According to a study of UK business leaders, conducted by internet provider Beaming, companies are failing to follow best practices when it comes to protecting their data against hardware failure or cyber attack.
Most worryingly, the survey showed that 17% of all respondents do not back up their business data at all, with the only official copy residing on the individual system it was created on.
Sole traders and micro-businesses of less than 10 people are most at risk - 20% and 10% respectively say they keep no back-ups - while the figure plummets to 2% for medium businesses of between 50 and 249 employees.
However, almost 50% of survey respondents said that their back-ups were kept on a separate system within the same office - indicating a troubling lack of disaster recovery plans, the study claims.
Extrapolating the findings to reflect the UK Government's figures for the number of businesses in Britain, Beaming claimed this implies that around 3.8 million businesses are not adhering to best practices.
Beaming managing director Sonia Blizzard said: "Our research shows that almost 4 million UK businesses are vulnerable to data loss from single events and could potentially become unable to operate. Most businesses, particularly at the smaller end, don't do enough to safeguard their information."
This figure was relatively consistent across all company sizes; 42% of medium-sized businesses admitted to keeping no offsite back-ups, as did 30% of large companies with at least 250 employees.
This contradicts guidance from the National Cyber Security Centre (NCSC), which advises that back-ups should not be accessible to staff or connected to the system housing the original data. Ideally, they should also be in a separate physical location to the system of origin.
It also leaves businesses open to malware. Ransomware infections, for example, can often spread through the network to other machines. If the system on which your backups are stored is on the same network as the rest of your IT, this means that your backups could become infected as well.
Of the businesses that do make use of offsite backup services - around 21% of respondents - the method varies depending on company size. Small, medium and large organisations tended to prefer external data centres and co-location facilities, while sole traders and micro-businesses were more likely to go for a cloud-based option.