Data breaches have been part of our daily vernacular for some time now, but never has the business impact of IT failure been felt as profoundly as it has in the past 12 months.

Target’s Gregg Steinhafel became the first Fortune 50 CEO to lose his job as a result of his company’s failure to protect its customers’ data, following the theft of 40 million payment card numbers and the personal details of 70 million people. Target reported that the gross expenses resulting from the breach would exceed $235 million – a staggering burden for shareholders, to match the misery of its customers – and that’s not to mention the estimated $200 million cost to credit unions and community banks for reissuing 22 million bank cards in the aftermath of the incident.

More recently, JPMorgan disclosed that the names, addresses, telephone numbers and emails of 76 million households and seven million small businesses had been compromised by another significant cyber-attack – one that began in June but wasn’t discovered until a month later.

In an environment where our dependence on digital technologies and applications has never been greater, and where the impact of digital failure has never been more important, EMC is today releasing a study into businesses’ data protection readiness around the world that shows that we are continuing to make fundamental mistakes.

The core numbers themselves may – or may not – shock you: the average enterprise is losing 2.33TB of data; suffering an average of 25 hours of downtime; and incurring associated costs at an average of $1.89 million each, every year. (In my view, that $1.89m cost-figure is far lower than what many businesses will be experiencing in reality: if you lose the wrong type of data, or if that data is unavailable at the wrong moment, $1.9m would quickly start to look like small-change.)

But think of this from the consumer’s perspective, for a moment. Your typical end-user – whose expectation will be that none of the data he entrusts to a business will ever be mishandled or misplaced – may be very surprised to learn that the average business is losing 2.33TB, the equivalent of 24 million typically-sized emails, every year. And that’s just what they’re admitting to losing…

What is clear is that, while businesses are looking ahead to the 3rd Platform world of hybrid cloud, big data and mobile data, they have lost sight of the basics and of what’s important. Today’s data protection infrastructures are still not fit-for-purpose – let alone ready to absorb the emerging imperatives.

Why? The reality for many companies is that, due to legacy investments made over several years, they are using technologies from multiple vendors to protect their data, inevitably creating overlap in some areas and gaping holes in others. EMC’s study found that businesses using three or more vendors in this way have lost three times as much data – and were likely to have spent an average of $3 million more on their data protection infrastructure – as those who used just one. No surprise, then, that nearly three-quarters of respondents doubt their ability to fully restore all their data after an incident.

Before we get ahead of ourselves, therefore, businesses first need to get their 2nd Platform houses in order: this will continue to comprise the majority of business’ information for some time to come, and making the smart decisions to ensure that this is a robustly-dependable bedrock is non-negotiable before future challenges can realistically be considered.

Secondly – and speaking of the need for smart decisions – the study reinforces the fact that, once again, businesses in our part of the world are often failing to pursue and achieve excellence in their IT investments. Organisations in China, Hong Kong, Indonesia, Singapore and the US demonstrate the most mature data protection strategies, a picture that roundly underscores the latest IT spending projections from IDC: EMEA’s IT spending is set to grow at an anaemic 2.1% this year – half the global average – and at 5.9% over the next three years compared to a global average of 12.3%, far behind the 23.5% growth forecast in Asia-Pacific and Japan.

Clearly, it’s no longer a case of the money not being there: this is a question of leadership, and of prioritisation: of today’s Europe/Middle East/African business leaders generally failing to make the necessary strategic investments in a world in which IT’s importance in representing entire brands and their overall businesses is growing by the day.

This is a picture which should concern us all. Holding back while disruptive competitors focus on building long-term performance, agility, efficiency, availability and scale into their infrastructure – positioning themselves for aggressive growth – is not an option. If EMEA businesses are to avoid finding themselves lagging behind the global competition, smart and decisive leadership will be key.