Keepit, a cloud-native data protection provider, published its Keepit Annual Data Report 2026, examining the evolving complexities of recovery readiness in the SaaS environment. As reliance on SaaS platforms increases, the report provides insights into how organisations approach and develop their data recovery practices.
Based on data from Keepit’s production backup environment, the report highlights a range of recovery behaviours across organisations of different sizes. Smaller organisations often face more challenges with recovery, while larger enterprises demonstrate higher levels of operational maturity through more frequent and structured recovery testing.
Nine out of ten enterprises have validated bulk recovery processes, indicating a level of disaster recovery preparedness.
Identity systems are tested four times less frequently than productivity systems, suggesting potential exposure due to their critical role across SaaS environments.
Around 90% of restores are single file downloads, reflecting the prevalence of smaller-scale data loss incidents and the use of targeted recovery methods by administrators.
High-profile outages did not lead to a noticeable increase in recovery testing, indicating that visible disruptions do not always translate into changes in recovery validation practices.
The data indicates that organisations are actively using backup systems to develop recovery maturity, with larger enterprises more frequently validating bulk recovery operations.
The report also notes that effective recovery is generally achieved through consistent practice rather than reliance on tools alone. It highlights the importance of routine, repeatable recovery processes supported by structured testing and guided recovery to support accurate data restoration under operational pressure.
Everyday restore activity is identified as a key contributor to building organisational confidence and recovery capability. However, while single-file restores are common and useful, they are described as an initial stage of readiness rather than full validation for large-scale incidents. The emphasis is placed on standardised and repeatable recovery processes to support resilience.
The findings are based on observable behavioural data, including restore frequency, restore types, and user activity across different segments. The analysis does not rely on surveys or self-reported responses.
The report covers data collected throughout 2025 across regions including Denmark, Germany, Switzerland, the United Kingdom, the United States, Canada, and Australia. It presents insights intended to support organisations in reviewing and developing their recovery approaches within a changing digital landscape.
