The State of Disaster Recovery Preparedness 2026

Disaster recovery (DR) is no longer a back‑office function — it is essential to keep the business running in the face of constant disruption. As technology stacks grow more complex and recovery expectations accelerate, DR practitioners are becoming creative problem-solvers, adapting to new platforms, architectures, and failure modes. While many organizations now position DR as a strategic capability tied to enterprise risk management, readiness remains uneven. Drawing on insights from Forrester’s 2025 survey with the Disaster Recovery Journal, this report examines how DR programs are evolving, where gaps persist, and what it takes to meet modern resilience demands.

Disaster Recovery Preparedness Is Evolving, But Many Aren’t Confident

DR capabilities continue to make up a significant element in enterprise resilience strategy, but the technology stack is under rapid evolution first with cloud and now with AI. Forrester and the Disaster Recovery Journal (DRJ) have partnered to field market studies in business continuity and DR, gather data for benchmarking, and guide research and publication of best practices for the industry. This study, which focuses on DR preparedness, was first fielded in fall 2008, and we update it every two years to assess how DR preparedness is addressing challenges.

We designed the 2026 study to assess confidence in DR strategy; drivers fueling improvements in DR preparedness; practices regarding DR program governance, planning, plan maintenance, and testing; ways organizations provision and architect their data center recovery sites; recovery objectives and technology adoption; the continued need to scope cloud-native, SaaS, and third-party technology services as part of DR planning; and the emerging impact of generative AI on workloads which must be protected and on enterprises’ ability to execute DR strategies. We surveyed 74 respondents who indicated they had a DR program and completed the survey. We detail the survey methodology in the supplemental material section of this report, and our most important findings follow.

Most Businesses Have A DR Function

Our 2026 survey responses show businesses recognized the need for a DR strategy and capabilities, with more than 75% reporting some type of formal DR program and an additional 16% indicating an intention to implement a DR program in the next year. Only about half of respondents planned for DR at the enterprise level in a centralized program, and 6% of respondents planned for DR in localized silos (see Figure 1). The survey also found 66% of respondents allocated between 0% and 10% of their total IT budget to DR, with 34% spending more (see Figure 2). When examining related responses across the survey, higher DR spend alone did not align with higher confidence in preparedness. Notably, respondents reporting greater preparedness confidence more frequently cited the use of automation, more frequent planning updates, and regular testing, suggesting execution discipline may matter more than budget levels alone.

Disaster Recovery Is Largely An I&O Function with Executive Oversight

Because DR is highly technical, it remains largely IT led: 47% of respondents said the head of DR sat in infrastructure and operations (I&O) (see Figure 3). Security ownership increased to 21%, signaling growing emphasis on cyber recovery. DR programs also reported higher in the organization, with 59% reporting directly to a functional C‑level executive and another 24% reporting one level below (see Figure 4). Alignment with enterprise risk management (ERM) is strong, with 6% reporting via a dotted line, 15% reporting directly, and 45% working closely with ERM (see Figure 5). Together, executive‑level oversight and ERM alignment indicate DR is increasingly being treated as a strategic function with greater authority to act.

DR Planning and Practices Leave Many Unprepared

About 42% of survey respondents reported having a significant disaster, outage, or business disruption in the past two years. Additionally, fewer than 40% of respondents felt very or extremely prepared to deal with a site failure or disaster (see Figure 6). Forrester found that:

• Business impact analyses (BIAs), risk assessments, and DR plans need attention. Roughly 59% of respondents updated DR plans annually, with another 35% updating more frequently (see Figure 7). Risk assessments and BIAs followed similar update patterns. Fewer than 20% of respondents updated these three aspects of risk and recovery planning twice a year or more frequently. In a business climate defined by rapid technology change, long planning and update cycles increase the risk organizations are unprepared for disruptions involving new platforms, services, or emerging threats.
• DR readiness dashboards remain poorly adopted. Despite increased operational resilience requirements and more tool availability, only 32% of respondents reported having a dashboard to indicate recovery readiness for their organization (see Figure 8). Without effective resilience reporting, identifying and prioritizing gaps in the DR program becomes significantly more difficult, particularly as environments grow more distributed and complex. Businesses seeking enhanced DR capabilities should be testing DR plans and correlating service health metrics in real time to ensure SLAs for recovery can be met. Backup, risk management tooling, and resilience orchestration vendors have been adding readiness dashboards that report on infrastructure health, test network connections, and estimate recovery time objectives for named workloads according to the estimated time to execute a recovery plan.

DR Site Preparedness and Failover Testing Lack Scope and Frequency

A key component of DR preparedness is having an alternate site to launch workloads in the case of failure. Those DR sites are usually prepopulated with replicated data, virtual machine or container images, and the relevant automation to orchestrate failover in the case of crisis. Public and private cloud technologies have reduced the need for dedicated DR sites, with many businesses implementing disaster-recovery-as-a-service strategies which use precached data, infrastructure-as-code (IaC) automation, and pilot light infrastructure to minimize resource utilization until the point of failover.

• Most businesses have at least one DR site. Sixty-three percent of enterprises had at least one DR site, with 30% of respondents having more than one (see Figure 9). However, increased use of cloud and SaaS means site-to-site failover does not address many core workloads. Additionally, given around 50% of organizations have an enterprise-wide DR program, many organizations may not provide resilience for core applications that are not visible to their DR planning functions. Based on direct conversations with DR leaders, issues related to poor criticality mapping, cost, and capacity planning reduce effectiveness of current DR site investments.
• Failover isn’t tested frequently enough. Forty percent of respondents reported their organization did a partial or full failover to their DR site (see Figure 10). Many organizations only test component-by-component DR failover, which doesn’t replicate actual failure scenarios when an entire datacenter may be affected at once. Composable architectures like microservices also increase complexity, making component tests difficult, and can spread the blast radius of failure far beyond an isolated infrastructure environment. DR leaders should at least annually do a full scenario according to their DR runbooks and additionally test after major infrastructure or platform changes to ensure existing DR plans are still relevant.

Modern Workloads Are Forcing a Rethink of Traditional DR

As enterprise architectures shift to SaaS, cloud-native platforms, and emerging workloads like Kubernetes and AI, DR strategies are being stress-tested in new ways. Survey results not only show progress in expanding DR scope beyond traditional infrastructure but also expose gaps in maturity, consistency, and confidence — particularly for SaaS and complex cloud dependencies. The following sections highlight where adoption is strongest, where practices are evolving, and where DR teams still face the greatest resilience challenges.

• Enterprise SaaS adoption is high, making it a priority for DR planning. More than 94% of respondents indicated they were using Microsoft 365, Google Workspace, Salesforce, or other enterprise SaaS tools. Furthermore, 93% of respondents considered all or some SaaS platforms in their DR planning. Even though leading SaaS platforms offer a robust backup ecosystem, SaaS resilience varies widely by application. Backing up SaaS data can be challenging, and true operational resilience requires far more than backup alone. Forrester’s “How To Create A SaaS Application Resilience Strategy, 2026” helps document strategies for recovery and resilience for SaaS applications and explains the reasons why enterprises should build a separate strategy for SaaS application resilience.
• DR for cloud workloads is maturing slowly. Cloud disasters typically take the form of service outages or degradation, with complex downstream impacts driven by cloud interdependencies. In 2025, prolonged outages at Amazon Web Services (AWS), Azure, and Cloudflare underscored this risk for organizations incorporating public cloud workloads into DR planning. Within this group, most respondents rely on intraprovider resiliency mechanisms such as failover between availability zones, with very limited use of cross‑cloud failover. A key challenge for cloud workloads is understanding both their risk exposure and the built‑in resiliency of cloud services. The October 2025 AWS US‑East outage showed how hidden dependencies, service concentration, and technical debt – amplified by hyperscaler automation – can trigger regional failures. Mitigating these risks requires rethinking DR and adopting resilience‑focused practices such as site reliability engineering (SRE), platform engineering, IaC, and chaos engineering.
• Resilience-oriented operations practices are gaining traction. Practices such as SRE, platform engineering, IaC, and chaos engineering are well established in cloud‑native environments and beginning to appear among a small subset of organizations managing on‑premises workloads. Forrester’s “The State Of Cloud Resilience, 2026” found practices like SRE and platform engineering are gaining traction, especially to improve workload stability and avoid potential outages. While only a limited number of survey respondents reported adopting these practices, their use directionally correlated with more frequent testing and higher self‑reported recovery readiness.
• Address the DR gap in both Kubernetes and AI workloads. Survey questions related to Kubernetes and AI workloads received very few responses, suggesting either limited adoption, limited visibility within DR teams, or uncertainty about how these workloads are currently addressed in recovery planning. Forrester’s surveys show a vast majority of enterprises use Kubernetes for mainstream enterprise workloads. But container-based architecture presents specific challenges for DR, especially for synchronous replication topologies. Fewer than one-third of respondents chose to respond to Kubernetes- and AI-related questions, suggesting limited adoption, limited visibility within DR teams, or uncertainty about how these workloads are currently addressed in recovery planning.

Supplemental Material

The State of Disaster Recovery Preparedness 2026 survey was fielded globally to IT, DR, and risk professionals with affiliations to Forrester Research and the DRJ as well as to a randomized list of IT, DR, and risk professionals. Additionally, on LinkedIn and Twitter, we solicited responses from technology professionals with responsibility for DR planning. This process generated a total of 95 responses, with 74 indicating they had a DR program and completed the survey. Analysis in this report focused on respondents who completed relevant sections of the survey questionnaire.

In this survey:

• Twenty-nine percent of respondents were from companies that had 0 to 999 employees (which Forrester defines as small and medium-size businesses); 27% had 1,000 to 4,999 employees; 27% had 5,000 to 19,999 employees; and 17% had 20,000 or more employees.
• All respondents were decision-makers or influencers on their planning and purchasing technology and services related to DR.
• Respondents were from a variety of industries.

One part of the response set for this study was solicited from a select group of respondents (predominantly DRJ members and Forrester clients) and is therefore not random. These respondents are more sophisticated than the average. They read and participate in business continuity and DR publications, online discussions, etc. They have above-average knowledge of best practices and technology in business continuity/DR. A second set of respondents was solicited based on their professional title in IT, DR, or risk management; this list was randomly generated. Additional responses were solicited via social media on LinkedIn and Twitter for a semirandom response set. With a combination of random and nonrandom responses, the survey serves as a valuable tool in understanding where both advanced and average users are today as well as where the industry is headed.

Special thanks to Lauren Nelson, Amy DeMartine, Samishti Bhatia, and Kara Hartig of Forrester Research for their contributions.

ABOUT THE AUTHOR

Brent Ellis

Brent Ellis is a principal analyst with Forrester Research. He is focused on helping clients find solutions to hard problems like technology resilience, hybrid cloud storage platforms for AI, and modernizing legacy workloads to unlock business agility. Ellis brings infrastructure and operations experience, empathy for the human elements in technology deployment, understanding of business contexts, and curiosity to every engagement.