) and application misconfigurations (30 percent) also contributing significantly to SaaS data loss.
With the majority of businesses adopting SaaS apps, your data can be lost for any one of the reasons above. That’s why it’s important to have a SaaS backup solution in place to protect your data from everything listed.
The chart above breaks down which types of data are lost most frequently from SaaS applications. But do you know which types of data your business is actually protecting with SaaS backup?
Full visibility into your SaaS environment is one of the best ways to understand which pieces of data are exposed to loss. Businesses that deploy SaaS protection were most likely to report that they backup email and contact data from email clients.
However, they’re also less likely to backup calendar events, files on shared drives, or team chat/collaboration data. Omitting certain data from your SaaS protection strategy could leave your organization vulnerable in the event that you need to recover these types of data.
If someone has obtained your backup credentials, they can use those credentials to access the data themselves. Allowing your credentials to be exposed will drastically increase the chances they'll be stolen.
According to office security research from Sentry Tech Solutions and subsequent password hygiene research from Keeper Security, many companies still have sticky notes out and passwords in their heads. In fact, only one in three employees solely rely on password managers to store their passwords.
We already mentioned that many businesses lack visibility into the types of data they have at risk. IT teams also often lack visibility into whether or not their backups are successful.
Whether companies think they are protecting structured data, unstructured data, or both, IT professionals still see little visibility into backup success rates, new research revealed by The Hacker News shows. 35% percent of surveyed professionals said they don’t know if backups are succeeding.
Backup monitoring solutions can automatically notify and alert IT admins about backup status so they can stay on top of backup health. Some organizations don’t appear to have a data protection solution with this capability, or they’re just not using it.
Not only are attacks and data loss events occurring frequently in the cloud, but when they do occur businesses are reporting very poor recoverability from these incidents.
Findings cited by The Hacker News reveal that only 14 percent of IT leaders are confident in recovering critical SaaS data within minutes, while 25 percent say recovery would take days.
25 percent said recovery would take days
And given that IBM research cited by Northdoor estimates average downtime costs at more than $300,000 per hour, such delays can have a significant negative impact on the business.
As more time is spent on managing backups, confidence in data protection is decreasing.
Confidence in data protection continues to decline: analysis highlighted by The Hacker News shows that only 40 percent of businesses feel their critical data is safe from loss, while earlier research published by Databarracks found that 50 percent of organizations described themselves as “very confident” in their backup and recovery capabilities just five years ago.
I’d say that’s cause for nightmares. Despite investing more resources in backup and recovery solutions businesses experience lower confidence in their ability to achieve recovery objectives.
Fines for data breaches are just one potential financial consequence of data loss. Organizations are also risking heavy compliance fines as a result of data protection failures.
This is in large part due to newer regulatory standards like DORA and NIS 2 that will really ramp up in 2026. At this point, regulators are less concerned with passing legislation, and more focused on enforcing it through audits, supervisory reviews, and fines for non-compliant organizations.
Under DORA, regulators can levy fines of up to 2 percent of annual revenue and, as noted by Grant Thornton and regulation-dora.eu, may also hold business leaders personally liable.
Many of the older compliance regulations focused primarily on ensuring businesses took reasonable measures to prevent cyberattacks and data leakage. But the newer regulations have broader scopes that include data backup and recovery. Failure to prepare for disaster scenarios could result in fines under these regulatory standards.
Logic would suggest that if IT teams are struggling to effectively backup their data that they’re not spending enough time on it. But it appears the opposite is true.
Backup management now takes up at least ten hours per week for half of IT professionals, nearly twice as much time as two years ago, and industry research referenced by TPx estimates this effort costs organizations around $25,000 per year in average salaries. (IT professionals earn about $100,000 per year on average)
So what’s the solution? Improve backup efficiencies so that your backups aren’t taking up so much of your IT team’s time. Backup automation is one method that can help IT teams regain control of their time.
It probably doesn’t help that so few businesses have updated their backup and recovery strategy over the past five years either.
“We’re seeing workloads moving to cloud at scale faster than ever, as well as broader adoption of cloud-native applications and technologies across industries. However, MSP Success shared industry insight that 28% of organizations have not changed their backup and recovery strategy in the last five years,” said MSP Success.
If your backup and recovery strategy hasn’t kept pace, it won’t be ready to support your IT team’s demands.
The majority of organizations want to upgrade their backup providers in the next year.
Looking ahead to 2026, industry insights cited by MSP Success show that 73 percent of respondents plan to switch backup vendors, with cost cited as the primary driver behind these decisions.
However, they also noted that they need backup solutions that can do more than just meet their backup needs. Features like disaster recovery testing, recovery automation, and backup orchestration were also highly desired.
The current data protection requirements have left legacy backup tools inadequate for modern business needs. They will identify suitable data protection tools that surpass their requirements through the evaluation of new data protection solutions.
Data breaches are going to continue happening – that’s an inevitability. But the organizations that can improve their recovery capabilities will be the ones that survive.
As the above statistics demonstrate, businesses simply aren’t confident in their current data protection programs. But that could change if they implemented best practices like automated backup, backup reporting, and recovery testing.
When companies automate backup and recovery operations they can reduce expenses while enabling IT professionals to concentrate on more essential responsibilities. But not all data protection vendors enable this type of functionality, which is why it’s encouraging to see that most businesses plan to evaluate a new backup solution this year.